Forum: Cfengine Help
Subject: Re: Cfengine/puppet choice
Author: kholloway
Link to topic: https://cfengine.com/forum/read.php?3,18633,20811#msg-20811
I'm in Minnesota so not close to you folks but we did meet briefly at LISA 2010
in San Jose and I attended your CF3 tutorial (you did a great job presenting by
the way).
I asked a few questions specifically about better zone support for Solaris and
some bugs we encountered, you had good answers and helpful suggestions for my
questions so thanks for that!
I like to share examples of stuff so no problem at all (even though these
particular examples are are taken from both CF3 docs and Puppet docs).
I have some more complex stuff in CF3 in regards to system services and
packages as I had to roll my own (for Solaris) since the built in stuff didn't
quite do what I needed or was missing full support for Solaris Zones (better
zone support is in the pay version of CF3).
If anyone want's to see that stuff I can post that also separately and
unrelated to this thread.
The (fairly simple) example below shows how to add a cron job in both CF3 and
Puppet, something we all tend to do on our systems. :)
For CF3 I need to have the standard lib.cf file or have written the
'append_if_no_line' portion to accomplish my goal, for Puppet I just need the
application installed.
Both examples assume a standalone/single host run for simplicity.
Note that my CF3 example is *very* Solaris 10 specific, if I managed a Linux
based host and ran this example there it would fail but with Puppet this
example has the same outcome on both a Solaris 10 host and Linux host without
me doing any extra work.
To remove this cron job in Puppet you change the ensure line to equal 'absent'
and it cleans up the cron entry and it's related comment line.
You can also now refer to the cron job for other Puppet rules later on by
simply saying something like 'require => Cron['manual-puppet']' when defining
something else OR you can inherit it's parent class and override or change
portions of it for a specific host.
I also never need to know what the cron job looks like or how it's setup beyond
it's reference name when/if I have to access it in a later class or as a
dependancy.
In cron you end up with a comment line for each job that Puppet controls that
looks like '# Puppet name: shortname' so we know that it belongs to and is
controlled by Puppet.
In CF3 we use edit_files functions (or write your own) and either match the
cron job exactly or use regex to match for it and then insert/replace.
If I go look at my crontab entry I won't see any indication that CF3 put it
there and manages it which sometimes results in duplicates (yes I could put a
comment line in above it but that's even more lines of stuff to write,
especially when you try to clean it up later).
Many of the struggles and problems we encountered with CF3 were around the
edit_files features and trying to accomplish fairly standard systems tasks
(edit cron, change a value in a config file, etc).
It's powerful (edit_files), almost too powerful and is incredibly easy to shoot
your self in the foot with when you first start using CF3.
-----CF3 (append_if_no_line from CFEngine standard library)-----
body common control
{
bundlesequence => { "main" };
version => "1.0";
}
bundle edit_line append_if_no_line(str)
{
insert_lines:
"$(str)"
comment => "Append a line to the file if it doesn't already exist";
}
bundle agent main
{
vars:
"cron_tab_line" string => "15,45 * * * *
/var/cfengine3/bin/cf-execd -F >/dev/null 2>&1";
files:
"/var/spool/cron/crontabs/root"
comment => "Add CF3 to cron",
edit_line => append_if_no_line("$cron_tab_line"),
classes => satisfied("restart_cron");
commands:
restart_cron::
"/usr/sbin/svcadm restart svc:/system/cron:default";
}
-----PUPPET Example-----
cron { "manual-puppet":
command => "/usr/local/bin/puppet agent --onetime --no-daemonize
--logdest syslog > /dev/null 2>&1",
user => "root",
hour => "*",
minute => [15, 45],
ensure => present,
}
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
