Ohad, I have been doing some thinking about this as well. I can definitely see situations where I need a "cap shell" type of approach to push a single change or something else, but usually those are for administration needs. Now feel free to correct me if I am wrong, but puppet's whole goal is to alleviate you from having to perform those mundane tasks. Again as I see it, if you cant wait a few minutes for changes to go out, then well, its obviously an emergency and usually the best route is direct access.
My next question is, is there a way you can enable listen on the clients, define a schedule that keeps puppet from running (hack hack hack) and then cron/schedue things on the puppetmaster side to do puppetrun against "groups" of clients you have in a classification tool or something. Anyway, food for thought. Also, whatever happened to that cobbler/puppet related tool you were talking about a few months back? -Jason On Apr 1, 2009, at 6:36 PM, Ohad Levy wrote: > Hi All, > > I've been trying to address the issue of when (once in a while) you > need to push something to a client now, cant wait 30 minutes, or its > a one time action. > > The first path I went though was though was to consider something > like puppetrun, and as we don't run puppetd as a daemon (running it > from cron due to large memory consumption while idle), I went > forward and implemented a basic daemon which uses puppet > certificates (no need for ssh or anything else) infrastructure to > kick in puppetd --onetime. > > nevertheless, I realized that this would not solve all of my > problems, many times, one needs to perform an action once, a good > example could be package updates, or maybe you have an application > "downtime" where you want to restart a service, or just reboot the > server. > another good reason against it, is when you have a fairly large > amount of nodes, calling all of your clients to recompile their > configuration in a short time frame, is usually leading to a > puppetmaster which is unable to perform, using tags for this special > onetime puppetd run can help with file requests, but it is still > something that the puppetmaster usually cant handle. > > until now, I was using puppet for deployment, configuration, and > making sure that everything stays that way, but I'm still using ssh > for everything else, I wasn't too happy about it, so I had a look on > func, which also seems very nice, has its own certificate (even due > you could reuse the puppet certificates) and a small daemon that you > can run commands / modules though, but this requires yet another > daemon, another language (in this case its python / shell and not > puppet dsl) etc... which leads me to my question: > > Why Puppet cant have a push directive as well? obviously we already > have the infrastructure to connect from the server to the clients > (e.g. puppetrun, or my xinetd version), we already have all of the > puppet types, so it should be easy to execute on a client (possible > today with ralsh or puppet directly) things like: > Service (manages restarts of services) > Packages (maybe something like ensure => latest for a one time > package upgrades) > Exec for custom scripts > ... > and maybe additional facts that could be executed only upon request > > later on, if you have storeconfig ldap or just pure yaml node files, > you can add grouping and other nice things.... > > Cheers, > Ohad > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
