On Thu, Apr 2, 2009 at 10:35 AM, Jason Rojas <ja...@nothingbeatsaduck.com>wrote:
> > Ohad, I have been doing some thinking about this as well. I can > definitely see situations where I need a "cap shell" type of approach > to push a single change or something else, but usually those are for > administration needs. sure, this are considered "emergency" or good response time to our customers. > > Now feel free to correct me if I am wrong, but puppet's whole goal is > to alleviate you from having to perform those mundane tasks. Again as > I see it, if you cant wait a few minutes for changes to go out, then > well, its obviously an emergency and usually the best route is direct > access. what happens if you have hundreds of clients that needs to be fixed? we had an issue a few months ago where nscd got crazy due to some bad ldap / tls response, we needed to restarted nscd on all clients.... > > > My next question is, is there a way you can enable listen on the > clients, define a schedule that keeps puppet from running (hack hack > hack) and then cron/schedue things on the puppetmaster side to do > puppetrun against "groups" of clients you have in a classification > tool or something. > I'm not really sure I understand your question, I can today use puppetrun (if running puppetd with listen option) or use my own version of mini puppet listener daemon to trigge a puppet run, but that will not solve my previous nscd example (it would make sure that nscd is running, which it is). more than that, if you need to compile configurations for 250 clients in a couple of minutes, with the current puppetmaster implementation, thats almost impossible (e.g. you really need a lot of mongrels / cores). > > > Anyway, food for thought. yep, thats the whole reason for this thread... > > > Also, whatever happened to that cobbler/puppet related tool you were > talking about a few months back? Its a live n kicking, my company still <sigh> discuss which open source license is the most risk free for us... > -Jason > > > On Apr 1, 2009, at 6:36 PM, Ohad Levy wrote: > > > Hi All, > > > > I've been trying to address the issue of when (once in a while) you > > need to push something to a client now, cant wait 30 minutes, or its > > a one time action. > > > > The first path I went though was though was to consider something > > like puppetrun, and as we don't run puppetd as a daemon (running it > > from cron due to large memory consumption while idle), I went > > forward and implemented a basic daemon which uses puppet > > certificates (no need for ssh or anything else) infrastructure to > > kick in puppetd --onetime. > > > > nevertheless, I realized that this would not solve all of my > > problems, many times, one needs to perform an action once, a good > > example could be package updates, or maybe you have an application > > "downtime" where you want to restart a service, or just reboot the > > server. > > another good reason against it, is when you have a fairly large > > amount of nodes, calling all of your clients to recompile their > > configuration in a short time frame, is usually leading to a > > puppetmaster which is unable to perform, using tags for this special > > onetime puppetd run can help with file requests, but it is still > > something that the puppetmaster usually cant handle. > > > > until now, I was using puppet for deployment, configuration, and > > making sure that everything stays that way, but I'm still using ssh > > for everything else, I wasn't too happy about it, so I had a look on > > func, which also seems very nice, has its own certificate (even due > > you could reuse the puppet certificates) and a small daemon that you > > can run commands / modules though, but this requires yet another > > daemon, another language (in this case its python / shell and not > > puppet dsl) etc... which leads me to my question: > > > > Why Puppet cant have a push directive as well? obviously we already > > have the infrastructure to connect from the server to the clients > > (e.g. puppetrun, or my xinetd version), we already have all of the > > puppet types, so it should be easy to execute on a client (possible > > today with ralsh or puppet directly) things like: > > Service (manages restarts of services) > > Packages (maybe something like ensure => latest for a one time > > package upgrades) > > Exec for custom scripts > > ... > > and maybe additional facts that could be executed only upon request > > > > later on, if you have storeconfig ldap or just pure yaml node files, > > you can add grouping and other nice things.... > > > > Cheers, > > Ohad > > > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---