Maybe it's the purist in me, but I don't think emergency, one-off changes are what puppet is/was designed for. It's supposed to be a configuration management tool, and (using your example) firefighting death spiraling daemons is not a puppet task. (in my opinion) There are tools that are already designed for this, most of which have been mentioned.
I'd add that pdsh (parallel distributed shell -- https://computing.llnl.gov/linux/pdsh.html) is my tool of choice for massive site-wide fixes like you describe. As an example, I can do the exact job you explained of restarting a service across 400+ nodes in less than 20 seconds. It's a great tool, written for exactly the situation you describe. There's something to be said for having the right tool for the job, isn't there? I understand the want for a one-solution-fits-all approach, which is unfortunately typically fool's gold. There are existing tools to do what you're looking for much faster (efficient) than puppet ever could, given it's current design. My two pennies. --Bill On Apr 1, 6:36 pm, Ohad Levy <ohadl...@gmail.com> wrote: > Hi All, > > I've been trying to address the issue of when (once in a while) you need to > push something to a client now, cant wait 30 minutes, or its a one time > action. > > The first path I went though was though was to consider something like > puppetrun, and as we don't run puppetd as a daemon (running it from cron due > to large memory consumption while idle), I went forward and implemented a > basic daemon which uses puppet certificates (no need for ssh or anything > else) infrastructure to kick in puppetd --onetime. > > nevertheless, I realized that this would not solve all of my problems, many > times, one needs to perform an action once, a good example could be package > updates, or maybe you have an application "downtime" where you want to > restart a service, or just reboot the server. > another good reason against it, is when you have a fairly large amount of > nodes, calling all of your clients to recompile their configuration in a > short time frame, is usually leading to a puppetmaster which is unable to > perform, using tags for this special onetime puppetd run can help with file > requests, but it is still something that the puppetmaster usually cant > handle. > > until now, I was using puppet for deployment, configuration, and making sure > that everything stays that way, but I'm still using ssh for everything else, > I wasn't too happy about it, so I had a look on func, which also seems very > nice, has its own certificate (even due you could reuse the puppet > certificates) and a small daemon that you can run commands / modules though, > but this requires yet another daemon, another language (in this case its > python / shell and not puppet dsl) etc... which leads me to my question: > > Why Puppet cant have a push directive as well? obviously we already have the > infrastructure to connect from the server to the clients (e.g. puppetrun, or > my xinetd version), we already have all of the puppet types, so it should be > easy to execute on a client (possible today with ralsh or puppet directly) > things like: > Service (manages restarts of services) > Packages (maybe something like ensure => latest for a one time package > upgrades) > Exec for custom scripts > ... > and maybe additional facts that could be executed only upon request > > later on, if you have storeconfig ldap or just pure yaml node files, you can > add grouping and other nice things.... > > Cheers, > Ohad --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
