-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> [...]
> I think this is good general practice of sysadmin to ensure
> everything on a linux system that is not needed should be removed,
> restricted or disabled (services, users, dir permissions). As we see
> here, it seems Puppet can not fullfill this need, except by listing
> explicitely and exhaustively what needs to be or not be activated for
> each node. So of course, one way or another, there is a place where i
> need to tell what should be stripdowned. But i want it to be accepted
> as the default -state- of the node, unless specified otherwise by
> including a class which redefines some of the ressources that need to
> be activated. I do not want my nodes.pp to be 1000000 lines and
> unmaintanable.
How about doing it the other way round? Generally include the
stripped-down classes and then include additionally per node the mysql
class which inherits the stripped down class but overwrites the
resources to manage mysql:
node default {
include configsets
}
node mysqlserver {
include configsets::mysqlserver
}
class configsets {
include mysql::server
}
class configsets::mysqlserver {
include config
include mysql::server::present
}
class mysql::server {
package{'mysql-server': ensure => absent }
service{'mysql-server':
ensure => stopped,
enable => false,
require => Package['mysql-server'],
}
}
class mysql::server::present inherits mysql::server {
Package['mysql-server']{ ensure => installed }
Service['mysql-server']{
ensure => running,
enable => true,
}
file{'/etc/my.conf':
source => "...."
notify => Service['mysql-server'],
}
}
Naming convention could be better, but I think this should generally
work. You simply include every resource you manage in the general class
configsets, which gets applied to every node (also due to inheritance,
reinclusion) but include the "present" class in nodes that need it.
> I do not want my nodes.pp to be 1000000 lines and unmaintanable.
I would generally avoid putting too much into nodes. My nodes look like:
node default {
$some_var_1 = 'aaa'
$some_var_2 = 'bbb'
include configsets
}
node foobar {
$some_var_1 = 'foo'
$some_var_2 = 'bar'
include configsets::foobar
}
And all the actual service includes are done in the module called
configesets, which can have further abstraction like node-types, i.e.
physical nodes (class is included depending on the virtual fact) etc.,
inheritance and so on.
Did I miss some circumstances why this shouldn't work?
cheers pete.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAksp8QQACgkQbwltcAfKi383ZwCdHOZO8yYdo6zooR07tgy5OE7/
ZhgAoJzWrZoO2ikcrO/ZRJVLE/fPcufr
=/lYm
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
