On Mon, Feb 01, 2010 at 05:30:47PM -0600, Anchi Zhang wrote:
> Greetings,
>
> CFEngine 2 (not sure about 3) allows groups definitions such as
>
> groups:
> ntp = { ntpserv1 ntpserv2 }
>
> and the ability to negate such as
>
> links:
> !ntp::
> /etc/inet/ntp.conf -> /etc/inet/ntp.client
>
> I was wondering how I would accomplish something like it in Puppet.
Puppet really works very differently from cfengine and you have to think
in different ways. CFEngine allows you to define arbitary classes
(which means something different in puppet ;) ) based on any logical
combination of already defined classes and to associate actions with
classes. Puppet works with dependencies and it doesn't do groups (which
in CFengine are actually just "classes" which are true if the hostname
matches one of the strings in the given list).
For the simple example you give above, you'd define an ntp class (puppet
style) which created the link (and any other ntp configuration you
require) and then in the node declaration for that host you would
include the ntp class. You can still think of the ntp class as being a
group, if you like, but you declare in the node which "groups" a host is
in.
There are a number of ways to implement group behaviour, though. One is
to use case statements
http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial#case-statement
The problem is where to place such a case statement within your
manifests; if it is included outside of a node declaration then it
doesn't have any access to the variables and classes memberships
declared in the node config. But if you put it in the node declaration,
you have to make sure it is included in every node declaration
(cumbersome, error prone and ever so slightly defeating the point).
Another way is to use an External Node service.
http://reductivelabs.com/trac/puppet/wiki/ExternalNodes
This lets you store your host data in, for example, a Directory service
like LDAP. Most such services will let you define groups where you can
specify a list of nodes and when you then interogate the Directory
service for details of an individual host (which is how Puppet needs the
data), it'll give you back the group memberships as part of that. So
you need to map groups in your directory onto classes in your Puppet
config.
This isn't exactly a lightweight solution either and is a lot of work if
you didn't need this feature for anything else.
There are other ways to do it, but they do mean working against puppet's
design and it can be painful.
FWIW, I really don't like the way nodes work in puppet and have been
trying to work round that every since I started using it.
--
Bruce
What would Edward Woodward do?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
