Great explanation. Thank you very much.
On Tue, Feb 2, 2010 at 10:12 AM, Bruce Richardson <itsbr...@workshy.org>wrote:
> On Mon, Feb 01, 2010 at 05:30:47PM -0600, Anchi Zhang wrote:
> > Greetings,
> >
> > CFEngine 2 (not sure about 3) allows groups definitions such as
> >
> > groups:
> > ntp = { ntpserv1 ntpserv2 }
> >
> > and the ability to negate such as
> >
> > links:
> > !ntp::
> > /etc/inet/ntp.conf -> /etc/inet/ntp.client
> >
> > I was wondering how I would accomplish something like it in Puppet.
>
> Puppet really works very differently from cfengine and you have to think
> in different ways. CFEngine allows you to define arbitary classes
> (which means something different in puppet ;) ) based on any logical
> combination of already defined classes and to associate actions with
> classes. Puppet works with dependencies and it doesn't do groups (which
> in CFengine are actually just "classes" which are true if the hostname
> matches one of the strings in the given list).
>
> For the simple example you give above, you'd define an ntp class (puppet
> style) which created the link (and any other ntp configuration you
> require) and then in the node declaration for that host you would
> include the ntp class. You can still think of the ntp class as being a
> group, if you like, but you declare in the node which "groups" a host is
> in.
>
> There are a number of ways to implement group behaviour, though. One is
> to use case statements
> http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial#case-statement
>
> The problem is where to place such a case statement within your
> manifests; if it is included outside of a node declaration then it
> doesn't have any access to the variables and classes memberships
> declared in the node config. But if you put it in the node declaration,
> you have to make sure it is included in every node declaration
> (cumbersome, error prone and ever so slightly defeating the point).
>
> Another way is to use an External Node service.
>
> http://reductivelabs.com/trac/puppet/wiki/ExternalNodes
>
> This lets you store your host data in, for example, a Directory service
> like LDAP. Most such services will let you define groups where you can
> specify a list of nodes and when you then interogate the Directory
> service for details of an individual host (which is how Puppet needs the
> data), it'll give you back the group memberships as part of that. So
> you need to map groups in your directory onto classes in your Puppet
> config.
>
> This isn't exactly a lightweight solution either and is a lot of work if
> you didn't need this feature for anything else.
>
> There are other ways to do it, but they do mean working against puppet's
> design and it can be painful.
>
> FWIW, I really don't like the way nodes work in puppet and have been
> trying to work round that every since I started using it.
>
> --
> Bruce
>
> What would Edward Woodward do?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
