On Sep 8, 2010, at 7:20 AM, Martin Langhoff wrote:
> Hi Puppet Users, Hi Luke,
>
> Happy to find myself here. I am an old ISConf user -- Luke might
> remember my random questions back in the infrastructures / isconf list
> -- and have been developing the School Server ("XS") for OLPC for a
> while (and lately doing a dozen more things at OLPC which has shrunk
> my XS time).
>
> Writing here because my original intention with the XS was to dust-off
> some ISConf concepts and have a minimalistic modern implementation of
> something isconf-ish that should integrate well with package mgmt
> tools (dpkg/apt, rpm/yum). By the time I managed to look at the
> situation, I was very happy to find Luke had done something similar
> (but much better than I'd be able to) -- Puppet!
>
> [ Did I say THANKS!? Should say it lots, and often. ]
>
> So I've just been working with a deployment team in the field, and
> working through the Puppet docs, defined an initial configuration
> strategy, and rolled out the puppet client to the initial 10 XSs (soon
> to be joined by approx 800 more).
>
> I have a series of questions, coming from an old hand in terms of
> config mgmt, but absolutely new to Puppet. Happy to RTFM, or to code
> what's missing; pointers welcome. In many cases I might be missing the
> right terminology for things in puppet-land.
>
> Your help is appreciated. Just in the deployment above, the "userbase"
> for this infra is 50 000 children with XOs. Demanding userbase, let me
> tell you... but they sure know how to say thanks, and how to get a lot
> from what we put into it :-)
>
> First, I'll confess to some oddities in our usage:
>
> - All our nodes are identical (for the purposes of Puppet anyway --
> differences are handled by code installed on the node).
>
> - Currently our nodes run Fedora 9, with an old (0.24.x I think)
> Puppet. And update is in the works, but bear in mind for my questions
> later...
>
> - Some of our nodes are behind NAT... multiple layers of it sometimes.
>
> - Some of our nodes have no WAN/Internet -- questions to follow on this. -
>
> =Questions=
>
> 1 - With a high number of identical nodes, we are very precious about
> deploying the exact same sw package (rpm in this case) to all nodes.
> Can I declare an exact rpm version/revision in a packages[] section?
> Can I later update it with a later version and will it know to upgrade
> via yum?
You can, but this is usually a way to cause yourself a lot of pain. Creating a
custom repository mirror and doing stuff with that is probably simpler.
> 2 - Can I say "install this shellscript and run it once"? How?
How bad is running it a second time? Does it just take a long time or destroy
the system if run a second time?
> 2a - Is there an ISConf-like facility that says "run it until it
> succeeds once"? [ Happy to use Makefiles, but if there's a
> Puppet-supported elegant way of doing it... ]
Sometimes you can check to see if it succeeded by using the exec parameters
"creates" or "unless". Is there a simple command you can run later to see if
it worked, or a file you can check for the existence of? If that fails, you
"/var/lib/mypuppetstate" idea sounds good, but again, at east consider what
happens if you lose power in the middle of a command.
> 4 - Can the clients send a "deployed configuration successfully" msg
> to the server, so we keep a tally of
>
> - clients seen recently
> - success vs failure in deployment of latest config
> - what clients are failing or behind in their sync
> 6 - For disconnected configuration clients -- is there a way to tell
> the puppet client: the puppet config of the server is available to you
> on file:///media/usb/puppetconfig ? The XS already has a mechanism
> that can guarantee the integrity of files coming from the sysadmin
> team (so only "signed" files are accepted over usb).
Puppet is made to be able to apply a config in a local directory. Take a look
at the "puppet" command. Hooking that into cron should be pretty trivial.
> That's all -- Thanks in advance for your help.
>
> Are these very odd questions?
I thought the USB one was strange.
> cheers,
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
