Ask Your Question

Can agent hostname be checked with a master file before running the manifest?

asked 2014-08-02 11:59:59 -0600

littletaffer gravatar image

I've seen someone doing a check on whether an agent's MAC address is on a specific regular expression before it runs the specified stuff below. The example is something like this:

if $is_virtual == "true" and $kernel == "Linux" and $macaddress =~ /^02:00:0A/ {
    include nmonitor
    include rootsh
    include checkmk-agent
    include backuppcacc
    include onecontext
    include sysstatpkg
    include ensurekvmsudo
    include cronntpdate

That's just it in that particular manifest file.

I've been asked of whether can that similar concept be applied upon checking the agent's hostname with a master file of hostnames allowed to be run or otherwise.

I am not sure whether it can be done, but the rough idea goes around something like:

file { 'hostmasterfile.ini'
        ensure  => present,
        source  => puppet:///test/hostmaster.ini,
        content => $hostname

$coname = content

if $hostname == $coname {
   include <a>
   include <b>

To my knowledge, I have not seen any such sample manifest that matches the request. Whats more, it goes against a standard practice of keeping things easier to manage and not putting all eggs in a basket.

An ex-colleague of mine claims that idea above is self-provisioning. However that concept is non-existent in Puppet (he posed that question at a workshop a few months back). I am not sure how true is that though.

If that thing above can be done, any suggestion of how can it be done?


edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted

answered 2014-08-04 03:34:04 -0600

littletaffer gravatar image

updated 2014-08-04 03:36:05 -0600

If I am to try that method, one con of that approach would be that you need to create a pair of attributes for each of the VMs in a CSV file and the condition creating is something to be pondered upon for a while.

I'll still take that in consideration. Previously I've tried the Hiera method, but without success.

I've also tried and tested one method that another guy has also suggested:

$ini_data = file('/etc/puppet/files/test/hostmaster.ini')
$ini_lookup = regsubst($ini_data, "name=$hostname", '__FOUND__')

if $is_virtual == "true" and $kernel == "Linux" and $ini_lookup =~ /__FOUND__/ {
  <do your stuff here>

As a measure, there were two things that I did:

  1. In puppet.conf, the freeze_main flag is set to false.
  2. In the file that is being referred, I give something roughly like the following:

1:name= glpi-49 s2:name=mocha-test s3:name=timemachine

However, IMHO, I didn't feel comfortable of the approach because of the security risk. What's more, the issue of maintenance and isolating a separate node from a collective can become an issue very much later on, (it's like eggs in one basket) based from the experience of doing a one node per host name approach in separate environments at my other office's system.

I'll still keep this question open for the meantime.

edit flag offensive delete link more

answered 2014-08-04 04:07:44 -0600

spend gravatar image

updated 2014-08-04 10:52:53 -0600

IIRC if you create a simple list for the CSV file eg:


$fileres = extlookup("host2", "NotFound", "hostmaster")

will actually set $fileres="host2" so: if ( $fileres == $fqdn ) would do what you wanted?

I don't understand the comment regarding security, if that was directed at the suggestion I made. The extlookup CSV file security is pretty much as safe as any puppet config file AFIK; not just readable, but also owned by puppet, unlike if you use a plain file which puppet can read?

ETA: Sorry memory is failing me, I hacked a custom version of extlookup a few years ago & for some reason wanted to separate not found & nulls... pertinent changes were like this for my 'extralookup' function:

    # return just the single result if theres just one,
    # else take all the fields in the csv and build an array
    if result.length > 0
  +++    if result[0].length == 1 #trap [$key] only on line & return key
  +++      desired = key
  +++    end
      if result[0].length == 2
        val = result[0][1].to_s
  +++      if val == "" #trap [$key,] or [$key,""] on line & return key
  +++        val = key
  +++      end
edit flag offensive delete link more

answered 2014-08-04 06:57:26 -0600

mapa3m gravatar image

Self-provisioning is definitely possible with Hiera + client-defined Facts. Facter version > v1.7 will allow setting facts in /etc/facter/facts.d, which can then be used by Hiera to assign classes == self-provisioning. I would suggest taking this approach rather than trying to define a hostname list on a master.

Barring that, you can write a custom function in Ruby that will check the hostname against a list and return true/false

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2014-08-02 11:59:59 -0600

Seen: 731 times

Last updated: Aug 04 '14