Ask Your Question
0

Can agent hostname be checked with a master file before running the manifest?

asked 2014-08-02 11:59:59 -0500

littletaffer gravatar image

I've seen someone doing a check on whether an agent's MAC address is on a specific regular expression before it runs the specified stuff below. The example is something like this:

if $is_virtual == "true" and $kernel == "Linux" and $macaddress =~ /^02:00:0A/ {
    include nmonitor
    include rootsh
    include checkmk-agent
    include backuppcacc
    include onecontext
    include sysstatpkg
    include ensurekvmsudo
    include cronntpdate
}

That's just it in that particular manifest file.

I've been asked of whether can that similar concept be applied upon checking the agent's hostname with a master file of hostnames allowed to be run or otherwise.

I am not sure whether it can be done, but the rough idea goes around something like:

file { 'hostmasterfile.ini'
        ensure  => present,
        source  => puppet:///test/hostmaster.ini,
        content => $hostname
}

$coname = content

if $hostname == $coname {
   include <a>
   include <b>
}

To my knowledge, I have not seen any such sample manifest that matches the request. Whats more, it goes against a standard practice of keeping things easier to manage and not putting all eggs in a basket.

An ex-colleague of mine claims that idea above is self-provisioning. However that concept is non-existent in Puppet (he posed that question at a workshop a few months back). I am not sure how true is that though.

If that thing above can be done, any suggestion of how can it be done?

Thanks

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted
0

answered 2014-08-04 03:34:04 -0500

littletaffer gravatar image

updated 2014-08-04 03:36:05 -0500

If I am to try that method, one con of that approach would be that you need to create a pair of attributes for each of the VMs in a CSV file and the condition creating is something to be pondered upon for a while.

I'll still take that in consideration. Previously I've tried the Hiera method, but without success.

I've also tried and tested one method that another guy has also suggested:

$ini_data = file('/etc/puppet/files/test/hostmaster.ini')
$ini_lookup = regsubst($ini_data, "name=$hostname", '__FOUND__')

if $is_virtual == "true" and $kernel == "Linux" and $ini_lookup =~ /__FOUND__/ {
  <do your stuff here>
}

As a measure, there were two things that I did:

  1. In puppet.conf, the freeze_main flag is set to false.
  2. In the file that is being referred, I give something roughly like the following:

1:name= glpi-49 s2:name=mocha-test s3:name=timemachine

However, IMHO, I didn't feel comfortable of the approach because of the security risk. What's more, the issue of maintenance and isolating a separate node from a collective can become an issue very much later on, (it's like eggs in one basket) based from the experience of doing a one node per host name approach in separate environments at my other office's system.

I'll still keep this question open for the meantime.

edit flag offensive delete link more
0

answered 2014-08-04 04:07:44 -0500

spend gravatar image

updated 2014-08-04 10:52:53 -0500

IIRC if you create a simple list for the CSV file eg:

#hostmaster.csv:
host1
host2

$fileres = extlookup("host2", "NotFound", "hostmaster")

will actually set $fileres="host2" so: if ( $fileres == $fqdn ) would do what you wanted?

I don't understand the comment regarding security, if that was directed at the suggestion I made. The extlookup CSV file security is pretty much as safe as any puppet config file AFIK; not just readable, but also owned by puppet, unlike if you use a plain file which puppet can read?

ETA: Sorry memory is failing me, I hacked a custom version of extlookup a few years ago & for some reason wanted to separate not found & nulls... pertinent changes were like this for my 'extralookup' function:

    # return just the single result if theres just one,
    # else take all the fields in the csv and build an array
    if result.length > 0
  +++    if result[0].length == 1 #trap [$key] only on line & return key
  +++      desired = key
  +++    end
      if result[0].length == 2
        val = result[0][1].to_s
  +++      if val == "" #trap [$key,] or [$key,""] on line & return key
  +++        val = key
  +++      end
edit flag offensive delete link more
0

answered 2014-08-04 06:57:26 -0500

mapa3m gravatar image

Self-provisioning is definitely possible with Hiera + client-defined Facts. Facter version > v1.7 will allow setting facts in /etc/facter/facts.d, which can then be used by Hiera to assign classes == self-provisioning. I would suggest taking this approach rather than trying to define a hostname list on a master.

Barring that, you can write a custom function in Ruby that will check the hostname against a list and return true/false

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-08-02 11:59:59 -0500

Seen: 613 times

Last updated: Aug 04 '14