I’ve had some good feedback on my previous post about the puppet localconfig parser, have implemented the requested features so here’s a new version.
First the ability to limit what resources are being printed:
# parselocalconfig.rb --limit package
Classes included on this node:
fqdn
common::linux
Resources managed by puppet on this node:
package{redhat-lsb: }
defined in common/modules/puppet/manifests/init.pp:15
# parselocalconfig.rb --limit package
Classes included on this node:
fqdn
common::linux
Resources managed by puppet on this node:
package{redhat-lsb: }
defined in common/modules/puppet/manifests/init.pp:15
You should only see package resources. You can also disable the classes list using –no-classes and on 0.25.x disable the tags list with –no-tags.
I’ve improved the detection of where to find the yaml file for 0.25 nodes and added an option –config if your config file is not in the usual place.
While building up complex configs with Puppet you often need to build up one file from many fragments. This is useful for files like older sysctl.conf files and maybe named.conf files.
The basic pattern is you want to manage a file, but want the contents to be very different from node to node. A fragment based system lets you register different contents into a file on different nodes. It’s exactly like the conf.d directory you’d find in Apache but for daemons that does not support this construct on their own.
I’ve had an older version of this floating around but had to clean it up for a client today so thought I might as well do a proper job, release it and get some more eye balls on it. This version is specific to Puppet 0.25.x, I will soon make a >= 0.24.8 version too since that is what my client is on.
An example says more than words, so lets create something to manage sysctl.conf:
# Initial setup
class sysctl {
include concat::setup
exec{"reload-sysctl":
refreshonly => true,
command => "/sbin/sysctl -p"
}
concat{"/etc/sysctl.conf":
notify => Exec["reload-sysctl"],
}
}
# use this to set values
define sysctl::setting($value) {
concat::fragment{"sysctl_${name}":
target => "/etc/sysctl.conf",
content => "${name} = ${value}\n",
}
}
# Initial setup
class sysctl {
include concat::setup
exec{"reload-sysctl":
refreshonly => true,
command => "/sbin/sysctl -p"
}
concat{"/etc/sysctl.conf":
notify => Exec["reload-sysctl"],
}
}
# use this to set values
define sysctl::setting($value) {
concat::fragment{"sysctl_${name}":
target => "/etc/sysctl.conf",
content => "${name} = ${value}\n",
}
}
The above sets up a class that will create an empty sysctl.conf and provides an utility for setting individual values. Whenever the sysctl.conf file gets changed the changes will be made live using the refreshonly exec.
Lets see how we might use it:
node "your.example.com" {
include sysctl
sysctl::setting{"net.ipv4.ip_forward":
value => 1
}
}
node "your.example.com" {
include sysctl
sysctl::setting{"net.ipv4.ip_forward":
value => 1
}
}
You can see this looks and feels a lot like a native type but without a lot of the hassle it would take to write one, you can really get a lot of mileage out of this pattern. The concat is clever enough to unregister the setting should you remove lines 4 to 6 in the above node block.
A cleaner approach would be to just make classes like sysctl::ipv4_forward that you can include on the nodes that need it.
One of the goals of building the SimpleRPC framework and the overall speed of MCollective is to create interactive tools to manage your infrastructure in a way that it all just seems like a single point of entry with one machine. I’ve blogged a bit about this before with how I manage Exim clusters.
I’ve recently built a deployer for a client that does some very specific things with their FastCGI, packages and monitoring in a way that is safe for developers to use. I’ve made a sanitized demo of it that you can see below. It’s sanitized in that the hostnames are replaced with hashes and some monitoring details removed but you’ll get the idea.
While looking at some bits of other peoples Ruby code I came across a few shortcuts and interesting structures worth mentioning.
Exception handling shortcut
First up a shortcut to catch exceptions thrown by a method:
def say_foo
puts"foo"if doit
rescueExceptionputs"#fail"end
def say_foo
puts "foo" if doit
rescue Exception
puts "#fail"
end
So since we didn’t define doit this will raise an exception, which will be handled. Nice shortcut to avoid an extra inner begin / rescue block.
sprintf equivelant
Ruby supports sprintf style string building in a handy little shortcut:
puts"%2.6f\n%d"%[1, 1]
puts "%2.6f\n%d" % [1, 1]
This produces:
$ ruby test.rb
1.0000001
$ ruby test.rb
1.000000
1
Get a value from a hash with default for non existing
This is really nice, I’ve written way too many constructs like this:
foo.include?(:bar) ? bar = foo[:bar] : bar = "unknown"
foo.include?(:bar) ? bar = foo[:bar] : bar = "unknown"
One option that I was told about was this:
bar = foo[:bar]||"unknown"
bar = foo[:bar] || "unknown"
But that does not work if you had false in the hash, or maybe even nil.
Turns out there’s an awesome shortcut for this:
bar = foo.fetch(:bar, "unknown")
bar = foo.fetch(:bar, "unknown")
Reloading a class
Sometimes you want to reload a class you previously loaded with require. I have the need in my plugin manager for mcollective. There’s a simple fix by simply using Kernel#load to load the .rb file, each time you load it the file will be reloaded from disk.
In between lines 2 and 3 I edited the file test.rb and just reloaded it, the changes on disk reflected in the current session. The main difference is that you need to supply the full file name and not just test like you would with require.
I just released version 0.4.3 of mcollective which brings a new auditing capability to SimpleRPC. Using the auditing system you can log to a file on each host every request or build a centralized auditing system for all requests on all nodes.
We ship a simple plugin that logs to the local harddrive but there is also a community plugin that creates a centralized logging system running over MCollective as a transport.
This is the kind of log the centralized logger will produce:
Here we see 3 nodes that got a request to add 114.255.136.120 to their local firewall. The request was sent by UID 500 on the machine ids1.my.net. The request is of course the same everywhere so the request id is the same on every node, the log shows agent and all parameters passed.
Facter has some annoying bug where it won’t always print all facts when called like facter fact, ones that require dynamic lookups etc just won’t print.
This is a long standing bug that doesn’t seem to get any love, so I hacked up a little wrapper that works better.
#!/usr/bin/ruby
require 'facter'
require 'puppet'
Puppet.parse_config
unless $LOAD_PATH.include?(Puppet[:libdir])
$LOAD_PATH << Puppet[:libdir]
end
facts = Facter.to_hash
if ARGV.size > 0
ARGV.each do |f|
puts "#{f} => #{facts[f]}" if facts.include?(f)
end
else
facts.each_pair do |k,v|
puts("#{k} => #{v}")
end
end
It behaves by default as if you ran facter -p but you can supply as many fact names as you want on the command line to print just the ones requested.
