New: How to configure systems per unique hosts (hostname)
48 views
Skip to first unread message
Joaquin Menchaca
Jul 24, 2015, 3:10:41 AM7/24/15
to help-cfengine
I want to put unique sequence of bundles on particular hosts, e.g. variety of web servers (analytics, main web app server, website), database (datawarehouse, application databases), no-sql memory servers, queue servers, search nodes, etc. Example: I would like to configure a set of hosts, e.g. prod-web01-04 one way, stg-web01-04 another way, delivery-web01 another way, staging/production shard master/slave servers, and so on.
Every system has an easy mechanism for this: Chef) node/hostname.json file to have a run list of cookbooks, Puppet) site manifest dsl that has a list modules, Puppet+Hiera) json or yaml that is organized per hostname (or other organization, such as role, environment, or hierarchical combination) that includes list of modules, and Ansible, which has groupings of hostnames in an inventory ini file, and unique playbooks that list the groups they apply to.
I combed through the documentation, but I could not find anything around this topic, so far it is a all or nothing from what I am finding. Then I came across a old web page from 2006 era that referenced an out of print SysAdmin (Dr. Dobbs) magazine article on the topic. They seem to use classes, where there would be host01|host02|host03:: classes.
Is this how to do this functionality? Where can I find cfengine documentation on putting unique set of bundles on a given system?
Every system has an easy mechanism for this: Chef) node/hostname.json file to have a run list of cookbooks, Puppet) site manifest dsl that has a list modules, Puppet+Hiera) json or yaml that is organized per hostname (or other organization, such as role, environment, or hierarchical combination) that includes list of modules, and Ansible, which has groupings of hostnames in an inventory ini file, and unique playbooks that list the groups they apply to.
I combed through the documentation, but I could not find anything around this topic, so far it is a all or nothing from what I am finding. Then I came across a old web page from 2006 era that referenced an out of print SysAdmin (Dr. Dobbs) magazine article on the topic. They seem to use classes, where there would be host01|host02|host03:: classes.
Is this how to do this functionality? Where can I find cfengine documentation on putting unique set of bundles on a given system?
Neil Watson
Jul 24, 2015, 7:17:43 AM7/24/15
to help-cfengine
Our best practice, through years of experience, is to NOT try and
customize what inputs go to what hosts. In most cases it's more reliable
to send the whole lot and let the agent decide which parts of it to run.
Indeed the behaviour of cf-agent -B is to copy all of masterfiles; you
can't change that without creating your own bootstrap utility. Typically
privacy is only reason to have some separated inputs.
In rare cases where privacy is a concern, then policy is written for the
agent to download additional inputs from another location outside of
masterfiles. This adds complexity, and thus more chance of failure, so
there must be strong justification.
--
Neil H Watson
Sr. Partner, Architecture and Infrastructure
CFEngine reporting: https://github.com/evolvethinking/delta_reporting
CFEngine policy: https://github.com/evolvethinking/evolve_cfengine_freelib
CFEngine and vim: https://github.com/neilhwatson/vim_cf3
CFEngine support: http://evolvethinking.com
customize what inputs go to what hosts. In most cases it's more reliable
to send the whole lot and let the agent decide which parts of it to run.
Indeed the behaviour of cf-agent -B is to copy all of masterfiles; you
can't change that without creating your own bootstrap utility. Typically
privacy is only reason to have some separated inputs.
In rare cases where privacy is a concern, then policy is written for the
agent to download additional inputs from another location outside of
masterfiles. This adds complexity, and thus more chance of failure, so
there must be strong justification.
--
Neil H Watson
Sr. Partner, Architecture and Infrastructure
CFEngine reporting: https://github.com/evolvethinking/delta_reporting
CFEngine policy: https://github.com/evolvethinking/evolve_cfengine_freelib
CFEngine and vim: https://github.com/neilhwatson/vim_cf3
CFEngine support: http://evolvethinking.com
Ted Zlatanov
Jul 24, 2015, 7:55:25 AM7/24/15
to help-c...@googlegroups.com
On Fri, 24 Jul 2015 00:10:41 -0700 (PDT) Joaquin Menchaca <joaqu...@gmail.com> wrote:
JM> I want to put unique sequence of bundles on particular hosts, e.g. variety
JM> of web servers (analytics, main web app server, website), database
JM> (datawarehouse, application databases), no-sql memory servers, queue
JM> servers, search nodes, etc. Example: I would like to configure a set of
JM> hosts, e.g. prod-web01-04 one way, stg-web01-04 another way, delivery-web01
JM> another way, staging/production shard master/slave servers, and so on.
JM> Every system has an easy mechanism for this: Chef) node/hostname.json file
JM> to have a run list of cookbooks, Puppet) site manifest dsl that has a list
JM> modules, Puppet+Hiera) json or yaml that is organized per hostname (or
JM> other organization, such as role, environment, or hierarchical combination)
JM> that includes list of modules, and Ansible, which has groupings of
JM> hostnames in an inventory ini file, and unique playbooks that list the
JM> groups they apply to.
There's no built-in standard way currently, but I just recently posted a
proposal to do this, even possibly using Ansible's standard for a
server-side inventory system, see
https://groups.google.com/d/msg/help-cfengine/q9yAkRIOs8g/7YmWySc31J0J
It's pretty easy to do it yourself in policy, simply assign classes to
hosts using the many available functions, then change behavior based on
the classes. But I agree, it would be nice to standardize it.
Ted
JM> I want to put unique sequence of bundles on particular hosts, e.g. variety
JM> of web servers (analytics, main web app server, website), database
JM> (datawarehouse, application databases), no-sql memory servers, queue
JM> servers, search nodes, etc. Example: I would like to configure a set of
JM> hosts, e.g. prod-web01-04 one way, stg-web01-04 another way, delivery-web01
JM> another way, staging/production shard master/slave servers, and so on.
JM> Every system has an easy mechanism for this: Chef) node/hostname.json file
JM> to have a run list of cookbooks, Puppet) site manifest dsl that has a list
JM> modules, Puppet+Hiera) json or yaml that is organized per hostname (or
JM> other organization, such as role, environment, or hierarchical combination)
JM> that includes list of modules, and Ansible, which has groupings of
JM> hostnames in an inventory ini file, and unique playbooks that list the
JM> groups they apply to.
There's no built-in standard way currently, but I just recently posted a
proposal to do this, even possibly using Ansible's standard for a
server-side inventory system, see
https://groups.google.com/d/msg/help-cfengine/q9yAkRIOs8g/7YmWySc31J0J
It's pretty easy to do it yourself in policy, simply assign classes to
hosts using the many available functions, then change behavior based on
the classes. But I agree, it would be nice to standardize it.
Ted
Aleksey Tsalolikhin
Jul 24, 2015, 11:39:00 AM7/24/15
to Joaquin Menchaca, help-cfengine
Check out http://cfengine.com/company/blog-detail/dynamic-bundlesequence-with-autorun-meta-tags-and-hard-classes/
But make sure you understand cfengine classes first. This is an
important basic concept.
See https://digitalelf.net/cf-primer/ (the classes pages) It has
examples of making promises that target specific types of servers
based on OS. I will add examples of targeting specific servers based
on infrastructure groups (e.g. web vs db).
CFEngine was originally created to help ensure consistent
configuration across disparate systems in an automated fashion,
abstracting the differing details of implementation (e.g. "ps"
arguments differ between System V and BSD Unix). However it also
allows you to target configuration policy to specific server(s).
You can target a promise attribute, a promise, a bundle, or the entire
bundlesequence.
CFEngine is a powerful and flexible tool.
Keep in mind you most likely will want some "common" policy plus some
specific policy.
I want to work with you to fill in any missing basics from the
digitalelf cf-primer presentation. Thank you for your persistence,
Joaquin.
ᐧ
> --
> You received this message because you are subscribed to the Google Groups
> "help-cfengine" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to help-cfengin...@googlegroups.com.
> To post to this group, send email to help-c...@googlegroups.com.
> Visit this group at http://groups.google.com/group/help-cfengine.
> For more options, visit https://groups.google.com/d/optout.
--
Aleksey Tsalolikhin
CFEngine Training & Consulting
Vertical Sysadmin, Inc.
+1-323-393-0779
But make sure you understand cfengine classes first. This is an
important basic concept.
See https://digitalelf.net/cf-primer/ (the classes pages) It has
examples of making promises that target specific types of servers
based on OS. I will add examples of targeting specific servers based
on infrastructure groups (e.g. web vs db).
CFEngine was originally created to help ensure consistent
configuration across disparate systems in an automated fashion,
abstracting the differing details of implementation (e.g. "ps"
arguments differ between System V and BSD Unix). However it also
allows you to target configuration policy to specific server(s).
You can target a promise attribute, a promise, a bundle, or the entire
bundlesequence.
CFEngine is a powerful and flexible tool.
Keep in mind you most likely will want some "common" policy plus some
specific policy.
I want to work with you to fill in any missing basics from the
digitalelf cf-primer presentation. Thank you for your persistence,
Joaquin.
ᐧ
> You received this message because you are subscribed to the Google Groups
> "help-cfengine" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to help-cfengin...@googlegroups.com.
> To post to this group, send email to help-c...@googlegroups.com.
> Visit this group at http://groups.google.com/group/help-cfengine.
> For more options, visit https://groups.google.com/d/optout.
--
Aleksey Tsalolikhin
CFEngine Training & Consulting
Vertical Sysadmin, Inc.
+1-323-393-0779
Joaquin Menchaca
Jul 26, 2015, 4:40:38 AM7/26/15
to help-cfengine, joaqu...@gmail.com
I found this older posting (looks like CFEngine 2?) about a technique and references a 2006 issue of System Administrator Magazine...
http://www.johnborwick.com/writing/cfengine.html
http://www.johnborwick.com/writing/cfengine.html
Aleksey Tsalolikhin
Jul 26, 2015, 7:20:13 PM7/26/15
to Joaquin Menchaca, help-cfengine
Classes can constrain a promise attribute, a promise, a bundle, or
bundlesequence at a particular host or group of hosts.
First of all, "bundlesequence" is an attribute of the built-in
"control" promise. You can put classes on attributes, and this
applies to bundlesequence as well.
First, a simple example, with file permissions:
body perms set_mode_700_and_admin_group
{
mode => "0700";
linux:: groups => { "wheel" };
darwin:: groups => { "admin" };
sunos:: groups => { "sys" };
}
Since the "admin" group name varies OS to OS, the above will set group
file ownership to the "admin" group (and the details of the group name
are abstracted within the body).
You can do the same with bundlesequence:
body common control
{
linux:: bundlesequence => { "common", "linux"};
illumos:: bundlesequence => { "common", "illumos" };
}
or,
body common control
{
web:: bundlesequence => { "base", "webserver" };
db:: bundlesequence => {"base", "db" };
}
You can also specify the class of hosts that a promise applies to:
vars:
aix::
"tape_device" string => "/dev/rmt0";
linux::
"tape_device" string => "dev/st0";
And, you can specify the class of hosts that a promise BUNDLE applies to:
methods:
web::
"Install and configure Apache"
usebundle => apache;
As you can see, CFEngine provides the basic building blocks.
Yours,
-at
ᐧ
bundlesequence at a particular host or group of hosts.
First of all, "bundlesequence" is an attribute of the built-in
"control" promise. You can put classes on attributes, and this
applies to bundlesequence as well.
First, a simple example, with file permissions:
body perms set_mode_700_and_admin_group
{
mode => "0700";
linux:: groups => { "wheel" };
darwin:: groups => { "admin" };
sunos:: groups => { "sys" };
}
Since the "admin" group name varies OS to OS, the above will set group
file ownership to the "admin" group (and the details of the group name
are abstracted within the body).
You can do the same with bundlesequence:
body common control
{
linux:: bundlesequence => { "common", "linux"};
illumos:: bundlesequence => { "common", "illumos" };
}
or,
body common control
{
web:: bundlesequence => { "base", "webserver" };
db:: bundlesequence => {"base", "db" };
}
You can also specify the class of hosts that a promise applies to:
vars:
aix::
"tape_device" string => "/dev/rmt0";
linux::
"tape_device" string => "dev/st0";
And, you can specify the class of hosts that a promise BUNDLE applies to:
methods:
web::
"Install and configure Apache"
usebundle => apache;
As you can see, CFEngine provides the basic building blocks.
Yours,
-at
ᐧ
Reply all
Reply to author
Forward
0 new messages