Puppet environment + fileserver
Serge Dewailly
I'm trying to use different environment for my servers management. I'am
able to use different classes, modules... for each environment but I
can't find how to specify fileserver configuration for each environement.
Here is a piece of my configuration :
puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
pluginsync=true
autosign=true
certname = pup05401.grpldc.com
environments = production,testing
environment=production
[production]
manifest=/etc/puppet/production/manifests/site.pp
manifestdir=/etc/puppet/production/manifests
modulepath=/etc/puppet/production/modules
templatedir=/etc/puppet/production/templates
fileserverconfig=/etc/puppet/production/fileserver.conf
[testing]
manifest=/etc/puppet/testing/manifests/site.pp
manifestdir=/etc/puppet/testing/manifests
modulepath=/etc/puppet/testing/modules
templatedir=/etc/puppet/testing/templates
fileserverconfig=/etc/puppet/testing/fileserver.conf
testing/fileserver.conf
[files]
path /etc/puppet/testing/files
allow *.mydomain.com
When using this configuration, I get unauthorized access to files.
Reason is puppetmaster can't find file server configuration :
debug: No file server configuration file; autocreating modules mount
with default permissions
Is it possible to manage a fileserverconfig for each environment ?
Thanks for your help.
Serge
Ken
0.25.4 either. However ...
I'm going to take a wild guess and imagine you want to have 3
fileserver.conf files because of the need for differing 'path' items
per environment using the [files] block. Let me suggest an alternative
to your approach that I know works.
Instead of storing your files in /etc/puppet/<env>/files store your
files in modules. You may very well have a legit reason for wanting a
more global 'files' dir for all your files, however its generally
nicer to organise files close to the modules that need them. If you
are storing your files in modules, you only 1 filerserver.conf that
looks something like this:
[modules]
# your ip ranges obviously
allow 1.2.3.4/24
allow 4.3.2.1/24
And path is not needed. You only need 1 fileserver.conf then ...
Then - instead of storing your files in /etc/puppet/<env>/files you
store your files in your modules. ie:
/etc/puppet/<env>/<modulename>/files/<yourfile>
And reference them using the syntax:
file{"/tmp/foo":
source => "puppet:///<modulename>/<yourfile>
}
Most narratives I hear revolve around modules, I'd say its the path of
least resistance. If you want a single location for your companies
files you could always put them in a specific module.
ken.
On Apr 1, 10:13 am, Serge Dewailly <serge.dewai...@openevents.fr>
wrote:
Serge Dewailly
Thanks for your response. I forgot to mention Puppet version in use,
sorry about that. I'm using version 0.25.1.
Thanks for your approach about storing files in modules path.
I will try to work around with that.
In a ideal world, I would keep my two environments in completly separate
directories, since I will maintaining configuration with a git.
But if it is not possible for the moment...
I thought about another solution using two puppet instance. But didn't
try it, and don't know if it will be easy to maintain.
Last solution could be giving environment in path :
file{"/tmp/foo":
source => "puppet:///files/$environment/<yourfile>"
}
fileserverconf looks like this :
[File]
path /etc/puppet/files
Thanks for your help.
Serge.
Le 01/04/10 23:16, Ken a �crit :
Ohad Levy
Hi,
Thanks for your response. I forgot to mention Puppet version in use, sorry about that. I'm using version 0.25.1.
Thanks for your approach about storing files in modules path.
I will try to work around with that.
In a ideal world, I would keep my two environments in completly separate directories, since I will maintaining configuration with a git.
But if it is not possible for the moment...
I thought about another solution using two puppet instance. But didn't try it, and don't know if it will be easy to maintain.
Last solution could be giving environment in path :
file{"/tmp/foo":
source => "puppet:///files/$environment/<yourfile>"
}
fileserverconf looks like this :
[File]
path /etc/puppet/files
Thanks for your help.
Serge.
Le 01/04/10 23:16, Ken a écrit :
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nigel Kersten
> Hi,
> Maybe I'm missing something here, but why not just store the files in the
> modules? do you need to provide different access level to your modules based
> on environments?
Can't you do this anyway in auth.conf even for files in modules with
the rest api?
--
nigel
Serge Dewailly
configuration if in a class (say
/etc/puppet/production/manifest/test.pp) I use something like that :
file{"/tmp/foo":
source => "puppet:///modules/<yourfile>"
}
Is it a good idea to acces file from modules dir within a class (a class
not in a module...) ?
Serge.
Le 02/04/10 15:53, Ohad Levy a �crit :
> Le 01/04/10 23:16, Ken a �crit :
>
> What revision of puppet are you running? This doesn't work for me in
> 0.25.4 either. However ...
>
> I'm going to take a wild guess and imagine you want to have 3
> fileserver.conf files because of the need for differing 'path' items
> per environment using the [files] block. Let me suggest an
> alternative
> to your approach that I know works.
>
> Instead of storing your files in /etc/puppet/<env>/files store your
> files in modules. You may very well have a legit reason for
> wanting a
> more global 'files' dir for all your files, however its generally
> nicer to organise files close to the modules that need them. If you
> are storing your files in modules, you only 1 filerserver.conf that
> looks something like this:
>
> [modules]
> # your ip ranges obviously
> allow 1.2.3.4/24 <http://1.2.3.4/24>
> allow 4.3.2.1/24 <http://4.3.2.1/24>
>
> And path is not needed. You only need 1 fileserver.conf then ...
>
> Then - instead of storing your files in /etc/puppet/<env>/files you
> store your files in your modules. ie:
>
> /etc/puppet/<env>/<modulename>/files/<yourfile>
>
> And reference them using the syntax:
>
> file{"/tmp/foo":
> source => "puppet:///<modulename>/<yourfile>
> }
>
> Most narratives I hear revolve around modules, I'd say its the
> path of
> least resistance. If you want a single location for your companies
> files you could always put them in a specific module.
>
> ken.
>
> On Apr 1, 10:13 am, Serge Dewailly<serge.dewai...@openevents.fr
> <mailto:serge.dewai...@openevents.fr>>
> wrote:
>
> Hi All,
>
> I'm trying to use different environment for my servers
> management. I'am
> able to use different classes, modules... for each
> environment but I
> can't find how to specify fileserver configuration for each
> environement.
>
> Here is a piece of my configuration :
>
> puppet.conf
> [main]
> logdir=/var/log/puppet
> vardir=/var/lib/puppet
> ssldir=/var/lib/puppet/ssl
> rundir=/var/run/puppet
> factpath=$vardir/lib/facter
> pluginsync=true
> autosign=true
> certname = pup05401.grpldc.com
> <http://pup05401.grpldc.com>
> environments = production,testing
> environment=production
>
> [production]
> manifest=/etc/puppet/production/manifests/site.pp
> manifestdir=/etc/puppet/production/manifests
> modulepath=/etc/puppet/production/modules
> templatedir=/etc/puppet/production/templates
> fileserverconfig=/etc/puppet/production/fileserver.conf
>
> [testing]
> manifest=/etc/puppet/testing/manifests/site.pp
> manifestdir=/etc/puppet/testing/manifests
> modulepath=/etc/puppet/testing/modules
> templatedir=/etc/puppet/testing/templates
> fileserverconfig=/etc/puppet/testing/fileserver.conf
>
> testing/fileserver.conf
> [files]
> path /etc/puppet/testing/files
> allow *.mydomain.com <http://mydomain.com>
>
> When using this configuration, I get unauthorized access to
> files.
> Reason is puppetmaster can't find file server configuration :
>
> debug: No file server configuration file; autocreating
> modules mount
> with default permissions
>
> Is it possible to manage a fileserverconfig for each
> environment ?
>
> Thanks for your help.
> Serge
>
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To post to this group, send email to puppet...@googlegroups.com
> <mailto:puppet...@googlegroups.com>.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com
> <mailto:puppet-users%2Bunsu...@googlegroups.com>.
Nigel Kersten
<serge.d...@openevents.fr> wrote:
> No I don't need different access level, but it makes strange configuration
> if in a class (say /etc/puppet/production/manifest/test.pp) I use something
> like that :
>
> file{"/tmp/foo":
> source => "puppet:///modules/<yourfile>"
> }
>
> Is it a good idea to acces file from modules dir within a class (a class not
> in a module...) ?
Why can't you put all your classes in modules ?
>
> Serge.
>
> Le 02/04/10 15:53, Ohad Levy a écrit :
>> Le 01/04/10 23:16, Ken a écrit :
--
nigel
Serge Dewailly
service, or when wanting a stand-alone configuration (to make it portable).
Anyway, I think I will use your solution since it will respect my
needs... lots of changes to make ! :)
Thanks again for your help.
Serge.
Le 02/04/10 16:05, Nigel Kersten a �crit :
> On Fri, Apr 2, 2010 at 6:58 AM, Serge Dewailly
> <serge.d...@openevents.fr> wrote:
>> No I don't need different access level, but it makes strange configuration
>> if in a class (say /etc/puppet/production/manifest/test.pp) I use something
>> like that :
>>
>> file{"/tmp/foo":
>> source => "puppet:///modules/<yourfile>"
>> }
>>
>> Is it a good idea to acces file from modules dir within a class (a class not
>> in a module...) ?
>
> Why can't you put all your classes in modules ?
>
>
>
>>
>> Serge.
>>
>> Le 02/04/10 15:53, Ohad Levy a �crit :
>>> Le 01/04/10 23:16, Ken a �crit :
Ken
into the rhythm of using modules as its more effort to convert later
on when you do want to benefit from modularisation. Its also only a
small initial cost to be honest so I think its worth it.
ken.
On Apr 2, 3:26 pm, Serge Dewailly <serge.dewai...@openevents.fr>
wrote:
> I though module were used when having multiple files to a single
> service, or when wanting a stand-alone configuration (to make it portable).
>
> Anyway, I think I will use your solution since it will respect my
> needs... lots of changes to make ! :)
>
> Thanks again for your help.
> Serge.
>
> Le 02/04/10 16:05, Nigel Kersten a crit :
>
>
>
> > On Fri, Apr 2, 2010 at 6:58 AM, Serge Dewailly
> > <serge.dewai...@openevents.fr> wrote:
> >> No I don't need different access level, but it makes strange configuration
> >> if in a class (say /etc/puppet/production/manifest/test.pp) I use something
> >> like that :
>
> >> file{"/tmp/foo":
> >> source => "puppet:///modules/<yourfile>"
> >> }
>
> >> Is it a good idea to acces file from modules dir within a class (a class not
> >> in a module...) ?
>
> > Why can't you put all your classes in modules ?
>
> >> Serge.
>
> >> Le 02/04/10 15:53, Ohad Levy a crit :
>
> >>> Hi,
>
> >>> Maybe I'm missing something here, but why not just store the files in
> >>> the modules? do you need to provide different access level to your
> >>> modules based on environments?
>
> >>> Ohad
>
> >>> On Fri, Apr 2, 2010 at 9:37 PM, Serge Dewailly
> >>> <serge.dewai...@openevents.fr<mailto:serge.dewai...@openevents.fr>>