[Puppet Users] Grouping hosts within environments

Nikola Petrov

at May 30, 2013 at 3:39 pm

You can always use tags with virtual resources of some sort. Let's say
that user1 is in group app1, user2 and user3 are in group app2. You can
"tag" those user accounts with that:

     user{'user1'
         ...
         tag => 'app1',
     }

     user {['user2', 'user3']:
         ...
         tag => 'app2',
     }

now in your hiera configurations or somewhere else(like ENC) you can
specify which user accounts belong to that host by realizing only those
that you need.

     node node10,node20 {
         User<<| tag == 'app1' |>>
     }

I would also introduce a fact that exposes the fact that user accounts
of 'app1' "belong" to a particular host

On Thu, May 30, 2013 at 08:02:34AM -0700, przemol wrote:
Hello,

we have been using puppet 3 with hiera based config and several (usually
"typical") environments:
test
predev
dev
preprod
prod
...
Basically we apply the puppet config to test, then predev, then dev, etc
But within each environment we have quite a large number of hosts
(20/50/100/300/...).
We would like to "group" them into sort of subgroups. For example "dev"
hosts
are for developers from different applications teams: app1, app2, app3,
appN.
We need to create accounts (user accounts are just an example - there are
other similar tasks) on all servers from dev environments:
user accounts for dev team app1 don't need to be on all dev servers - just
on the following nodes: node10 - node20
user accounts for dev team app2 should be just on the following nodes:
node35 - node88
etc
(and I can't use any regular expressions to select nodes - the same servers
in each group could have quite different FQDN)
Can you recommend what puppet/hiera feature could I use to group servers ?
It would be good if I could use it just on central puppet master server and
not need to login to every node
and assign it locally to a group.

Regards

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

reply | permalink

Przemol

at May 30, 2013 at 4:51 pm

⇧

This approach requires to keep all the users in *.pp files.
Currently we keep users in yaml file:

accounts::users::accounts:
   sysadmin:
     ensure: present
     home: /home/sysadmin
     managehome: "true"
     shell: /bin/bash
     uid: 4000
     gid: sysadmin
     comment: Systems Admin
etc
and create them using create_resource. Is it possible to use hiera to
associate all the users to particular servers ?

On Thursday, May 30, 2013 4:39:02 PM UTC+1, nikolavp wrote:

You can always use tags with virtual resources of some sort. Let's say
that user1 is in group app1, user2 and user3 are in group app2. You can
"tag" those user accounts with that:

user{'user1'
...
tag => 'app1',
}

user {['user2', 'user3']:
...
tag => 'app2',
}

now in your hiera configurations or somewhere else(like ENC) you can
specify which user accounts belong to that host by realizing only those
that you need.

node node10,node20 {
User<<| tag == 'app1' |>>
}

I would also introduce a fact that exposes the fact that user accounts
of 'app1' "belong" to a particular host

On Thu, May 30, 2013 at 08:02:34AM -0700, przemol wrote:
Hello,

we have been using puppet 3 with hiera based config and several (usually
"typical") environments:
test
predev
dev
preprod
prod
...
Basically we apply the puppet config to test, then predev, then dev, etc
But within each environment we have quite a large number of hosts
(20/50/100/300/...).
We would like to "group" them into sort of subgroups. For example "dev"
hosts
are for developers from different applications teams: app1, app2, app3,
appN.
We need to create accounts (user accounts are just an example - there are
other similar tasks) on all servers from dev environments:
user accounts for dev team app1 don't need to be on all dev servers - just
on the following nodes: node10 - node20
user accounts for dev team app2 should be just on the following nodes:
node35 - node88
etc
(and I can't use any regular expressions to select nodes - the same servers
in each group could have quite different FQDN)
Can you recommend what puppet/hiera feature could I use to group servers ?
It would be good if I could use it just on central puppet master server and
not need to login to every node
and assign it locally to a group.

Regards

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected] <javascript:>.
To post to this group, send email to [email protected]<javascript:>.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

reply | permalink

Nikola Petrov

at May 31, 2013 at 9:02 am

⇧

Yes you can just tag them from there:

     accounts::users::accounts:
       sysadmin:
         ensure: present
         home: /home/sysadmin
         managehome: "true"
         shell: /bin/bash
         uid: 4000
         gid: sysadmin
         comment: Systems Admin

tags aren't special in any way - they are just a metaparameter that each
resource in puppet can have -
http://docs.puppetlabs.com/references/latest/metaparameter.html#tag

If you don't want to repeat yourself and can deduce the user team(group)
from the yaml file or something, you can use the third parameter for
create_resource which is just the default parameters. So you would have
something like this:

$tags = {
     tag => 'app1'
}

create_resource(user, $myhash, $tags)

--
Nikola

On Thu, May 30, 2013 at 09:51:48AM -0700, przemol wrote:
This approach requires to keep all the users in *.pp files.
Currently we keep users in yaml file:

accounts::users::accounts:
sysadmin:
ensure: present
home: /home/sysadmin
managehome: "true"
shell: /bin/bash
uid: 4000
gid: sysadmin
comment: Systems Admin
etc
and create them using create_resource. Is it possible to use hiera to
associate all the users to particular servers ?

On Thursday, May 30, 2013 4:39:02 PM UTC+1, nikolavp wrote:

You can always use tags with virtual resources of some sort. Let's say
that user1 is in group app1, user2 and user3 are in group app2. You can
"tag" those user accounts with that:

user{'user1'
...
tag => 'app1',
}

user {['user2', 'user3']:
...
tag => 'app2',
}

now in your hiera configurations or somewhere else(like ENC) you can
specify which user accounts belong to that host by realizing only those
that you need.

node node10,node20 {
User<<| tag == 'app1' |>>
}

I would also introduce a fact that exposes the fact that user accounts
of 'app1' "belong" to a particular host

On Thu, May 30, 2013 at 08:02:34AM -0700, przemol wrote:
Hello,

we have been using puppet 3 with hiera based config and several (usually
"typical") environments:
test
predev
dev
preprod
prod
...
Basically we apply the puppet config to test, then predev, then dev, etc
But within each environment we have quite a large number of hosts
(20/50/100/300/...).
We would like to "group" them into sort of subgroups. For example "dev"
hosts
are for developers from different applications teams: app1, app2, app3,
appN.
We need to create accounts (user accounts are just an example - there are
other similar tasks) on all servers from dev environments:
user accounts for dev team app1 don't need to be on all dev servers - just
on the following nodes: node10 - node20
user accounts for dev team app2 should be just on the following nodes:
node35 - node88
etc
(and I can't use any regular expressions to select nodes - the same servers
in each group could have quite different FQDN)
Can you recommend what puppet/hiera feature could I use to group servers ?
It would be good if I could use it just on central puppet master server and
not need to login to every node
and assign it locally to a group.

Regards

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected] <javascript:>.
To post to this group, send email to [email protected]<javascript:>.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

reply | permalink

Przemol

at Jun 6, 2013 at 3:24 pm

⇧

Hi Nikola,

this solution seems very interesting :-)
Can you please write an example *.pp files with tags and example users
which shows how to tag it ?

Thanks

On Friday, May 31, 2013 10:02:21 AM UTC+1, nikolavp wrote:

Yes you can just tag them from there:

accounts::users::accounts:
sysadmin:
ensure: present
home: /home/sysadmin
managehome: "true"
shell: /bin/bash
uid: 4000
gid: sysadmin
comment: Systems Admin

tags aren't special in any way - they are just a metaparameter that each
resource in puppet can have -
http://docs.puppetlabs.com/references/latest/metaparameter.html#tag

If you don't want to repeat yourself and can deduce the user team(group)
from the yaml file or something, you can use the third parameter for
create_resource which is just the default parameters. So you would have
something like this:

$tags = {
tag => 'app1'
}

create_resource(user, $myhash, $tags)

--
Nikola

On Thu, May 30, 2013 at 09:51:48AM -0700, przemol wrote:
This approach requires to keep all the users in *.pp files.
Currently we keep users in yaml file:

accounts::users::accounts:
sysadmin:
ensure: present
home: /home/sysadmin
managehome: "true"
shell: /bin/bash
uid: 4000
gid: sysadmin
comment: Systems Admin
etc
and create them using create_resource. Is it possible to use hiera to
associate all the users to particular servers ?

On Thursday, May 30, 2013 4:39:02 PM UTC+1, nikolavp wrote:

You can always use tags with virtual resources of some sort. Let's say
that user1 is in group app1, user2 and user3 are in group app2. You

can

"tag" those user accounts with that:

user{'user1'
...
tag => 'app1',
}

user {['user2', 'user3']:
...
tag => 'app2',
}

now in your hiera configurations or somewhere else(like ENC) you can
specify which user accounts belong to that host by realizing only

those

that you need.

node node10,node20 {
User<<| tag == 'app1' |>>
}

I would also introduce a fact that exposes the fact that user accounts
of 'app1' "belong" to a particular host

On Thu, May 30, 2013 at 08:02:34AM -0700, przemol wrote:
Hello,

we have been using puppet 3 with hiera based config and several

(usually

"typical") environments:
test
predev
dev
preprod
prod
...
Basically we apply the puppet config to test, then predev, then dev,

etc

But within each environment we have quite a large number of hosts
(20/50/100/300/...).
We would like to "group" them into sort of subgroups. For example

"dev"

hosts
are for developers from different applications teams: app1, app2,

app3,

appN.
We need to create accounts (user accounts are just an example -

there

are

other similar tasks) on all servers from dev environments:
user accounts for dev team app1 don't need to be on all dev servers

-

just

on the following nodes: node10 - node20
user accounts for dev team app2 should be just on the following

nodes:

node35 - node88
etc
(and I can't use any regular expressions to select nodes - the same servers
in each group could have quite different FQDN)
Can you recommend what puppet/hiera feature could I use to group

servers

?

It would be good if I could use it just on central puppet master

server

and

not need to login to every node
and assign it locally to a group.

Regards

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it,

send

an email to [email protected] <javascript:>.

To post to this group, send email to [email protected]<javascript:>.
Visit this group at

http://groups.google.com/group/puppet-users?hl=en.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected] <javascript:>.
To post to this group, send email to [email protected]<javascript:>.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

reply | permalink

Pete Brown

at May 31, 2013 at 12:36 am

⇧

On 31 May 2013 01:02, przemol wrote:

Hello,

we have been using puppet 3 with hiera based config and several (usually
"typical") environments:
test
predev
dev
preprod
prod
...
Basically we apply the puppet config to test, then predev, then dev, etc
But within each environment we have quite a large number of hosts
(20/50/100/300/...).
We would like to "group" them into sort of subgroups. For example "dev"
hosts
are for developers from different applications teams: app1, app2, app3,
appN.

If you have that many nodes I would suggest an ENC like Foreman and use
host groups to include the classes you want for each group.
Foreman also talks to puppetdb to get facts and the like and you can send
puppet reports to it which will also be handy for that many nodes.
Using an enc also gives you a centralised way of managing which host group
or environment a node uses.
In fact if you use a ENC it ignores the environment setting on the node and
only uses the one set in the enc.

We need to create accounts (user accounts are just an example - there are
other similar tasks) on all servers from dev environments:
user accounts for dev team app1 don't need to be on all dev servers - just
on the following nodes: node10 - node20
user accounts for dev team app2 should be just on the following nodes:
node35 - node88

Also given the number of nodes you have I would also suggest some form of
centralised user management like FreeIPA, LDAP or AD.
Then you can define the access rights you want for each use or use group.

(if you are tricky you can also use LDAP as an ENC but that may be an
exercise for the future.)

etc

(and I can't use any regular expressions to select nodes - the same
servers in each group could have quite different FQDN)
Can you recommend what puppet/hiera feature could I use to group servers ?
It would be good if I could use it just on central puppet master server
and not need to login to every node
and assign it locally to a group.

Regards

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

reply | permalink

Przemol

at Jun 4, 2013 at 3:48 pm

⇧

Pete,

thank you for suggestions. As for my environments: the users example is
just an example.
The same problem exists when I want to apply other config settings to
subset of servers.
We use The Foreman so this is one option. In general I wanted to ask you if
you could share your experience
regarding deploying hiera based puppet in more diverse environments.

On Friday, May 31, 2013 1:36:52 AM UTC+1, Pete wrote:

On 31 May 2013 01:02, przemol <[email protected] <javascript:>> wrote:

Hello,

we have been using puppet 3 with hiera based config and several (usually
"typical") environments:
test
predev
dev
preprod
prod
...
Basically we apply the puppet config to test, then predev, then dev, etc
But within each environment we have quite a large number of hosts
(20/50/100/300/...).
We would like to "group" them into sort of subgroups. For example "dev"
hosts
are for developers from different applications teams: app1, app2, app3,
appN.

If you have that many nodes I would suggest an ENC like Foreman and use
host groups to include the classes you want for each group.
Foreman also talks to puppetdb to get facts and the like and you can send
puppet reports to it which will also be handy for that many nodes.
Using an enc also gives you a centralised way of managing which host group
or environment a node uses.
In fact if you use a ENC it ignores the environment setting on the node
and only uses the one set in the enc.

We need to create accounts (user accounts are just an example - there are
other similar tasks) on all servers from dev environments:
user accounts for dev team app1 don't need to be on all dev servers -
just on the following nodes: node10 - node20
user accounts for dev team app2 should be just on the following nodes:
node35 - node88

Also given the number of nodes you have I would also suggest some form of
centralised user management like FreeIPA, LDAP or AD.
Then you can define the access rights you want for each use or use group.

(if you are tricky you can also use LDAP as an ENC but that may be an
exercise for the future.)

etc

(and I can't use any regular expressions to select nodes - the same
servers in each group could have quite different FQDN)
Can you recommend what puppet/hiera feature could I use to group servers ?
It would be good if I could use it just on central puppet master server
and not need to login to every node
and assign it locally to a group.

Regards

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected] <javascript:>.
To post to this group, send email to [email protected]<javascript:>
.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

reply | permalink

group	puppet-users @
categories	puppet
posted	May 30, '13 at 3:02p
active	Jun 6, '13 at 3:24p
posts	7
users	3
website	puppetlabs.com

responses	expanded	Hotkey: s
font	variable	Hotkey: f
user style	avatars	Hotkey: a

[Puppet Users] Grouping hosts within environments

Search Discussions

Related Discussions

3 users in discussion