[ale] Working with Puppet (Was: Re: checking for interest for a free intro class "Introduction to Automating Linux System Administration using CFEngine 3")

mike at trausch.us mike at trausch.us
Tue Feb 14 13:38:33 EST 2012


On 02/14/2012 09:56 AM, mike at trausch.us wrote:
> I am finding myself somewhat happy with it.  I'm still allergic to
> things written in Ruby, of course.  If there were a drop-in Puppet clone
> in Python, I'd be all over that like white on rice, and I may not stay
> with puppet forever, but for the time being, I am rather liking it.  I
> have a master on Linode, a server here at the house, and a VM on my
> desktop that I am using to play with it for the time being.

At this point, I have a working setup that manages SSH and NTP
configuration (yeah, I know, stupid easy for those who do Puppet in
their sleep) for both Gentoo and Debian systems, including handling some
interesting differences between the two distributions.

One thing that I am finding that is annoying is that it seems that you
can say things like "debian" in selectors, but if you use a regex it
refuses to allow it (because it won't match "Debian").  There is a bug
in Puppet's Redmine instance (#3229), but it seems to have been
summarily closed without action.

It seems that the "case" command matches case-insensitive whereas
selectors using regular expressions do not.  Of course a character class
can be used to work around that, but I don't see a way to tell Puppet's
regular expression system to simply match case-insensitive.

I think that it may be possible for me to Puppet-ize my production
domain within the next day or two.  That in itself is fascinating to me.

One thing I would like to do, though I haven't quite figured out how it
would fit into Puppet's framework, would be to enforce certain types of
policy, like "ensure that all systems have run their updates once per
week".  There are other ways of doing that, of course, but I think it'd
be nice to have _all_ my configuration in a single system, and not just
most of it.

Another thing I would like to be able to do is somehow give Puppet a
whitelist of packages that are allowed to be on various systems, such
that any package that (a) isn't in the whitelist and (b) isn't a
dependency of something in the whitelist will be removed by Puppet
automagically.

Both of the last two things, though, seem to be outside of the scope of
Puppet's capabilities.

	--- Mike

-- 
A man who reasons deliberately, manages it better after studying Logic
than he could before, if he is sincere about it and has common sense.
                                   --- Carveth Read, “Logic”

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 729 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20120214/d0029a4d/attachment-0001.bin 


More information about the Ale mailing list