Greetings,
This might be a feature request, but I'm curious if there might be a
hidden way to assign Foreman Parameters to OS Familes.
Example use case:
Using Puppet Modules that include automatic firewalling (like Example42's
set), iptables is supported, but ipfilter is not. Nice to set OS Family
parameters -
RedHat Family -> firewall = true
Solaris Family -> firewall = false
Windows Family -> firewall = false
Then we would see automatic firewalling via puppet modules applied by
default to all CentOS, RHEL, and OracleLinux servers, but not on Windows
and Solaris servers, regardless of OS Version.
If this isn't available, does it seem to be a reasonable feature request?
I think Smart Variables will do what you are looking for.
More -> Configuration -> Smart Variables
Select the firewall parameter of the module you are interested in and
configure it accordingly.
On the Matcher-Value you can use facts, so you can implement
osfamily = RedHat / true
osfamily = Solaris / false
osfamily = Windows / false
More information at :
http://theforeman.org/manuals/1.3/index.html#4.2.4SmartVariables
I am still new to The Foreman, don't take my word for it, but I'll
investigate on this side.
···
On Wed, Oct 16, 2013 at 11:56:22AM -0700, Sean Alderman wrote:
> Greetings,
> This might be a feature request, but I'm curious if there might be a
> hidden way to assign Foreman Parameters to OS Familes.
>
> Example use case:
> Using Puppet Modules that include automatic firewalling (like Example42's
> set), iptables is supported, but ipfilter is not. Nice to set OS Family
> parameters -
> RedHat Family -> firewall = true
> Solaris Family -> firewall = false
> Windows Family -> firewall = false
> Then we would see automatic firewalling via puppet modules applied by
> default to all CentOS, RHEL, and OracleLinux servers, but not on Windows
> and Solaris servers, regardless of OS Version.
>
> If this isn't available, does it seem to be a reasonable feature request?
>
–
Yanis Guenane
Cool, I didn't think of that, as I've struggled with them in the past and
resorted to using wrapper classes in puppet that include define the
parameterized class and set it's params how I want.
In another case - again using osfamily = Solaris as the matcher, I'm trying
to set a config template for all Solaris hosts. What I am wondering is why
the module_template parameter (from smart var) doesn't appear in the yaml
of the host in foreman.
···
On Wednesday, October 16, 2013 6:01:28 PM UTC-4, Yanis Guenane wrote:
>
> On Wed, Oct 16, 2013 at 11:56:22AM -0700, Sean Alderman wrote:
> > Greetings,
> > This might be a feature request, but I'm curious if there might be a
> > hidden way to assign Foreman Parameters to OS Familes.
> >
> > Example use case:
> > Using Puppet Modules that include automatic firewalling (like
> Example42's
> > set), iptables is supported, but ipfilter is not. Nice to set OS Family
> > parameters -
> > RedHat Family -> firewall = true
> > Solaris Family -> firewall = false
> > Windows Family -> firewall = false
> > Then we would see automatic firewalling via puppet modules applied by
> > default to all CentOS, RHEL, and OracleLinux servers, but not on Windows
> > and Solaris servers, regardless of OS Version.
> >
> > If this isn't available, does it seem to be a reasonable feature
> request?
> >
>
> I think Smart Variables will do what you are looking for.
>
> More -> Configuration -> Smart Variables
>
> Select the firewall parameter of the module you are interested in and
> configure it accordingly.
>
> On the Matcher-Value you can use facts, so you can implement
>
> osfamily = RedHat / true
> osfamily = Solaris / false
> osfamily = Windows / false
>
> More information at :
> http://theforeman.org/manuals/1.3/index.html#4.2.4SmartVariables
>
> I am still new to The Foreman, don't take my word for it, but I'll
> investigate on this side.
>
> --
> Yanis Guenane
>
It's not immediately obvious, but smart-vars are still tied to classes -
does the host in question have the class containing the smart-var assigned?
···
On 17 October 2013 16:43, Sean Alderman wrote:
Cool, I didn’t think of that, as I’ve struggled with them in the past and
resorted to using wrapper classes in puppet that include define the
parameterized class and set it’s params how I want.
In another case - again using osfamily = Solaris as the matcher, I’m
trying to set a config template for all Solaris hosts. What I am wondering
is why the module_template parameter (from smart var) doesn’t appear in the
yaml of the host in foreman.
Technically yes, but the test case I picked was a class that's declared
inside a wrapper. I guess I could make the wrapper parameterized huh? 
I made a wrapper for this case, because I was struggling with getting
Foreman to allow me to declare facts in parameters at the host/hostgroup
level. E.g.
In the wrapper, I have:
class foo_wrapper {
siteserver = bar.example.com defined as param for a foreman hostgroup
class { foo:
allowed_hosts => [ '127.0.0.1', $::ipaddress, $::siteserver ],
template => 'site/foo/foo.cfg.erb',
}
}
It seemed like Foreman wouldn't allow me to declare foo_allowed_hosts =
127.0.0.1,$::ipaddress,$::siteserver as a parameter of the hostgroup. The
variables show up as literal strings in foo's config file.
So in my Smart Class Param test, I went to class foo and setup the smart
param, but none of the hosts see it b/c Foreman doesn't know they're using
the class.
Going back to my original question though, In Example42's automatic
firewalling scheme, a global param firewall = false, will disable automatic
firewalling for every module a host has, instead of having to say
openssh_firewall = false, ntp_firewall = false, apache_firewall = false,
etc. Currently, at each Solaris host, I disable it for all modules using
firewall = false. If a Smart Class Param is only availble inside a module,
I'd have to set it as such inside every class Puppet has. Can I make a
smart param at a global level?
···
On Thursday, October 17, 2013 12:38:41 PM UTC-4, Greg Sutcliffe wrote:
>
> On 17 October 2013 16:43, Sean Alderman <salde...@udayton.edu > > wrote:
>
>> Cool, I didn't think of that, as I've struggled with them in the past and
>> resorted to using wrapper classes in puppet that include define the
>> parameterized class and set it's params how I want.
>>
>> In another case - again using osfamily = Solaris as the matcher, I'm
>> trying to set a config template for all Solaris hosts. What I am wondering
>> is why the module_template parameter (from smart var) doesn't appear in the
>> yaml of the host in foreman.
>>
>
> It's not immediately obvious, but smart-vars are still tied to classes -
> does the host in question have the class containing the smart-var assigned?
>
Joseph,
Yes, that's correct, but the idea would apply to other families like RedHat
which could have numerous OS and versions combos.
Yesterday I filed an issue [1], addressing a Solaris complication that
relates to this post. When I started looking at disabling automatic
firewalling on Solaris, my list of Solaris operating sytems looked like:
- Solaris 5.10 (hw0113)
- Solaris 107
- Solaris 108
- Solaris 109
- Solaris 1011
The #2-5 operating systems were created when we loaded Puppet up on a bunch
of existing hosts that were running pkgutil against OpenCSW's unstable
branch. This branch loads Facter 1.7.1, where the fact for Solaris
operatingsystemrelease is different in a way that Foreman does not handle.
I manually went back to all those servers and brought them back to the
OpenCSW Testing Branch and down to Facter 1.6.18, so now all my Solaris
hosts are falling into #1, and I've deleted the bogus Solaris OS objects.
So for my firewall problem I can simply set firewall = false at the OS
level, as long as I'm not setting it to true in a hostgroup.
[1] Bug #3295: Solaris release version problems with Facter >= 1.7 - Foreman
···
On Thursday, October 17, 2013 2:48:30 PM UTC-4, Joseph Magen wrote:
>
> Sean,
>
> There are OS parameters (regular parameters, not smart paramaters). I
> assume that you want to have multiple OS's within the Solaris family and
> you want to define them in one place rather than for each Solaris OS. Is
> this correct? How many OS's do you have in the Solaris family.
>
> Joseph
>
>
> ----- Original Message -----
> From: "Sean Alderman" <salde...@udayton.edu >
> To: forema...@googlegroups.com
> Sent: Thursday, October 17, 2013 8:29:14 PM
> Subject: Re: [foreman-users] Can we set parameters for OS Families?
>
> Technically yes, but the test case I picked was a class that's declared
> inside a wrapper. I guess I could make the wrapper parameterized huh? :)
>
> I made a wrapper for this case, because I was struggling with getting
> Foreman to allow me to declare facts in parameters at the host/hostgroup
> level. E.g.
>
> In the wrapper, I have:
>
> class foo_wrapper {
> # siteserver = bar.example.com defined as param for a foreman hostgroup
> class { foo:
> allowed_hosts => [ '127.0.0.1', $::ipaddress, $::siteserver ],
> template => 'site/foo/foo.cfg.erb',
> }
> }
>
> It seemed like Foreman wouldn't allow me to declare foo_allowed_hosts =
> 127.0.0.1,$::ipaddress,$::siteserver as a parameter of the hostgroup. The
> variables show up as literal strings in foo's config file.
>
> So in my Smart Class Param test, I went to class foo and setup the smart
> param, but none of the hosts see it b/c Foreman doesn't know they're using
> the class.
>
> Going back to my original question though, In Example42's automatic
> firewalling scheme, a global param firewall = false, will disable
> automatic
> firewalling for every module a host has, instead of having to say
> openssh_firewall = false, ntp_firewall = false, apache_firewall = false,
> etc. Currently, at each Solaris host, I disable it for all modules using
> firewall = false. If a Smart Class Param is only availble inside a
> module,
> I'd have to set it as such inside every class Puppet has. Can I make a
> smart param at a global level?
>
>
> On Thursday, October 17, 2013 12:38:41 PM UTC-4, Greg Sutcliffe wrote:
> >
> > On 17 October 2013 16:43, Sean Alderman <salde...@udayton.edu > > > > wrote:
> >
> >> Cool, I didn't think of that, as I've struggled with them in the past
> and
> >> resorted to using wrapper classes in puppet that include define the
> >> parameterized class and set it's params how I want.
> >>
> >> In another case - again using osfamily = Solaris as the matcher, I'm
> >> trying to set a config template for all Solaris hosts. What I am
> wondering
> >> is why the module_template parameter (from smart var) doesn't appear in
> the
> >> yaml of the host in foreman.
> >>
> >
> > It's not immediately obvious, but smart-vars are still tied to classes -
> > does the host in question have the class containing the smart-var
> assigned?
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-user...@googlegroups.com .
> To post to this group, send email to forema...@googlegroups.com.
>
> Visit this group at http://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/groups/opt_out.
>
Sean,
There are OS parameters (regular parameters, not smart paramaters). I assume that you want to have multiple OS's within the Solaris family and you want to define them in one place rather than for each Solaris OS. Is this correct? How many OS's do you have in the Solaris family.
Joseph
···
----- Original Message -----
From: "Sean Alderman"
To: foreman-users@googlegroups.com
Sent: Thursday, October 17, 2013 8:29:14 PM
Subject: Re: [foreman-users] Can we set parameters for OS Families?
Technically yes, but the test case I picked was a class that’s declared
inside a wrapper. I guess I could make the wrapper parameterized huh?
I made a wrapper for this case, because I was struggling with getting
Foreman to allow me to declare facts in parameters at the host/hostgroup
level. E.g.
In the wrapper, I have:
class foo_wrapper {
siteserver = bar.example.com defined as param for a foreman hostgroup
class { foo:
allowed_hosts => [ ‘127.0.0.1’, $::ipaddress, $::siteserver ],
template => ‘site/foo/foo.cfg.erb’,
}
}
It seemed like Foreman wouldn’t allow me to declare foo_allowed_hosts =
127.0.0.1,$::ipaddress,$::siteserver as a parameter of the hostgroup. The
variables show up as literal strings in foo’s config file.
So in my Smart Class Param test, I went to class foo and setup the smart
param, but none of the hosts see it b/c Foreman doesn’t know they’re using
the class.
Going back to my original question though, In Example42’s automatic
firewalling scheme, a global param firewall = false, will disable automatic
firewalling for every module a host has, instead of having to say
openssh_firewall = false, ntp_firewall = false, apache_firewall = false,
etc. Currently, at each Solaris host, I disable it for all modules using
firewall = false. If a Smart Class Param is only availble inside a module,
I’d have to set it as such inside every class Puppet has. Can I make a
smart param at a global level?
On Thursday, October 17, 2013 12:38:41 PM UTC-4, Greg Sutcliffe wrote:
On 17 October 2013 16:43, Sean Alderman <salde...@udayton.edu<javascript:> > > wrote:
Cool, I didn’t think of that, as I’ve struggled with them in the past and
resorted to using wrapper classes in puppet that include define the
parameterized class and set it’s params how I want.
In another case - again using osfamily = Solaris as the matcher, I’m
trying to set a config template for all Solaris hosts. What I am wondering
is why the module_template parameter (from smart var) doesn’t appear in the
yaml of the host in foreman.
It’s not immediately obvious, but smart-vars are still tied to classes -
does the host in question have the class containing the smart-var assigned?
–
You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
Whilst Foreman requires them to be assigned with a class, they will show up
to Puppet as a global - so you're safe there. I usually have one or two
classes applied to all hosts (ntp and sudo leap to mind) which have
smart-vars I consider "global" in scope.
Maybe the history of the smart-var will help explain - before we had proper
class parameter support in Foreman, we added smart vars. These were global
parameters to Puppet (because we hadn't done the class param support yet),
but we attached them to a class. The idea was that you'd write say an
apache class that used $::port instead of $apache::port and take the value
from the global scope parameters provided by Foreman. It worked fairly
well, but was superceded by the proper class parameter support. I'd like to
see smart-vars decoupled from class entirely now, but no-one's had time to
look at it
···
On 17 October 2013 18:29, Sean Alderman wrote:
Going back to my original question though, In Example42’s automatic
firewalling scheme, a global param firewall = false, will disable automatic
firewalling for every module a host has, instead of having to say
openssh_firewall = false, ntp_firewall = false, apache_firewall = false,
etc. Currently, at each Solaris host, I disable it for all modules using
firewall = false. If a Smart Class Param is only availble inside a module,
I’d have to set it as such inside every class Puppet has. Can I make a
smart param at a global level?
