[et-mgmt-tools] "Snippet Groups"

Michael DeHaan mdehaan at redhat.com
Wed Apr 9 16:08:05 UTC 2008 

>
> etc.
>
> Even better, if my sniptits take parameters, usually the "lock down 
> and configuration" difference are only 644 vs 640 perms or what my 
> password complexity requirments are for pam login or what the defualt 
> file upload size for apache should be, etc. These "actions" aren't 
> different - just what we put for the params of the action.

Minor correction --- Snippets can already take parameters.    The built 
in cobbler variables are already passed to them.  In addition, others 
can also be passed along IIRC -- the cheetah syntax for this is "#set 
global foo" in the master template (see http://cheetahtemplate.org/) and 
then variables set there can be passed to templates.

>
>
> Although it looks like from the other thread that this is going the 
> directory way, again, is this a mistake given that I don't really want 
> do some things until the end and some right at the beginning or I 
> really do want x to follow y to follow z. If we do it all by directory 
> I would have to name all my snipits 1_... 2_... which would really 
> make things not so elegant.

I'm not sure that directory system was proposed.  What /was/ proposed 
was a way to be able to indicate templates for systems in a way that 
they could be overriden.

So, if you had a snippet named "driveconfig", it would first look for:
/var/lib/cobbler/snippets/driveconfig/system/$system_name if it exists

And would use that snippet if it existed, if not, failing back to:
/var/lib/cobbler/snippets/driveconfig/profile/$profile_name if it exists

And using it unless it didn't exist and failing back to:
/var/lib/cobbler/snippets/driveconfig

This would allow using the same "webserver" template for 500 servers, 
and still allowing for the 1 server that for some reason required a 
special exemption to get the configuration it needed, without having to 
create a new profile for "webserver-this-one-is-special".

>
> snipit_groups/group1
>
> set_bootloader_password
> set_password_retries
> set_passwd_min_uppper
> set_passwd_min_lower
> set_motd
> setup_aide
> setup_logrotate
>
> This way I can call either a set of actions or a single one in the 
> cobbler kickstart template.
>
> ==== Kickstart Template ====
>
> SNIPIT::_GROUP_
> SNIPIT::small_thing
> SNIPIT::smaller_thing
>
>
> Another thing I find useful in this type of setup is that I can also 
> make a mapping file :
>
> REG1:set_passwd_retries,set_passwd_min_upper,set_passwd_min_lower
> REG2:setup_aide
> REG3:set_motd
>

This is getting into config management territory.    Have you looked at 
running a config management tool locally in post to execute some sort of 
policy?  Or are there reasons for not doing this?  I know there are ways 
to execute puppet without requiring a server, and it is probably easier 
to express those sort of requirements there as opposed to in Anaconda 
scripts with bash/sed/awk. 

--Michael

More information about the et-mgmt-tools mailing list