[et-mgmt-tools] "Snippet Groups"
Michael DeHaan
mdehaan at redhat.com
Wed Apr 9 16:08:05 UTC 2008
>
> etc.
>
> Even better, if my sniptits take parameters, usually the "lock down
> and configuration" difference are only 644 vs 640 perms or what my
> password complexity requirments are for pam login or what the defualt
> file upload size for apache should be, etc. These "actions" aren't
> different - just what we put for the params of the action.
Minor correction --- Snippets can already take parameters. The built
in cobbler variables are already passed to them. In addition, others
can also be passed along IIRC -- the cheetah syntax for this is "#set
global foo" in the master template (see http://cheetahtemplate.org/) and
then variables set there can be passed to templates.
>
>
> Although it looks like from the other thread that this is going the
> directory way, again, is this a mistake given that I don't really want
> do some things until the end and some right at the beginning or I
> really do want x to follow y to follow z. If we do it all by directory
> I would have to name all my snipits 1_... 2_... which would really
> make things not so elegant.
I'm not sure that directory system was proposed. What /was/ proposed
was a way to be able to indicate templates for systems in a way that
they could be overriden.
So, if you had a snippet named "driveconfig", it would first look for:
/var/lib/cobbler/snippets/driveconfig/system/$system_name if it exists
And would use that snippet if it existed, if not, failing back to:
/var/lib/cobbler/snippets/driveconfig/profile/$profile_name if it exists
And using it unless it didn't exist and failing back to:
/var/lib/cobbler/snippets/driveconfig
This would allow using the same "webserver" template for 500 servers,
and still allowing for the 1 server that for some reason required a
special exemption to get the configuration it needed, without having to
create a new profile for "webserver-this-one-is-special".
>
> snipit_groups/group1
>
> set_bootloader_password
> set_password_retries
> set_passwd_min_uppper
> set_passwd_min_lower
> set_motd
> setup_aide
> setup_logrotate
>
> This way I can call either a set of actions or a single one in the
> cobbler kickstart template.
>
> ==== Kickstart Template ====
>
> SNIPIT::_GROUP_
> SNIPIT::small_thing
> SNIPIT::smaller_thing
>
>
> Another thing I find useful in this type of setup is that I can also
> make a mapping file :
>
> REG1:set_passwd_retries,set_passwd_min_upper,set_passwd_min_lower
> REG2:setup_aide
> REG3:set_motd
>
This is getting into config management territory. Have you looked at
running a config management tool locally in post to execute some sort of
policy? Or are there reasons for not doing this? I know there are ways
to execute puppet without requiring a server, and it is probably easier
to express those sort of requirements there as opposed to in Anaconda
scripts with bash/sed/awk.
--Michael
More information about the et-mgmt-tools
mailing list