[nycbug-talk] jails: puppet vs. cfengine

Edward Capriolo edlinuxguru at gmail.com
Wed Sep 8 10:04:17 EDT 2010 

On Wed, Sep 8, 2010 at 3:36 AM, Charles Sprickman <spork at bway.net> wrote:
> Hi all,
>
> Not much more to it than that...  I've had a cursory look at both and the
> really huge thing for me is having the ability for a config engine to
> understand jails.
>
> If I weren't using jails, I could keep getting by without any
> configuration manager.  But with jails I'm now looking at upwards of 30
> "hosts" and growing, which is not easy to manage.  One of our biggest
> reasons for throwing stuff in jails is portability.  We have an odd
> mixture of hardware, varying amounts of work per jail, and a need to be
> able to shuffle jails from host to host should we either have a hardware
> failure or capacity issues that demand a move of a jail to beefier
> hardware.
>
> If either puppet or cfengine can both understand jails and be able to tie
> a jail and some host config options together (ie: an alias on an interface
> on the host is "connected" to a particular jail), I will be all over that.
>
> Any general jail/config management info more than welcome as well...
>
> Thanks,
>
> Charles
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

Interesting topic. To be clear, you do not want to run puppet/cfengine
inside the jail? That is probably the preferred way.

I have quick define that lets me create vserver jails with puppet.

define make_vserver($vname, $hostname, $ip, $distro) {
  exec { "/usr/sbin/vserver $vname build -m template --hostname
$hostname --interface eth0:$ip/24  -- -d $distro -t
/vservers/Cent5-x86-vs.tar.gz":
    unless => "/usr/bin/test -d /vservers/$vname",
  }
}

Usage looks like this:
make_vserver { cas2: vname => "cas2", hostname => "cas2.mydomain.com"
, ip => "10.10.12.2", distro => "centos5" }


For puppet you could make modules like File or package and add jail
based information:

  service { "cassandra":
    enable => true,
    ensure => running,
    require =>  File["/etc/init.d/cassandra"]
  }

Becomes something like:

  jail_service { "cassandra":
    jail => "serverhostnamehere"
    enable => true,
    ensure => running,
    require =>  File["/etc/init.d/cassandra"]
  }

Maybe a better solution then this exists out there, but I think
building modules like the jail_service I described would not be very
difficult.

More information about the talk mailing list