Puppet localconfig parser – 20100303
I've had some good feedback on my previous post about the puppet localconfig parser, have implemented the requested features so here's a new version.
First the ability to limit what resources are being printed:
# parselocalconfig.rb --limit package Classes included on this node: fqdn common::linux Resources managed by puppet on this node: package{redhat-lsb: } defined in common/modules/puppet/manifests/init.pp:15
You should only see package resources. You can also disable the classes list using --no-classes and on 0.25.x disable the tags list with --no-tags.
I've improved the detection of where to find the yaml file for 0.25 nodes and added an option --config if your config file is not in the usual place.
You can get the latest version here.
What does Puppet manage on a node?
Last year I wrote a tool to parse the localconfig.yaml from Puppet 0.24 and display a list of resources and classes. This script failed when 0.25 came out, I've updated it for 0.25 support.
The yaml cache has some added features in 0.25 so now I can also show the list of tags on a node, output would be:
# parselocalconfig.rb /var/lib/puppet/client_yaml/catalog/fqdn.yaml Classes included on this node: fqdn common::linux <snip> Tags for this node: fqdn common::linux <snip> Resources managed by puppet on this node: yumrepo{centos-base: } defined in common/modules/yum/manifests/init.pp:24 file{/root/.ssh: } defined in common/modules/users/manifests/root.pp:20 <snip>
You can get the script that supports both 0.24 and 0.25 here.
Custom deployer using MCollective
One of the goals of building the SimpleRPC framework and the overall speed of MCollective is to create interactive tools to manage your infrastructure in a way that it all just seems like a single point of entry with one machine. I've blogged a bit about this before with how I manage Exim clusters.
I've recently built a deployer for a client that does some very specific things with their FastCGI, packages and monitoring in a way that is safe for developers to use. I've made a sanitized demo of it that you can see below. It's sanitized in that the hostnames are replaced with hashes and some monitoring details removed but you'll get the idea.
As usual it's best to just look at the video on youtube in it's HD mode.
Few Rubyisms
While looking at some bits of other peoples Ruby code I came across a few shortcuts and interesting structures worth mentioning.
Exception handling shortcut
First up a shortcut to catch exceptions thrown by a method:
def say_foo puts "foo" if doit rescue Exception puts "#fail" end
So since we didn't define doit this will raise an exception, which will be handled. Nice shortcut to avoid an extra inner begin / rescue block.
sprintf equivelant
Ruby supports sprintf style string building in a handy little shortcut:
puts "%2.6f\n%d" % [1, 1]
This produces:
$ ruby test.rb 1.000000 1
Get a value from a hash with default for non existing
This is really nice, I've written way too many constructs like this:
foo.include?(:bar) ? bar = foo[:bar] : bar = "unknown"
One option that I was told about was this:
bar = foo[:bar] || "unknown"
But that does not work if you had false in the hash, or maybe even nil.
Turns out there's an awesome shortcut for this:
bar = foo.fetch(:bar, "unknown")
Reloading a class
Sometimes you want to reload a class you previously loaded with require. I have the need in my plugin manager for mcollective. There's a simple fix by simply using Kernel#load to load the .rb file, each time you load it the file will be reloaded from disk.
irb(main):001:0> load "test.rb" => true irb(main):002:0> Foo.doit foo irb(main):003:0* load "test.rb" => true irb(main):004:0> Foo.doit foo foo
In between lines 2 and 3 I edited the file test.rb and just reloaded it, the changes on disk reflected in the current session. The main difference is that you need to supply the full file name and not just test like you would with require.
Adding methods to a ruby class
I'm just blogging this because it took me ages to figure out, it seems so simple now but I guess that's how it usually goes.
The problem I have is I want a plugin to be able to either make a method using the normal Ruby def foo or via some DSL'ish helpers.
class Foo<Base register_action(:name => "do_something", :description => "foo") def do_something_action end register_action(:name => "do_something_else", :description => "foo") do # body of the action here end end
The above code should make me two methods - do_something_action and do_something_else_action - they should be identical to viewers from the outside. Here's the base class that makes this happen correctly:
class Base def self.register_input(input, &block) name = input[:name] self.module_eval { define_method("#{name}_action", &block) } if block_given? end end
It's pretty simple, we're just using define_method in the scope of the module and that does the rest.
MCollective Agent Introspection
With the new SimpleRPC system in MCollective we have a simple interface to creating agents. The way to call an agent would be:
$ mc-rpc service status service=httpd
This is all fine and well and easy enough, however it requires you to know a lot. You need to know there's a status action and you need to know it expects a service argument, not great.
I'm busy adding the ability for an agent to register its metadata and interface so that 3rd party tools can dynamically generate useful interfaces.
A sample registration for service agent is:
register_meta(:name => "SimpleRPC Service Agent", :description => "Agent to manage services using the Puppet service provider", :author => "R.I.Pienaar", :license => "GPLv2", :version => 1.1, :url => "http://mcollective-plugins.googlecode.com/", :timeout => 60) ["start", "stop", "restart", "status"].each do |action| register_input(:action => action, :name => "service", :prompt => "Service Name", :description => "The service to #{action}", :type => :string, :validation => '^[a-zA-Z\-_\d]+$', :maxlength => 30):
This includes all the meta data, versions, timeouts, validation of inputs, prompts and help text for every input argument.
Using this we can now generate dynamic UI's, and do something like JavaDoc generated documentation. I've recorded a little video demonstrating a proof of concept Text UI that uses this data to generate a UI dynamically. This is ripe for integration into tools like Foreman and Puppet Dashboard.
Please watch the video here, best viewed full screen.
MCollective 0.4.3 Auditing
I just released version 0.4.3 of mcollective which brings a new auditing capability to SimpleRPC. Using the auditing system you can log to a file on each host every request or build a centralized auditing system for all requests on all nodes.
We ship a simple plugin that logs to the local harddrive but there is also a community plugin that creates a centralized logging system running over MCollective as a transport.
This is the kind of log the centralized logger will produce:
01/24/10 18:24:20 dev1.my.net> d53a8306f20e9b3a0f7946adccd6eb5e: 01/24/10 18:24:20 caller=uid=500@ids1.my.net agent=iptables action=block 01/24/10 18:24:20 dev1.my.net> d53a8306f20e9b3a0f7946adccd6eb5e: {:ipaddr=>"114.255.136.120"} 01/24/10 18:24:20 dev2.my.net> d53a8306f20e9b3a0f7946adccd6eb5e: 01/24/10 18:24:20 caller=uid=500@ids1.my.net agent=iptables action=block 01/24/10 18:24:20 dev2.my.net> d53a8306f20e9b3a0f7946adccd6eb5e: {:ipaddr=>"114.255.136.120"} 01/24/10 18:24:20 dev3.my.net> d53a8306f20e9b3a0f7946adccd6eb5e: 01/24/10 18:24:20 caller=uid=500@ids1.my.net agent=iptables action=block 01/24/10 18:24:20 dev3.my.net> d53a8306f20e9b3a0f7946adccd6eb5e: {:ipaddr=>"114.255.136.120"}
Here we see 3 nodes that got a request to add 114.255.136.120 to their local firewall. The request was sent by UID 500 on the machine ids1.my.net. The request is of course the same everywhere so the request id is the same on every node, the log shows agent and all parameters passed.
Better way to query facts
Facter has some annoying bug where it won't always print all facts when called like facter fact, ones that require dynamic lookups etc just won't print.
This is a long standing bug that doesn't seem to get any love, so I hacked up a little wrapper that works better.
#!/usr/bin/ruby require 'facter' require 'puppet' Puppet.parse_config unless $LOAD_PATH.include?(Puppet[:libdir]) $LOAD_PATH << Puppet[:libdir] end facts = Facter.to_hash if ARGV.size > 0 ARGV.each do |f| puts "#{f} => #{facts[f]}" if facts.include?(f) end else facts.each_pair do |k,v| puts("#{k} => #{v}") end end
It behaves by default as if you ran facter -p but you can supply as many fact names as you want on the command line to print just the ones requested.
$ fctr uptime puppetversion processorcount uptime => 8 days puppetversion => 0.25.2 processorcount => 1
MCollective 0.4.2 released
Just a quick blog post for those who follow me here to get notified about new releases of MCollective. I just released version 0.4.2 which brings in big improvements for Debian packages, some tweaks to command line and a bug fix in SimpleRPC.
Read all about it at the Release Notes
MCollective Simple RPC
MCollective is a framework for writing RPC style tools that talk to a cloud of servers, till now doing that has been surprisingly hard for non ruby coders. The reason for this is that I was focussing on getting the framework built and feeling my way around the use cases.
I've now spent 2 days working on simplifying actually writing agents and consumers. This code is not released yet - just in SVN trunk - but here's a taster.
First writing an agent should be simple, here's a simple 'echo' server that takes a message as input and returns it back.
class Rpctest<RPC::Agent # Basic echo server def echo_action(request, reply) raise MissingRPCData, "please supply a :msg" unless request.include?(:msg) reply.data = request[:msg] end end
This creates an echo action, does a quick check that a message was received and sends it back. I want to create a few more validators so you can check easily if the data passed to you is sane and secure if you're doing anything like system() calls with it.
Here's the client code that calls the echo server 4 times:
#!/usr/bin/ruby require 'mcollective' include MCollective::RPC rpctest = rpcclient("rpctest") puts "Normal echo output, non verbose, shouldn't produce any output:" printrpc rpctest.echo(:msg => "hello world") puts "Flattened echo output, think combined 'mailq' usecase:" printrpc rpctest.echo(:msg => "hello world"), :flatten => true puts "Forced verbose output, if you always want to see every result" printrpc rpctest.echo(:msg => "hello world"), :verbose => true puts "Did not specify needed input:" printrpc rpctest.echo
This client supports full discovery and all the usual stuff, has pretty --help output and everything else you'd expect in the clients I've supplied with the core mcollective. It caches discovery results so above code will do one discovery only and reuse it for the other calls to the collective.
When running you'll see a twirling status indicator, something like:
- [5 / 10]
This will give you a nice non scrolling indicator of progress and should work well for 100s of machines without spamming you with noise, at the end of the run you'll get the output.
The printrpc helper function tries its best to print output for you in a way that makes sense on large amounts of machines.
- By default it doesn't print stuff that succeeds, you do get a overall progress indicator though
- If anything does go wrong, useful information gets printed but only for hosts that had problems
- If you ran the client with --verbose, or forced it to verbose mode output you'll get a full bit of info of the result from every server.
- It supports flags to modify the output, you can flatten the output so hostnames etc aren't showed, just a concat of the data.
The script above gives the following output when run in non-verbose mode:
$ rpctest.rb --with-class /devel/ Normal echo output, non verbose, shouldn't produce any output: Forced verbose output, if you always want to see every result: dev1.your.com : OK "hello world" dev2.your.com : OK "hello world" dev3.your.com : OK "hello world" Flattened echo output, think combined 'mailq' usecase: hello world hello world hello world Did not specify needed input: dev1.your.com : please supply a :msg dev2.your.com : please supply a :msg dev3.your.com : please supply a :msg
Still some work to do, specifically stats needs a rethink in a scenario where you are making many calls such as in this script.
This will be in mcollective version 0.4 hopefully out early January 2010
Links
- @ripienaar
- Flashpolicyd
- Flickr
- London DevOps Group
- MCollective Plugins
- R.I.Pienaar
- Ruby PDNS
- The Marionette Collective
- Wiki
Tweets
- Sent a bug report about broken ruby stomp gem in 1.1.4, hopefully this mail does not fall on deaf ears like previous ones :( #activemq
- Damn you apple for inviting me to reserve an iPad when I do not live in the states and so cannot.
- Blog Post: New release of my Puppet Concat tool with 0.24.8+ support http://bit.ly/aA9RYh #puppet
- French village went insane after CIA spiked its bread with LSD http://bit.ly/9r2307
- It's ironic how you cannot send email with google charts api images to gmail users and expect it to work. way to go.
- Google charting API really is very sexy
- High Scalability: Saying Yes to NoSQL; Going Steady with Cassandra at Digg http://bit.ly/9Kli5f
- Caffiene infused. 2am to bed day before delivering the last talk of the day is not recommended
- Once again discovering that something as simple as correct MX and NS records is a very effective CAPTCHA to weed out idiot hosting companies
- I love the E4 ipad ripoff ad http://srt.ly/epad
Reading
Planned books:
- The Science of Fear: How the Culture of Fear Manipulates Your Brain by Daniel Gardner
- Relentless by Dean Koontz
- Mind Over Ship by David Marusek
- The New Space Opera by Gardner Dozois
- The New Space Opera 2 by Gardner Dozois, Jonathan Strahan
Current books:
-
Ariel: A Book of the Change by Steven R. Boyett
Recent books:
- Hacking Vim: A Cookbook to Get the Most Out of the Latest Vim Editor by Kim Schulz
- Beautiful Architecture: Leading Thinkers Reveal the Hidden Beauty in Software Design by Diomidis Spinellis , Georgios Gousios
Categories
Archives
Licence
