In an earlier post, I asked a number of questions, most of which are now answered. Here's a recap:

I wrote

I stumbled across some CF Engine-style definitions for puppet in a Debian Administration article (taken originally from puppet's own wiki, which have since been moved/deleted)

Perhaps it was removed with good reason ☺ This is a fairly horrid solution to the problem. Phil was the first to suggest investigating Augeas, a neat tool that abstracts away the nasty specifics of parsing the myriad configuration file formats and provides a unified, tree-like interface for adjusting configurations. The interface reminds me of manipulating XML via the DOM. More on Augeas in a later blog post…

I also wrote

package { [foo,bar]: …} syntax worked fine, but is a little verbose and the package list is awkward to maintain buried inside the puppet syntax. I spent some time trying to see whether I could populate a puppet list based on the contents of a file: then I could list the packages one-per-line in a separate file. I haven't found a way of doing that yet.

I haven't found a more concise way of solving this problem, but as I have grown more familiar with puppet's syntax I have become less bothered by it. Iñigo suggested pre-processing the puppet configuration, but I'd rather not complicate my provisioning approach (VCS hooks) by attempting that.

Finally I wrote

Using my laptop as a second node also exposed some interesting puppet client behaviour. Once I went off-site, the laptop tried to look up puppet on foreign networks (such as my home network). I would have assumed that, once the strong SSL association had been made, the client would try to connect to the FQDN of the server. This probably isn't a serious problem in practice, as we probably won't need to rely on nodes off-site talking to the configuration server, but I hope that the client doesn't trust any host that happens to answer to puppet...

I'm pleased to report that the client is at least this clever: it refused to talk to a local puppetmaster that I setup at home.


Comments