Puppet: Exported Resources

As of today we're using Exported Resources to let our Munin and Bacula servers know about their clients.

It's really easy to set up. Enable stored configuration on the puppetmaster, create a resource the client exports and a place to collect them in the server config.

Looks like this for the client node config:
  @@file { "/var/local/puppet/munin-nodes/$fqdn":
 content => "[$fqdn]\n other munin stuff here",
tag => "munin",
And for the server node:
  File <<| tag == 'munin' |>>

So, what does this do, really?
  • when puppet runs on the client node:
    • encounter the @@file resource
    • save the encounter as well as the parameters to the storedconfigs db on the puppetmaster (in our case PostgreSQL of course).
    • that's it for the client node
  • when puppet runs on the server node:
    • encounter the File <<||>> directive
    • query all the stored @@file encounters from the storedconfigs db
    • only those matching the specified tag will be used
    • realize all the matching files onto the server node
    • => lots of files in /var/local/puppet/munin-node/
Easy, huh.

Note though, that the client node does not send a fully realized template back to puppetmaster, but will send the encounter of the @@file resource and the available $variables etc.
Also note that updates to the @@file resource will only become visible on the server node, after both the client node and the server node had a puppet run. (The exporting client node run must come before the server node run.)

Setup notes for puppetmaster on Debian etch:
  • You probably already run puppet and puppetmaster from backports.debian.org.
  • That version requires the rails package from testing. It's not in bpo, so either fetch it from testing and directly install it or rebuild it yourself on etch (needs 2 or 3 other packages as well, _if_ you rebuild it). Rebuilding was painless though.
One more thing: if you want to manage the munin server, you'll have to use something like concatenated_file [from git.black.co.at] to generate munin.conf (as munin can't include a directory into it's configuration).