Using cdist to configure non-SSH/non-shell targets #118
Labels
No Label
bugfix
cleanup
discussion
documentation
doing
done
feature
improvement
packaging
Stale
testing
TODO
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: ungleich-public/cdist#118
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Created by: adam-dej
I want to use cdist to configure targets without SSH connectivity (or without usable shell), that
can be configured using a locally-run utility (for example SNMP-enabled network gear/printers,
Google Cloud Platform projects or Kubernetes clusters).
Why do I want to use
cdist
for this? I want to combine configuration of non-ssh-enabled deviceswith configuration of my servers without launching multiple different configuration tools. For
example, I want to have a type which creates SMB shares on a server, and configures relevant
multi-function printers (over SNMP) to use them as scanning targets. Or I want to write a type
__server_link
which configures VLANs and link aggregation on a server and on an SNMP switch,depending on the
$__target_host
. Arguments of that type are a single source of truth for bothmachines (and for my documentation, since I generate it from my manifests).
Currently possible ways to do it? One option is to use a "config gateway" machine (VM, container or
even localhost), but that adds the necessity to maintain one more thing and introduces one more
point of failure. The other option is to use
gencode-local
, but then I can't run explorers locallyand have to always generate code. My current workaround is to use
gencode-local
, HOST is IP of theSNMP device I want to configure, and I prevent cdist from attempting to connect over SSH with args
--remote-exec true
and--remote-copy true
. Downsides are no explorers, and the fact that it isan ugly hack.
I'm willing to implement this feature and submit a PR, but first I would like to know whether you
even want such feature in cdist, and if so, in what way should it be implemented.
My initial proposal consists of two parts:
explorer-local
in types. Same thing asexplorer
, just executed locally.connection is attempted and execution of all global explorers and type explorers will be skipped.
Moreover, if any remote code is generated, the configuration should fail (manifests/types that
expect to be executed against "nonshell" targets will know not to generate any remote code, so
if some code was generated the config is not intended to be used with "nonshell" targets,
and unexpected things may happen). In addition to existing
__target_*
variables, a newvariable,
__target_without_shell
would be set when configuring a "nonshell" target.I'm not really sure what would be the best way to mark a target as "nonshell". One possibility would
be to use the built-in inventory, and define a special tag
.nonshell
. Special tags are bad, andsomebody may want to use an external inventory. Another possibility is to use a non-standard URI
scheme
nonshell://host
(ssh-enabled hosts are either without scheme or withssh://[user@]hostname
, both accepted by ssh(1)). But thencdist
would have to parse URIs andremove schemes, not just pass them through.
What are your thoughts on this feature or on the proposed way of implementing it?
closed
Created by: darko-poljak
@adam-dej
You can do it better. remote-exec and remote-copy can be paths to your exec and copy scripts.
And in those shell scripts you can do the desired behavior.
In cdist-ng transports are actually shell scripts. see https://github.com/asteven/cdist-ng/tree/master/conf/transport and for chroot example see https://github.com/asteven/cdist-ng/blob/master/conf/transport/chroot/exec and https://github.com/asteven/cdist-ng/blob/master/conf/transport/chroot/copy. Following the same principle you can write scripts for your needs.
Created by: darko-poljak
@adam-dej Are you starting to port this to cdist?
Created by: telmich
I like @asteven 's URL based way. Porting it to cdist from cdist-ng is a good idea.
Created by: lubo
@darko-poljak @telmich Your thoughts would be highly appreciated.
Created by: asteven
While experimenting with cdist-ng I implemented target host as always being a URI. Then used the scheme in the URI to select the apropriate transport.
This allowed me to do things like:
Guess what I want to say is: I like the idea of using URI's for this kind of stuff.
Not sure if I would call it 'noshell', but that depends on how generic you can make it.
I believe @telmich mentioned he would also like this feature, e.g. to configure his switches, so will let him comment.