- HUP - schedules a daemon exit within a minute. Useful for upgrading it via puppet as doing
systemctl restartwould kill currently running puppet
---
mq_prefix: rv/
mq_address: tls://dc1-mq.non.3dart.com:8883
ca_certs: /etc/rodrev/certs/ca.pem
client_cert: /etc/rodrev/certs/daemon-client.pem
node_meta:
fqdn: d1-puppet1.example.com
certname: d1-puppet1.example.com
site: dc1
mq_group: dc1
project: dc1_puppet
accounting_project: dc1
## optional, will listen to UDP port and serve node info
hvm_info_server:
listen: 127.0.0.1:2121
## optional
ipset:
sets:
blocked-net:
type: host:net
key: lb::blocked_nets
rotate-interval: 1d
Query engine uses zygo. Basic syntax.
There is few added functions and global variables:
regexpfunction matches value against regexp:(regexp (-> node %fqdn) "^dev.*")matches any node whose fqdn matches^dev.*
factfunction returns fact value:(== (fact "virtual") "kvm")checks whether "virtual" fact matches "kvm"- request nested entries by just passing more parameters;
(== (fact "processors" "count") 4)returns value of the$processors["count"]fact
classreturns present classes, could be used like(== (class "systemd::common") true)
rv --out=csv puppet --filter '(== (class "systemd::common") true)' status- list puppet nodes containing that class
Serves hypervisor info on UDP. Designed so VMs can have that mapped via serial port to get their parent info
default fence method will sysrq the host (sync -> umount -> reboot).
Fence needs to be enabled on server with ACLs on which node is allowed to fence what.
Either set node_map to matrix of nodes, or set group
This is NOT for security (checks are weak, password not implemented yet), just to avoid accidents
---
fence:
enabled: true
# maps clients to nodes it is allowed to fence
node_map:
rf-client-node1-fence:
nodes:
- node1.example.com
- node2.example.com
password: asdg
# alternatively, define fence group with password,
# every node in the group will be allowed to fence eachother
group: sql
group_password: nasudjb