主页 / user-118374

Adam Ryczkowski's questions

Martin Hope
Adam Ryczkowski
Asked: 2015-03-07 13:17:36 +0800 CST
  • 1

假设我想hostB为每个 puppet 节点创建一个不同的文件,但所有者只有hostB.

理论上可以做到,如果我们允许hostB编写一个自定义事实 ( my_special_owner),然后通过定义query_facts中的函数读取该事实。但这似乎太脏了:它用无意义的东西污染了事实命名空间,可能导致名称冲突。对于这样一个简单的事情,它也需要大量的编码。my_resourcehostA

这是我想到的模型:

define my_resource() {
  $owner=${my_collector::owner} #This attempt fails
  file{$name: ensure=>exists, owner=>$owner}
}

node hostA {
  @@my_resource{"/tmp/file1.tmp"}
}


class my_collector($owner) {
  # How to pass $owner to the collector below?
  My_resource <<| |>> 
}

node hostB {
  class {'my_collector': owner=>bob}
}
puppet
Martin Hope
Adam Ryczkowski
Asked: 2014-12-18 02:11:30 +0800 CST
  • 2

背景:

我正在升级我们的lxcpuppet 模块以支持新兴的非特权 LXC 技术。

除非容器存在的以下测试成功,否则将执行创建容器的代码lxc-info -n ${lxcname} >/dev/null:如果以 root 身份执行,则lxc-info检查根容器中的名称。如果由普通用户调用,它会检查为该特定用户存储的非特权容器列表。

我想创建一个资源(代码尚未测试):

#Creation of the container ${name}
  exec { "lxc-create of ${hostname}":
    command => "lxc-create -t download -n ${name} -- -d ubuntu -r ${release} -a amd64",
    user    => $user,
    group   => $group,
    timeout => 0,
    unless  => "lxc-info -n ${name}" #Should be executed as user ${user}, not root!
  }

如果我将最后一个参数更改为,我可以解决这个问题

unless  => "su -l ${user} -c 'lxc-info -n ${name}'"

但它看起来并不优雅。puppet 中是否有任何内置解决方案可以像其他用户一样进行检查?

puppet
Martin Hope
Adam Ryczkowski
Asked: 2014-06-18 03:10:03 +0800 CST
  • 1

我刚刚使用以下配置设置了 OpenVPN 服务器:

daemon
server-bridge
push "route 0.0.0.0 255.255.255.255 net_gateway"
proto udp
port 1194
dev tap21
comp-lzo adaptive
keepalive 15 60
verb 3
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
client-cert-not-required
username-as-common-name
duplicate-cn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status

当我与客户端连接到它时:

client
dev tap
proto udp
remote <remote IP> 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
resolv-retry infinite
nobind

连接后,当我ping 192.168.3.12访问内部网络时,延迟非常不稳定,如下所示:

64 bytes from 192.168.3.12: icmp_seq=239 ttl=64 time=730 ms
64 bytes from 192.168.3.12: icmp_seq=240 ttl=64 time=950 ms
64 bytes from 192.168.3.12: icmp_seq=241 ttl=64 time=290 ms
64 bytes from 192.168.3.12: icmp_seq=242 ttl=64 time=236 ms
64 bytes from 192.168.3.12: icmp_seq=243 ttl=64 time=239 ms
64 bytes from 192.168.3.12: icmp_seq=244 ttl=64 time=41.1 ms
64 bytes from 192.168.3.12: icmp_seq=245 ttl=64 time=1585 ms
64 bytes from 192.168.3.12: icmp_seq=246 ttl=64 time=1804 ms
64 bytes from 192.168.3.12: icmp_seq=247 ttl=64 time=1087 ms
64 bytes from 192.168.3.12: icmp_seq=248 ttl=64 time=483 ms
64 bytes from 192.168.3.12: icmp_seq=249 ttl=64 time=864 ms
64 bytes from 192.168.3.12: icmp_seq=250 ttl=64 time=1614 ms
64 bytes from 192.168.3.12: icmp_seq=251 ttl=64 time=1173 ms
64 bytes from 192.168.3.12: icmp_seq=252 ttl=64 time=837 ms
64 bytes from 192.168.3.12: icmp_seq=253 ttl=64 time=834 ms
64 bytes from 192.168.3.12: icmp_seq=254 ttl=64 time=516 ms
64 bytes from 192.168.3.12: icmp_seq=255 ttl=64 time=235 ms
64 bytes from 192.168.3.12: icmp_seq=256 ttl=64 time=94.1 ms
64 bytes from 192.168.3.12: icmp_seq=257 ttl=64 time=573 ms
64 bytes from 192.168.3.12: icmp_seq=258 ttl=64 time=619 ms
64 bytes from 192.168.3.12: icmp_seq=259 ttl=64 time=842 ms
64 bytes from 192.168.3.12: icmp_seq=260 ttl=64 time=943 ms
64 bytes from 192.168.3.12: icmp_seq=261 ttl=64 time=1144 ms
64 bytes from 192.168.3.12: icmp_seq=262 ttl=64 time=711 ms
64 bytes from 192.168.3.12: icmp_seq=263 ttl=64 time=450 ms
64 bytes from 192.168.3.12: icmp_seq=264 ttl=64 time=182 ms
64 bytes from 192.168.3.12: icmp_seq=265 ttl=64 time=314 ms
64 bytes from 192.168.3.12: icmp_seq=266 ttl=64 time=125 ms
64 bytes from 192.168.3.12: icmp_seq=267 ttl=64 time=1519 ms
64 bytes from 192.168.3.12: icmp_seq=268 ttl=64 time=899 ms
64 bytes from 192.168.3.12: icmp_seq=269 ttl=64 time=818 ms
64 bytes from 192.168.3.12: icmp_seq=270 ttl=64 time=991 ms
64 bytes from 192.168.3.12: icmp_seq=271 ttl=64 time=811 ms
64 bytes from 192.168.3.12: icmp_seq=272 ttl=64 time=1082 ms
64 bytes from 192.168.3.12: icmp_seq=273 ttl=64 time=647 ms
64 bytes from 192.168.3.12: icmp_seq=274 ttl=64 time=204 ms
64 bytes from 192.168.3.12: icmp_seq=275 ttl=64 time=361 ms
64 bytes from 192.168.3.12: icmp_seq=276 ttl=64 time=193 ms
64 bytes from 192.168.3.12: icmp_seq=277 ttl=64 time=93.8 ms
64 bytes from 192.168.3.12: icmp_seq=278 ttl=64 time=682 ms
64 bytes from 192.168.3.12: icmp_seq=279 ttl=64 time=1089 ms
64 bytes from 192.168.3.12: icmp_seq=280 ttl=64 time=1212 ms
64 bytes from 192.168.3.12: icmp_seq=281 ttl=64 time=807 ms
64 bytes from 192.168.3.12: icmp_seq=282 ttl=64 time=1191 ms
64 bytes from 192.168.3.12: icmp_seq=284 ttl=64 time=143 ms
64 bytes from 192.168.3.12: icmp_seq=283 ttl=64 time=1523 ms
64 bytes from 192.168.3.12: icmp_seq=285 ttl=64 time=283 ms
64 bytes from 192.168.3.12: icmp_seq=286 ttl=64 time=342 ms
64 bytes from 192.168.3.12: icmp_seq=287 ttl=64 time=1501 ms
64 bytes from 192.168.3.12: icmp_seq=288 ttl=64 time=1181 ms
64 bytes from 192.168.3.12: icmp_seq=289 ttl=64 time=1234 ms
64 bytes from 192.168.3.12: icmp_seq=290 ttl=64 time=940 ms
64 bytes from 192.168.3.12: icmp_seq=291 ttl=64 time=1172 ms
64 bytes from 192.168.3.12: icmp_seq=292 ttl=64 time=1378 ms
64 bytes from 192.168.3.12: icmp_seq=294 ttl=64 time=308 ms
64 bytes from 192.168.3.12: icmp_seq=295 ttl=64 time=456 ms
64 bytes from 192.168.3.12: icmp_seq=293 ttl=64 time=2710 ms
64 bytes from 192.168.3.12: icmp_seq=296 ttl=64 time=1398 ms
64 bytes from 192.168.3.12: icmp_seq=297 ttl=64 time=571 ms
64 bytes from 192.168.3.12: icmp_seq=298 ttl=64 time=864 ms
64 bytes from 192.168.3.12: icmp_seq=299 ttl=64 time=601 ms
64 bytes from 192.168.3.12: icmp_seq=300 ttl=64 time=1515 ms
64 bytes from 192.168.3.12: icmp_seq=301 ttl=64 time=1181 ms
64 bytes from 192.168.3.12: icmp_seq=302 ttl=64 time=1451 ms
64 bytes from 192.168.3.12: icmp_seq=304 ttl=64 time=268 ms
64 bytes from 192.168.3.12: icmp_seq=305 ttl=64 time=479 ms
64 bytes from 192.168.3.12: icmp_seq=306 ttl=64 time=229 ms
64 bytes from 192.168.3.12: icmp_seq=307 ttl=64 time=10.0 ms
64 bytes from 192.168.3.12: icmp_seq=308 ttl=64 time=355 ms
64 bytes from 192.168.3.12: icmp_seq=309 ttl=64 time=175 ms
64 bytes from 192.168.3.12: icmp_seq=310 ttl=64 time=214 ms
64 bytes from 192.168.3.12: icmp_seq=311 ttl=64 time=53.4 ms
64 bytes from 192.168.3.12: icmp_seq=312 ttl=64 time=748 ms
64 bytes from 192.168.3.12: icmp_seq=313 ttl=64 time=2025 ms
64 bytes from 192.168.3.12: icmp_seq=314 ttl=64 time=1581 ms
64 bytes from 192.168.3.12: icmp_seq=315 ttl=64 time=1668 ms
64 bytes from 192.168.3.12: icmp_seq=316 ttl=64 time=1143 ms
64 bytes from 192.168.3.12: icmp_seq=317 ttl=64 time=723 ms
64 bytes from 192.168.3.12: icmp_seq=318 ttl=64 time=673 ms
64 bytes from 192.168.3.12: icmp_seq=319 ttl=64 time=932 ms
64 bytes from 192.168.3.12: icmp_seq=320 ttl=64 time=1152 ms
64 bytes from 192.168.3.12: icmp_seq=321 ttl=64 time=1355 ms
64 bytes from 192.168.3.12: icmp_seq=322 ttl=64 time=1025 ms
64 bytes from 192.168.3.12: icmp_seq=323 ttl=64 time=993 ms
64 bytes from 192.168.3.12: icmp_seq=324 ttl=64 time=69.7 ms
64 bytes from 192.168.3.12: icmp_seq=325 ttl=64 time=73.8 ms
64 bytes from 192.168.3.12: icmp_seq=326 ttl=64 time=1140 ms
64 bytes from 192.168.3.12: icmp_seq=327 ttl=64 time=595 ms

我在延迟 40 毫秒的链路上 ping 超过 500 毫秒。我是否错过了设置中的重要内容,还是 OpenVPN 的自然限制?

在两台机器上,我都在 Linux 上使用 OpenVPN。客户端的内核为 3.13.0,OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6]服务器的内核为 2.6.22.19OpenVPN 2.3.2 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6]

linux
Martin Hope
Adam Ryczkowski
Asked: 2014-04-24 02:36:05 +0800 CST
  • 3

有时包之间存在复杂的交互。为了避免类接口带有无数看似无关的参数,我考虑使用标签、 defined(<resource>)函数来让资源根据其余配置(不是事实)稍微改变它们的行为。

不幸的是,我想不出一种方法让 Puppet 首先解析可以生成条件的类,然后才解析隐含行为(通过例如标签)取决于第一个类的执行方式的类。

假设这里有一个类,它管理一个特定用户存储其敏感个人数据的地方。该类可以例如创建分区(可能是加密的),或者只维护一个外部文件夹(例如在/mnt/user 上)。或者它可以将文件夹保留在默认位置,即 /home/user (spurcetype=>'none')

class userdocs ( $sourcetype) {
  case $sourcetype {
    'cryptpartition' : {
      tag 'dedicated_user_docs_partition'
      ...
    }
    'partition' : {
      tag 'dedicated_user_docs_partition'
      ...
    }
    'none' : {
      ...
    }
  }
  ...
}

除了用户可能想要转发到他的分区的相当标准的文件夹集之外,还有一些文件夹的存在取决于运行的特定软件,例如 Thunderbird 或 virtualbox。为例如 virtualbox 创建链接(而不是文件夹)只应在满足两个条件的情况下完成: a) 用户管理单独的分区 ( tagged('dedicated_user_docs_partition'))并且用户安装 VirtualBox。

必须有一个地方,我可以在其中放置额外的代码,检查这两个条件。我可以把它放到管理虚拟盒的类中:

class vbox {
  if tagged('dedicated_user_docs_partition') {
    file { "${userhome}/.VirtualBox": ensure=>link, require=>Class['userdocs'] ...
    }
  } else {
    file { "${userhome}/.VirtualBox": ensure=>directory, require=>Class['userdocs'] ...
    }
  }
  ...
}

问题是,尽管我明确要求在上课之前执行资源,但在此之后对资源file进行评估,并且 puppet 错误地假设用户没有并且执行了错误的语句分支。userdocsfilededicated_user_docs_partitionif

有没有办法解决这个问题?

我已经在ask.puppet.com上交叉发布了这个问题。

puppet
Martin Hope
Adam Ryczkowski
Asked: 2012-09-29 02:52:14 +0800 CST
  • 0

我读过“不建议在池中混合使用 RAID 类型”,这意味着这是可能的。为什么不推荐?

在我的设置中,非常需要为一个池中的不同文件系统动态分配不同的 RAID-Z 级别,该设置由非常重要的、重要的和不重要的文件组成。

第二个问题是:如果磁盘开始出现故障会发生什么?我知道,我将无法访问没有充分突袭的文件系统。但是,如果被突袭的文件(具有足够的冗余来处理故障)嵌套在发生故障的文件系统中怎么办?他们会可用吗?如何?

我打算使用 ZOL,版本 0.6.0.80,它与 zpool 版本 28 和 zfs 版本 5 兼容。

zfs
Martin Hope
Adam Ryczkowski
Asked: 2012-09-16 03:18:06 +0800 CST
  • 3

欢迎。

我尝试从 linux 软件 raid 故障中恢复。我正在根据系统健康时的系统日志重新创建超级块。该日志谈到 2 个 md 设备,每个设备基于 5 500GB 分区。RAID-5 /dev/md5 由/dev/sd[bf]6 组成,RAID-6 /dev/md6 由/dev/sd[bf]5 组成。相关部分 dmesg 日志如下所示:

[    5.964928] raid5: allocated 5265kB for md5
[    5.979771] 4: w=1 pa=0 pr=5 m=1 a=2 r=5 op1=0 op2=0
[    5.987064] 1: w=2 pa=0 pr=5 m=1 a=2 r=5 op1=0 op2=0
[    5.994256] 3: w=3 pa=0 pr=5 m=1 a=2 r=5 op1=0 op2=0
[    6.001441] 2: w=4 pa=0 pr=5 m=1 a=2 r=5 op1=0 op2=0
[    6.008665] 0: w=5 pa=0 pr=5 m=1 a=2 r=5 op1=0 op2=0
[    6.015883] raid5: raid level 5 set md5 active with 5 out of 5 devices, algorithm 2
[    6.031441] RAID5 conf printout:
[    6.039266]  --- rd:5 wd:5
[    6.046856]  disk 0, o:1, dev:sdb6
[    6.054308]  disk 1, o:1, dev:sdf6
[    6.061524]  disk 2, o:1, dev:sdc6
[    6.068667]  disk 3, o:1, dev:sde6
[    6.075774]  disk 4, o:1, dev:sdd6
[    6.089504] md5: bitmap initialized from disk: read 1/1 pages, set 0 bits
[    6.096768] created bitmap (15 pages) for device md5
[    6.141010] md5: detected capacity change from 0 to 1978409418752
[    6.153794]  md5: unknown partition table

[    5.594614] raid5: device sde5 operational as raid disk 3
[    5.599701] raid5: device sdd5 operational as raid disk 4
[    5.604750] raid5: device sdf5 operational as raid disk 1
[    5.609879] raid5: device sdc5 operational as raid disk 2
[    5.615032] raid5: device sdb5 operational as raid disk 0
[    5.621672] raid5: allocated 5265kB for md6
[    5.627243] 3: w=1 pa=0 pr=5 m=2 a=2 r=5 op1=0 op2=0
[    5.632846] 4: w=2 pa=0 pr=5 m=2 a=2 r=5 op1=0 op2=0
[    5.638502] 1: w=3 pa=0 pr=5 m=2 a=2 r=5 op1=0 op2=0
[    5.644155] 2: w=4 pa=0 pr=5 m=2 a=2 r=5 op1=0 op2=0
[    5.649844] 0: w=5 pa=0 pr=5 m=2 a=2 r=5 op1=0 op2=0
[    5.655566] raid5: raid level 6 set md6 active with 5 out of 5 devices, algorithm 2
[    5.667653] RAID5 conf printout:
[    5.673791]  --- rd:5 wd:5
[    5.679837]  disk 0, o:1, dev:sdb5
[    5.685721]  disk 1, o:1, dev:sdf5
[    5.691570]  disk 2, o:1, dev:sdc5
[    5.697348]  disk 3, o:1, dev:sde5
[    5.703122]  disk 4, o:1, dev:sdd5
[    5.710762] md6: bitmap initialized from disk: read 1/1 pages, set 0 bits
[    5.716915] created bitmap (15 pages) for device md6
  • 线上的数字是什么[ 5.979771] 4: w=1 pa=0 pr=5 m=1 a=2 r=5 op1=0 op2=0意思,包括第一个4:
  • 线上的数字[ 6.039266] --- rd:5 wd:5]是什么意思?
  • 线上的数字[ 6.046856] disk 0, o:1, dev:sdb6是什么意思?
  • 这条线是否[ 6.096768] created bitmap (15 pages) for device md5说明了位置、位图所在的位置以及位图的大小?
linux