| martin f. krafft | 8acd49d | 2013-08-26 21:22:25 +0200 | [diff] [blame] | 1 | ================ |
| 2 | reclass concepts |
| 3 | ================ |
| 4 | |reclass| assumes a node-centric perspective into your inventory. This is |
| 5 | obvious when you query |reclass| for node-specific information, but it might not |
| 6 | be clear when you ask |reclass| to provide you with a list of groups. In that |
| 7 | case, |reclass| loops over all nodes it can find in its database, reads all |
| 8 | information it can find about the nodes, and finally reorders the result to |
| 9 | provide a list of groups with the nodes they contain. |
| 10 | |
| 11 | Since the term "groups" is somewhat ambiguous, it helps to start off with |
| 12 | a short glossary of |reclass|-specific terminology: |
| 13 | |
| 14 | ============ ============================================================== |
| 15 | Concept Description |
| 16 | ============ ============================================================== |
| 17 | node A node, usually a computer in your infrastructure |
| 18 | class A category, tag, feature, or role that applies to a node |
| 19 | Classes may be nested, i.e. there can be a class hierarchy |
| 20 | application A specific set of behaviour to apply |
| 21 | parameter Node-specific variables, with inheritance throughout the class |
| 22 | hierarchy. |
| 23 | ============ ============================================================== |
| 24 | |
| 25 | A class consists of zero or more parent classes, zero or more applications, |
| 26 | and any number of parameters. |
| 27 | |
| 28 | A node is almost equivalent to a class, except that it usually does not (but |
| 29 | can) specify applications. |
| 30 | |
| 31 | When |reclass| parses a node (or class) definition and encounters a parent |
| 32 | class, it recurses to this parent class first before reading any data of the |
| 33 | node (or class). When |reclass| returns from the recursive, depth first walk, it |
| 34 | then merges all information of the current node (or class) into the |
| 35 | information it obtained during the recursion. |
| 36 | |
| 37 | Furthermore, a node (or class) may define a list of classes it derives from, |
| 38 | in which case classes defined further down the list will be able to override |
| 39 | classes further up the list. |
| 40 | |
| 41 | Information in this context is essentially one of a list of applications or |
| 42 | a list of parameters. |
| 43 | |
| 44 | The interaction between the depth-first walk and the delayed merging of data |
| 45 | means that the node (and any class) may override any of the data defined by |
| 46 | any of the parent classes (ancestors). This is in line with the assumption |
| 47 | that more specific definitions ("this specific host") should have a higher |
| 48 | precedence than more general definitions ("all webservers", which includes all |
| 49 | webservers in Munich, which includes "this specific host", for example). |
| 50 | |
| 51 | Here's a quick example, showing how parameters accumulate and can get |
| 52 | replaced. |
| 53 | |
| 54 | All "unixnodes" (i.e. nodes who have the ``unixnode`` class in their |
| 55 | ancestry) have ``/etc/motd`` centrally-managed (through the ``motd`` |
| 56 | application), and the `unixnode` class definition provides a generic |
| 57 | message-of-the-day to be put into this file. |
| 58 | |
| 59 | All descendants of the class ``debiannode``, a descendant of ``unixnode``, |
| 60 | should include the Debian codename in this message, so the |
| 61 | message-of-the-day is overwritten in the ``debiannodes`` class. |
| 62 | |
| 63 | The node ``quantum.example.org`` (a `debiannode`) will have a scheduled |
| 64 | downtime this weekend, so until Monday, an appropriate message-of-the-day is |
| 65 | added to the node definition. |
| 66 | |
| 67 | When the ``motd`` application runs, it receives the appropriate |
| 68 | message-of-the-day (from ``quantum.example.org`` when run on that node) and |
| 69 | writes it into ``/etc/motd``. |
| 70 | |
| 71 | At this point it should be noted that parameters whose values are lists or |
| 72 | key-value pairs don't get overwritten by children classes or node definitions, |
| 73 | but the information gets merged (recursively) instead. |
| 74 | |
| 75 | Similarly to parameters, applications also accumulate during the recursive |
| 76 | walk through the class ancestry. It is possible for a node or child class to |
| 77 | *remove* an application added by a parent class, by prefixing the application |
| 78 | with `~`. |
| 79 | |
| 80 | Finally, |reclass| happily lets you use multiple inheritance, and ensures that |
| 81 | the resolution of parameters is still well-defined. Here's another example |
| 82 | building upon the one about ``/etc/motd`` above: |
| 83 | |
| 84 | ``quantum.example.org`` (which is back up and therefore its node definition |
| 85 | no longer contains a message-of-the-day) is at a site in Munich. Therefore, |
| 86 | it is a child of the class ``hosted@munich``. This class is independent of |
| 87 | the ``unixnode`` hierarchy, ``quantum.example.org`` derives from both. |
| 88 | |
| 89 | In this example infrastructure, ``hosted@munich`` is more specific than |
| 90 | ``debiannode`` because there are plenty of Debian nodes at other sites (and |
| 91 | some non-Debian nodes in Munich). Therefore, ``quantum.example.org`` derives |
| 92 | from ``hosted@munich`` _after_ ``debiannodes``. |
| 93 | |
| 94 | When an electricity outage is expected over the weekend in Munich, the admin |
| 95 | can change the message-of-the-day in the ``hosted@munich`` class, and it |
| 96 | will apply to all hosts in Munich. |
| 97 | |
| 98 | However, not all hosts in Munich have ``/etc/motd``, because some of them |
| 99 | are of class ``windowsnode``. Since the ``windowsnode`` ancestry does not |
| 100 | specify the ``motd`` application, those hosts have access to the |
| 101 | message-of-the-day in the node variables, but the message won't get used… |
| 102 | |
| 103 | … unless, of course, ``windowsnode`` specified a Windows-specific |
| 104 | application to bring such notices to the attention of the user. |
| 105 | |
| 106 | It's also trivial to ensure a certain order of class evaluation. Here's |
| 107 | another example: |
| 108 | |
| 109 | The ``ssh.server`` class defines the ``permit_root_login`` parameter to ``no``. |
| 110 | |
| 111 | The ``backuppc.client`` class defines the parameter to ``without-password``, |
| 112 | because the BackupPC server might need to log in to the host as root. |
| 113 | |
| 114 | Now, what happens if the admin accidentally provides the following two |
| 115 | classes? |
| 116 | |
| 117 | - ``backuppc.client`` |
| 118 | - ``ssh.server`` |
| 119 | |
| 120 | Theoretically, this would mean ``permit_root_login`` gets set to ``no``. |
| 121 | |
| 122 | However, since all ``backuppc.client`` nodes need ``ssh.server`` (at least |
| 123 | in most setups), the class ``backuppc.client`` itself derives from |
| 124 | ``ssh.server``, ensuring that it gets parsed before ``backuppc.client``. |
| 125 | |
| 126 | When |reclass| returns to the node and encounters the ``ssh.server`` class |
| 127 | defined there, it simply skips it, as it's already been processed. |
| 128 | |
| 129 | Now read about :doc:`operations`! |
| 130 | |
| 131 | .. include:: substs.inc |