nodes.py¶
This file lets you specify or dynamically build a list of nodes in your environment.
Introduction¶
All you have to do here is define a Python dictionary called nodes. It should look something like this:
nodes = {
'node1': {
'hostname': "node1.example.com",
},
}
Note
With BundleWrap, the DNS name and the internal identifier for a node are two separate things. This allows for clean and sortable hierarchies:
nodes = {
'cluster1.node1': {
'hostname': "node1.cluster1.example.com",
},
}
All fields for a node (including hostname) are optional. If you don’t give one, BundleWrap will attempt to use the internal identifier to connect to a node:
nodes = {
'node1.example.com': {},
}
Dynamic node list¶
You are not confined to the static way of defining a node list as shown above. You can also assemble the nodes dictionary dynamically:
def get_my_nodes_from_ldap():
[...]
return ldap_nodes
nodes = get_my_nodes_from_ldap()
Node attribute reference¶
This section is a reference for all possible attributes you can define for a node:
nodes = {
'node1': {
# THIS PART IS EXPLAINED HERE
},
}
hostname¶
A string used as a DNS name when connecting to this node. May also be an IP address.
Note
The username and SSH private key for connecting to the node cannot be configured in BundleWrap. If you need to customize those, BundleWrap will honor your ~/.ssh/config.
metadata¶
This can be a dictionary of arbitrary data. You can access it from your templates as node.metadata. Use this to attach custom data (such as a list of IP addresses that should be configured on the target node) to the node. Note that you can also define metadata at the group level, but node metadata has higher priority.
password¶
SSH and sudo password to use for this node. Overrides passwords set at the group level and on the command line.
Warning
Please do not write any passwords into your nodes.py. This attribute is intended to be used with an external source of passwords and filled dynamically.
use_shadow_passwords¶
Warning
Changing this setting will affect the security of the target system. Only do this for legacy systems that don’t support shadow passwords.
This setting will affect how the user item operates. If set to False, password hashes will be written directly to /etc/passwd and thus be accessible to any user on the system.