Hi Paul, thank you for replying. I am aware of the whole declarative vs. procedural thing. I do still have some trouble with it, though I think fewer problems than my first email implied.
In my case, I declare a keystore. It has parameters like owner, group, and mode. I'd like to declare which keys are in the keystore as part of the keystore declaration. But I see no way to accomplish this. Instead, I need to declare the keys, and which keystores their part of. This is contrary to my model of declaring the keystore. I want to say: define keystore(keys) { require Keys[$keys] } define key() { # an exec to ensure the key is part of the keystore } keystore{/tmp/k1: keys => Key[xxxxx], } keystore{/tmp/k2: keys => Key[xxxxx, yyyyy], } This feels clean and declarative. But, it fails -- both things depend on Key[xxxxx]. All of the ways I can think to accomplish it, are very clunky and much more procedural. Declaring a keystore, and declaring which keys are in which keystores feels very repetitive, and much more functional. It means specifying lots of steps on the way, instead of just the end state. I think it would be really elegant, if $name could be multidimensional: define keystore(keys) { require Keys[$name::$keys] } define key() { $store = $1 $key = $2 # an exec to ensure the key is part of the keystore } keystore{/tmp/k1: keys => Key[xxxxx], } keystore{/tmp/k2: keys => Key[xxxxx, yyyyy], } seph Paul Lathrop <paul.lath...@gmail.com> writes: > seph, > > You are making a couple of classic mistakes here. For one, thinking of > definitions as "functions" can only end in tears. Definitions are just > ways of abstracting a collection of resources into a single resource. > The second mistake you make is in thinking procedurally. Puppet's > model is declarative, not procedural. You don't loop through an array > and add each item to a keystore. You declare a keystore. You declare > keys, with parameters saying which stores they should be part of. > That's the way you should model this problem to avoid fighting the > tool. > > Since I have a hard time understanding precisely what you are trying > to accomplish, I can't be more specific. But I can advise you take a > step back, remind yourself that definitions are not functions (you > don't "call" a gpg::keystore, you "declare" it, and the terminology is > very important in understanding the model), and then try to rethink > the problem in terms of resources. > > --Paul > > On Thu, Jul 30, 2009 at 9:51 AM, seph<s...@directionless.org> wrote: >> >> Inspired by the recent thread titled "Array input of dirs, ensuring >> their existence" I thought I'd write up the problem I'm running into. I >> was chatting on irc about it, I don't think puppet has a clean solution. >> >> Like the other poster, I'm defining an object that takes an array. In >> my case, I'm defining gpg keystore, which can contain a number of >> keys. (actually part of a larger svn repository object) It would be >> called something like: >> >> gpg::keystore{ "/svn/repo/conf/pubring.gpg": >> keys => ["XXXXXX", "YYYYYYY"], >> } >> >> The obvious way to deal with that array, is to use a require, or to have >> the definition directly call the key function. >> >> gpg::addkey{ $keys: >> store => $keystore, #as passed in as $name >> } >> >> But, this requires that the resources be named with the keyid. Which >> fails when I have multiple keystores -- they can't both define >> gpg::addkey["XXXXX"]. >> >> It's hard to see a nice solution to this. If puppet supported >> for loops, I could do something. Or if I could pass some kind of >> multidimensional bit in the $name array expansion. >> >> I can get some of it, by inverting the logic. So instead of defining >> keystores with key attributes, I instead define keys and the locations >> they should get added to. But I find that much harder to maintain, and >> it scales differently. >> >> Depending on the details, using inline_template can get part way. But >> it's a lot of extra complexity, and I don't think it solves all >> problems. >> >> I think I'll probably just rethink my setup, so I only have 1 keystore >> per machine, but I'm not very pleased with that. Anyone have any >> better suggestion? Any chance at getting better puppet support for >> this sort of array handling? >> >> seph >> >> > >> > > > > -- > "My pants growl with the hunger of a thousand bubblebees. And it feels > like a Koala crapped a rainbow in my brain!" -MasterShakezula > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---