Hi Paul, thank you for replying.
I am aware of the whole declarative vs. procedural thing. I do still
have some trouble with it, though I think fewer problems than my first
email implied.
In my case, I declare a keystore. It has parameters like owner, group,
and mode. I'd like to declare which keys are in the keystore as part of
the keystore declaration. But I see no way to accomplish this.
Instead, I need to declare the keys, and which keystores their part
of. This is contrary to my model of declaring the keystore. I want to
say:
define keystore(keys) {
require Keys[$keys]
}
define key() {
# an exec to ensure the key is part of the keystore
}
keystore{/tmp/k1:
keys => Key[xxxxx],
}
keystore{/tmp/k2:
keys => Key[xxxxx, yyyyy],
}
This feels clean and declarative. But, it fails -- both things depend on
Key[xxxxx]. All of the ways I can think to accomplish it, are very
clunky and much more procedural.
Declaring a keystore, and declaring which keys are in which keystores
feels very repetitive, and much more functional. It means specifying
lots of steps on the way, instead of just the end state.
I think it would be really elegant, if $name could be
multidimensional:
define keystore(keys) {
require Keys[$name::$keys]
}
define key() {
$store = $1
$key = $2
# an exec to ensure the key is part of the keystore
}
keystore{/tmp/k1:
keys => Key[xxxxx],
}
keystore{/tmp/k2:
keys => Key[xxxxx, yyyyy],
}
seph
Paul Lathrop <paul.lath...@gmail.com> writes:
> seph,
>
> You are making a couple of classic mistakes here. For one, thinking of
> definitions as "functions" can only end in tears. Definitions are just
> ways of abstracting a collection of resources into a single resource.
> The second mistake you make is in thinking procedurally. Puppet's
> model is declarative, not procedural. You don't loop through an array
> and add each item to a keystore. You declare a keystore. You declare
> keys, with parameters saying which stores they should be part of.
> That's the way you should model this problem to avoid fighting the
> tool.
>
> Since I have a hard time understanding precisely what you are trying
> to accomplish, I can't be more specific. But I can advise you take a
> step back, remind yourself that definitions are not functions (you
> don't "call" a gpg::keystore, you "declare" it, and the terminology is
> very important in understanding the model), and then try to rethink
> the problem in terms of resources.
>
> --Paul
>
> On Thu, Jul 30, 2009 at 9:51 AM, seph<s...@directionless.org> wrote:
>>
>> Inspired by the recent thread titled "Array input of dirs, ensuring
>> their existence" I thought I'd write up the problem I'm running into. I
>> was chatting on irc about it, I don't think puppet has a clean solution.
>>
>> Like the other poster, I'm defining an object that takes an array. In
>> my case, I'm defining gpg keystore, which can contain a number of
>> keys. (actually part of a larger svn repository object) It would be
>> called something like:
>>
>> gpg::keystore{ "/svn/repo/conf/pubring.gpg":
>> keys => ["XXXXXX", "YYYYYYY"],
>> }
>>
>> The obvious way to deal with that array, is to use a require, or to have
>> the definition directly call the key function.
>>
>> gpg::addkey{ $keys:
>> store => $keystore, #as passed in as $name
>> }
>>
>> But, this requires that the resources be named with the keyid. Which
>> fails when I have multiple keystores -- they can't both define
>> gpg::addkey["XXXXX"].
>>
>> It's hard to see a nice solution to this. If puppet supported
>> for loops, I could do something. Or if I could pass some kind of
>> multidimensional bit in the $name array expansion.
>>
>> I can get some of it, by inverting the logic. So instead of defining
>> keystores with key attributes, I instead define keys and the locations
>> they should get added to. But I find that much harder to maintain, and
>> it scales differently.
>>
>> Depending on the details, using inline_template can get part way. But
>> it's a lot of extra complexity, and I don't think it solves all
>> problems.
>>
>> I think I'll probably just rethink my setup, so I only have 1 keystore
>> per machine, but I'm not very pleased with that. Anyone have any
>> better suggestion? Any chance at getting better puppet support for
>> this sort of array handling?
>>
>> seph
>>
>> >
>>
>
>
>
> --
> "My pants growl with the hunger of a thousand bubblebees. And it feels
> like a Koala crapped a rainbow in my brain!" -MasterShakezula
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
