[Puppet Users] Re: arrays, loops, etc

Thu, 30 Jul 2009 15:17:30 -0700 

On Thu, Jul 30, 2009 at 1:05 PM, seph<s...@directionless.org> wrote:
> I am aware of the whole declarative vs. procedural thing. I do still
> have some trouble with it, though I think fewer problems than my first
> email implied.
>
> In my case, I declare a keystore. It has parameters like owner, group,
> and mode. I'd like to declare which keys are in the keystore as part of
> the keystore declaration. But I see no way to accomplish this.
>
> Instead, I need to declare the keys, and which keystores their part
> of. This is contrary to my model of declaring the keystore. I want to
> say:
>
>  define keystore(keys) {
>    require Keys[$keys]
>  }
>
>  define key() {
>    # an exec to ensure the key is part of the keystore
>  }
>
>  keystore{/tmp/k1:
>    keys => Key[xxxxx],
>  }
>  keystore{/tmp/k2:
>    keys => Key[xxxxx, yyyyy],
>  }
>
> This feels clean and declarative. But, it fails -- both things depend on
> Key[xxxxx]. All of the ways I can think to accomplish it, are very
> clunky and much more procedural.

While it may seem clean to you, it doesn't map very well into Puppet.
You can't just have a require hanging out like that in the middle of a
define, just for example. Here's what I'd do (again, not really
understanding the "key" and "keystore" here):

define key($key_arg1, $key_arg2, $keystore) {
  # resources to create the key and add it to each keystore.
}

define keystore($keystore_arg1, $path) {
  # an exec to create the (empty) keystore
}

key {
  "key1":
    key_arg1 => value,
    key_arg2 => value,
    keystore => ["default"],
    require => Keystore["default"];
  "key2":
    key_arg1 => value,
    key_arg2 => value,
    keystore => ["default", "secure"],
    require => Keystore["default", "secure"];
}

keystore {
  "default":
    keystore_arg1 => value,
    path => "/tmp/ks/default";
  "secure":
    keystore_arg1 => value,
    path => "/root/ks/secure";
}

Does that make sense?

--Paul

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to