On Thu, Jul 30, 2009 at 1:05 PM, seph<s...@directionless.org> wrote: > I am aware of the whole declarative vs. procedural thing. I do still > have some trouble with it, though I think fewer problems than my first > email implied. > > In my case, I declare a keystore. It has parameters like owner, group, > and mode. I'd like to declare which keys are in the keystore as part of > the keystore declaration. But I see no way to accomplish this. > > Instead, I need to declare the keys, and which keystores their part > of. This is contrary to my model of declaring the keystore. I want to > say: > > define keystore(keys) { > require Keys[$keys] > } > > define key() { > # an exec to ensure the key is part of the keystore > } > > keystore{/tmp/k1: > keys => Key[xxxxx], > } > keystore{/tmp/k2: > keys => Key[xxxxx, yyyyy], > } > > This feels clean and declarative. But, it fails -- both things depend on > Key[xxxxx]. All of the ways I can think to accomplish it, are very > clunky and much more procedural.
While it may seem clean to you, it doesn't map very well into Puppet. You can't just have a require hanging out like that in the middle of a define, just for example. Here's what I'd do (again, not really understanding the "key" and "keystore" here): define key($key_arg1, $key_arg2, $keystore) { # resources to create the key and add it to each keystore. } define keystore($keystore_arg1, $path) { # an exec to create the (empty) keystore } key { "key1": key_arg1 => value, key_arg2 => value, keystore => ["default"], require => Keystore["default"]; "key2": key_arg1 => value, key_arg2 => value, keystore => ["default", "secure"], require => Keystore["default", "secure"]; } keystore { "default": keystore_arg1 => value, path => "/tmp/ks/default"; "secure": keystore_arg1 => value, path => "/root/ks/secure"; } Does that make sense? --Paul --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---