Re: [Puppet Users] Question about templates from variables
> That way your team can use the high level "sudo::grant" definition to grant > someone a right, and the whole concat thing does the magic to make it work. Awesome, thanks! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Question about templates from variables
James Cammarata writes:
> On Sat, 29 May 2010 02:30:03 +1000, Daniel Pittman
> wrote:
>> James Cammarata writes:
[...]
>>> My primary motivation for this is something like sudoers, where certain
>>> system roles require sudoers commands for different groups to use.
>>
>> FWIW, my short term solution to that problem is to use a concatenated file
>> module, which allows me to incorporate arbitrary ordered fragments into the
>> output file.
>>
>> Those can be nicely generated from a puppet define, wrapping up the process
>> in a way that is reasonably error-checked and in which the nasty
>> implementation details are hidden from the "end users" in my sysadmin team.
>
> That sounds like just what I need, any documentation on the web for that,
> or anything you can share?
I based my concat module on the work of R.I.Pienaar, which you can find here:
http://www.devco.net/archives/2010/05/07/puppet_concat_20100507.php
The changes are pretty much insignificant outside some specialized
requirements of our use of the code; grab his bits and go with it.
I suspect the implementation will be obvious, but just in case it isn't the
rough template is that you create a class for sudo:
class sudo {
package { "sudo": ensure => latest }
# do the stuff to get concat working
concat { "/etc/sudoers": }
# ...and the bulk of the file:
concat::fragment { "sudoers header":
order => 10, source => "whatever"
}
concat::fragment { "sudoers trailer":
order => 90, source => "whatever"
}
}
That will put those two fragments, the header and trailer, in the right places
for you. Now you can inject stuff between them. (Obviously, you can have as
many fragments and injection points as you want. :)
Then, make life easy for other people:
define sudo::grant (users => 'ALL', hosts => 'ALL', commands => 'ALL') {
concat::fragment { "sudoers ${name} grant":
order => 30, # right in the middle
content => template('sudoers_grant.erb') # or whatever...
}
}
That way your team can use the high level "sudo::grant" definition to grant
someone a right, and the whole concat thing does the magic to make it work.
Regards,
Daniel
--
✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Question about templates from variables
* James Cammarata [2010/05/28 10:09]: > My primary motivation for this is something like sudoers, where > certain system roles require sudoers commands for different groups > to use. But sudoers has native support for exactly this use case, in that you can assign permissions based on host as well as user. So you could do something like: Host_Alias DB_SERVERS = orasrv1, orasrv2, orasrv3 User_Alias DBA = jsmith, tjones, brogers Runas_Alias ORACLE_USER = orauser Cmnd_Alias ORACLE_COMMANDS = ... DBA DB_SERVERS = (ORACLE_USER) ORACLE_COMMANDS You could distribute this sudoers to every host and sudo will do the right thing. Of course, this doesn't invalidate what you're doing, I'm just pointing out an alternate implementation. -- The Net views censorship as a network failure, and routes around it. -- John Gilmore -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Question about templates from variables
On Sat, 29 May 2010 02:30:03 +1000, Daniel Pittman wrote: > James Cammarata writes: > >>> This seems like it's a bug with plusassignment to me, can you open a >>> ticket on this? >> >> I had a moment of inspiration this morning and figured out what I needed >> to >> do to get this working the way I wanted: > > [...] > >> My primary motivation for this is something like sudoers, where certain >> system roles require sudoers commands for different groups to use. > > FWIW, my short term solution to that problem is to use a concatenated file > module, which allows me to incorporate arbitrary ordered fragments into the > output file. > > Those can be nicely generated from a puppet define, wrapping up the process > in a way that is reasonably error-checked and in which the nasty > implementation details are hidden from the "end users" in my sysadmin team. That sounds like just what I need, any documentation on the web for that, or anything you can share? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Question about templates from variables
On Fri, May 28, 2010 at 12:40 PM, Michael DeHaan wrote: >> $template_list = ["template1","template2","template3"] >> content => template($template_list), > > Puppet has a split() function that splits a string into an array, that > should do what you want there. > > template(split($template_list)) > > --Michael > Sorry, I posted too quickly, you can also specify the delimiter: http://docs.puppetlabs.com/references/latest/function.html -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Question about templates from variables
> $template_list = ["template1","template2","template3"] > content => template($template_list), Puppet has a split() function that splits a string into an array, that should do what you want there. template(split($template_list)) --Michael -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Question about templates from variables
James Cammarata writes: >> This seems like it's a bug with plusassignment to me, can you open a >> ticket on this? > > I had a moment of inspiration this morning and figured out what I needed to > do to get this working the way I wanted: [...] > My primary motivation for this is something like sudoers, where certain > system roles require sudoers commands for different groups to use. FWIW, my short term solution to that problem is to use a concatenated file module, which allows me to incorporate arbitrary ordered fragments into the output file. Those can be nicely generated from a puppet define, wrapping up the process in a way that is reasonably error-checked and in which the nasty implementation details are hidden from the "end users" in my sysadmin team. Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Question about templates from variables
> This seems like it's a bug with plusassignment to me, can you open a
> ticket on this?
>
I had a moment of inspiration this morning and figured out what I needed to
do to get this working the way I wanted:
class foo {
$file_content = template('foo/foo-base','foo/foo-bar')
file { "/etc/foo":
content => $file_content,
}
}
class foo::bab inherits foo {
$foo::file_content += template('foo/foo-bab')
File["/etc/foo"]{
content => $foo::file_content,
}
}
I believe this is the way the plussignment operator should work, so you can
avoid the hackish use of variables like I'm doing above.
My primary motivation for this is something like sudoers, where certain
system roles require sudoers commands for different groups to use. A
perfect example from our environment is any system that has an
Oracle-related role requires sudoers commands for the DBAs, on top of the
base roles we as Linux admins require on every system. Essentially I want
to avoid having to list every template combination for every possible
permutation of roles.
An alternative to this would be to allow the template() function to take a
list as a variable, something like this:
$template_list = ["template1","template2","template3"]
content => template($template_list),
When I try that currently, I get the following error (which is a weird
error in and of itself):
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Syntax error at '['; expected ']' at ...
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Question about templates from variables
On Thu, May 27, 2010 at 11:17 AM, James Cammarata wrote:
>
> On Thu, 20 May 2010 15:05:28 -0500, James Cammarata wrote:
>> I'm running into an issue trying to do something like the following:
>>
>> class test {
>> file {"test":
>> content => template('mytemplate1','mytemplate2'),
>> }
>> }
>>
>> class test::test2 inherits test {
>> File["test"] { content +> template('mytemplate3'), }
>> }
>>
>> So, basically I want the inherited class to tack on another template file
>> to the one in the parent class. The above works (that is, it doesn't
>> result in any puppet errors), but nodes that include test::test2 don't
> see
>> the template content from "mytemplate3".
>>
>> Is there a better way to do this, or is there something I'm missing?
>
> Never saw any response to this, so sending a follow-up.
This seems like it's a bug with plusassignment to me, can you open a
ticket on this?
--Michael
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Question about templates from variables
On Thu, 20 May 2010 15:05:28 -0500, James Cammarata wrote:
> I'm running into an issue trying to do something like the following:
>
> class test {
> file {"test":
> content => template('mytemplate1','mytemplate2'),
> }
> }
>
> class test::test2 inherits test {
> File["test"] { content +> template('mytemplate3'), }
> }
>
> So, basically I want the inherited class to tack on another template file
> to the one in the parent class. The above works (that is, it doesn't
> result in any puppet errors), but nodes that include test::test2 don't
see
> the template content from "mytemplate3".
>
> Is there a better way to do this, or is there something I'm missing?
Never saw any response to this, so sending a follow-up.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Question about templates from variables
I'm running into an issue trying to do something like the following:
class test {
file {"test":
content => template('mytemplate1','mytemplate2'),
}
}
class test::test2 inherits test {
File["test"] { content +> template('mytemplate3'), }
}
So, basically I want the inherited class to tack on another template file
to the one in the parent class. The above works (that is, it doesn't
result in any puppet errors), but nodes that include test::test2 don't see
the template content from "mytemplate3".
Is there a better way to do this, or is there something I'm missing?
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
