Adding resource parameters in inheritence
29 views
Skip to first unread message
Paul.S...@barcap.com
Jul 24, 2012, 5:45:11 AM7/24/12
to puppet...@googlegroups.com
Hello,
On some machines being managed by Puppet I would like to perform targetted audit runs with "puppet -t --noop --tags audit"
For better or for worse I am trying to do this with a separate module "audit" rather than add the audit => to the resources and use inheritence.
i.e.
class audit::resolver inherits resolver::config {
notify{"Running audit on $resolver::params::config_file": }
File['resolv.conf'] {
audit +> all
}
}
notify{"Running audit on $resolver::params::config_file": }
File['resolv.conf'] {
audit +> all
}
}
The $resolver::params::config sets the path for the resource and I just want to audit it rather than change amend it but it doesn't seem to work.
Is this possible or not really ? Or is there a fundamentally better way of doing it ?
Cheers
Paul
jcbollinger
Jul 24, 2012, 9:47:44 AM7/24/12
to puppet...@googlegroups.com
"Doesn't seem to work" isn't very helpful. Does Puppet emit any relevant messages? Did you try running with --debug?
Your general idea sounds feasible. I see two specific problems in the example code you posted, however:
- Is the title of the File resource you want to override really 'resolv.conf'? I mean, it could be if you specified the full path via the 'path' parameter in the original declaration, but it didn't sound like that's what you had done.
- You do not want plussignment in this case. You want to set the value of the 'audit' parameter to the scalar value 'all', regardless of what might have been declared in the parent class. Use the regular assignment operator for that.
class audit::resolver inherits resolver::config {
notify{"Running audit on $resolver::params::config_file": }
File["$resolver::params::config_file"] {
audit => all
}
}
audit => all
}
}
That also assumes, of course, that the File whose declaration you are trying to override is in fact declared in class resolver::config (or an ancestor).
John
Paul.S...@barcap.com
Jul 24, 2012, 10:17:40 AM7/24/12
to puppet...@googlegroups.com
Your general idea sounds feasible. I see two specific problems in the example code you posted, however:
So what you want might be:
- Is the title of the File resource you want to override really 'resolv.conf'? I mean, it could be if you specified the full path via the 'path' parameter in the original declaration, but it didn't sound like that's what you had done.
- You do not want plussignment in this case. You want to set the value of the 'audit' parameter to the scalar value 'all', regardless of what might have been declared in the parent class. Use the regular assignment operator for that.
class audit::resolver inherits resolver::config {
notify{"Running audit on $resolver::params::config_file": }
File["$resolver::params::config_file"] {
audit => all
}
Thanks so resolver::config looks like this:-
class resolver::config {
file { '/etc/resolv.conf.predhclient':
ensure => absent
}
file { '/etc/resolv.conf.predhclient':
ensure => absent
}
file { '/etc/resolv.conf':
ensure => file,
owner => root,
group => root,
mode => '0644',
content => template('resolver/resolv.conf.erb'),
require => File['/etc/resolv.conf.predhclient']
}
ensure => file,
owner => root,
group => root,
mode => '0644',
content => template('resolver/resolv.conf.erb'),
require => File['/etc/resolv.conf.predhclient']
}
The audit class looks like this:-
class audit::resolver inherits resolver::config {
File['/etc/resolv.conf'] {
audit => all
}
}
audit => all
}
}
There is nothing related to this in the debug logs of a run the notify was put in originally to make sure the class was called which is was. The only thing in this is that the catalog run completes without error.
The plus assignment was because it was an addition rather than a replacement.
Cheers
Paul
}
jcbollinger
Jul 25, 2012, 9:45:18 AM7/25/12
to puppet...@googlegroups.com
On Tuesday, July 24, 2012 9:17:40 AM UTC-5, Olli...@googlemail.com wrote:
There is nothing related to this in the debug logs of a run the notify was put in originally to make sure the class was called which is was. The only thing in this is that the catalog run completes without error.
Ok. Is there a question there? Are you still experiencing your problem?
The plus assignment was because it was an addition rather than a replacement.
You may have misunderstood me. It should be a replacement. It doesn't make sense as an addition, and it might not mean what you want if it were an addition.
From the docs for the 'audit' metaparameter: "Accepts an attribute name, an array of attribute names, or
all" (emphasis added). The 'all' option is already inclusive of any attribute name or names that may have been specified in the base class's resource declaration, so it doesn't need to be an addition. If I take that specification literally, moreover, then 'all' as a member of an array tells puppet to audit a parameter named 'all', not to audit all parameters.John
Reply all
Reply to author
Forward
0 new messages