LDAP backend for Hiera
377 views
Skip to first unread message
Arnaud Gomes-do-Vale
Aug 12, 2013, 9:37:39 AM8/12/13
to puppet...@googlegroups.com
Hi folks,
I have written a small LDAP backend for Hiera. I am aware of the one at
<https://github.com/hunner/hiera-ldap> but it's not what I was looking
for.
You can find mine at <http://forge.ircam.fr/p/hiera-ldap-backend/>.
How to use it
=============
Basically, the hiera.yaml file should look like that:
---
:backends:
- ldap
:ldap:
:server: ldap.example.com
:port: 389
:base: dc=example,dc=com
:attribute: hieraData
:name: cn
:hierarchy:
- %{::fqdn}
- common
The first three lines in the :ldap section should be obvious. The next
two are the names of the attributes containing, in order, the Hiera data
itself (as "key=value" strings) and the lookup key. So, for instance, to
set the value of variable "foo" to "bar" on host "myhost.example.com",
your LDAP entry would look like that:
dn: cn=myhost.example.com, ou=hosts, dc=example, dc=com
cn: myhost.example.com
hieraData: foo=bar
It's up to you to add support for the hieraData attribute in your LDAP
schema; the schema snippet I use looks like that:
attributetype ( 1.3.6.1.4.1.7568.1.1.49.1 NAME 'hieraData' SUP name )
objectclass ( 1.3.6.1.4.1.7568.1.2.43.1 NAME 'hieraSource' SUP top STRUCTURAL
DESC 'Hiera configuration source'
MAY ( cn $ hieraData ) )
I have not yet tested the backend live with Puppet (waiting for my
schema changes to get pulled by all my LDAP servers) but it works with
the hiera command line.
Feedback welcome, of course. :-) I guess I should mention I'm a beginner
with both Ruby and Hiera, so my code is probably far from optimal.
--
A
I have written a small LDAP backend for Hiera. I am aware of the one at
<https://github.com/hunner/hiera-ldap> but it's not what I was looking
for.
You can find mine at <http://forge.ircam.fr/p/hiera-ldap-backend/>.
How to use it
=============
Basically, the hiera.yaml file should look like that:
---
:backends:
- ldap
:ldap:
:server: ldap.example.com
:port: 389
:base: dc=example,dc=com
:attribute: hieraData
:name: cn
:hierarchy:
- %{::fqdn}
- common
The first three lines in the :ldap section should be obvious. The next
two are the names of the attributes containing, in order, the Hiera data
itself (as "key=value" strings) and the lookup key. So, for instance, to
set the value of variable "foo" to "bar" on host "myhost.example.com",
your LDAP entry would look like that:
dn: cn=myhost.example.com, ou=hosts, dc=example, dc=com
cn: myhost.example.com
hieraData: foo=bar
It's up to you to add support for the hieraData attribute in your LDAP
schema; the schema snippet I use looks like that:
attributetype ( 1.3.6.1.4.1.7568.1.1.49.1 NAME 'hieraData' SUP name )
objectclass ( 1.3.6.1.4.1.7568.1.2.43.1 NAME 'hieraSource' SUP top STRUCTURAL
DESC 'Hiera configuration source'
MAY ( cn $ hieraData ) )
I have not yet tested the backend live with Puppet (waiting for my
schema changes to get pulled by all my LDAP servers) but it works with
the hiera command line.
Feedback welcome, of course. :-) I guess I should mention I'm a beginner
with both Ruby and Hiera, so my code is probably far from optimal.
--
A
Arnaud Gomes-do-Vale
Aug 12, 2013, 10:46:06 AM8/12/13
to puppet...@googlegroups.com
Arnaud Gomes-do-Vale <Arnaud...@ircam.fr> writes:
> objectclass ( 1.3.6.1.4.1.7568.1.2.43.1 NAME 'hieraSource' SUP top STRUCTURAL
s/STRUCTURAL/AUXILIARY/ of cource.
> objectclass ( 1.3.6.1.4.1.7568.1.2.43.1 NAME 'hieraSource' SUP top STRUCTURAL
--
A
Brunno Oliveira Prego
Mar 6, 2014, 2:00:47 PM3/6/14
to puppet...@googlegroups.com, arnaud...@ircam.fr
Arnaud,
Is your code free for use?
Thanks
Reply all
Reply to author
Forward
0 new messages