puppet code snippet

35 views
Skip to first unread message

John

unread,
Oct 31, 2013, 11:49:38 AM10/31/13
to puppet...@googlegroups.com
Note the following code snippet I've written for my puppet module.  My question is there a better (perhaps more efficient) method to accomplish this in a puppet module?  The logic requires if a string (say aaa) is in an ldap_conf file, then install a specific sshd config, if bbb, then another sshd config, finally if ccc then install another sshd config file.  The "file" section is meant to represent a specif SSHD config  There is also a requirement to support different configurations for different operating systems?  Thanks in advance.

 if ($ldap_conf_file =~ /aaa/) and ($operatingsystem == redhat)
     {
     file { '/etc/ssh/sshd_config': ensure => present }
     }

  if ($ldap_conf_file =~ /aaa/)  and ($operatingsystem == freebsd)
     {
     file { '/etc/ssh/sshd_config': ensure => present }
     }

  if ($ldap_conf_file =~ /aaa/)  and ($operatingsystem == aix)
     {
     file { '/etc/ssh/sshd_config': ensure => present }
     }

  if ($ldap_conf_file =~ /bbb/)  and ($operatingsystem == redhat)
     {
     file { '/etc/ssh/sshd_config': ensure => present }
     }

  if ($ldap_conf_file =~ /bbb/)  and ($operatingsystem == freebsd)
     {
     file { '/etc/ssh/sshd_config': ensure => present }
     }

  if ($ldap_conf_file =~ /bbb/)  and ($operatingsystem == aix)
     {
     file { '/etc/ssh/sshd_config': ensure => present }
     }

  if ($ldap_conf_file =~ /ccc/)  and ($operatingsystem == redhat)
     {
     file { '/etc/ssh/sshd_config': ensure => present }
     }

  if ($ldap_conf_file =~ /ccc/)  and ($operatingsystem == freebsd)
     {
     file { '/etc/ssh/sshd_config': ensure => present }
     }

  if ($ldap_conf_file =~ /ccc/)  and ($operatingsystem == aix)
     {
     file { '/etc/ssh/sshd_config': ensure => present }
     }

Henrik Lindberg

unread,
Oct 31, 2013, 1:14:49 PM10/31/13
to puppet...@googlegroups.com
This is inefficient since all of the if statements will be evaluated
even if a previous if statement triggered. You can change that by using:

if $ldap_conf_file =~ /aaa/ and $operatingsystem == xxx {
file { '/etc/ssh/sshd_config': ensure => present }
}
elsif xxx {
file { '/etc/ssh/sshd_config': ensure => present }
}
# etc. etc.
else {
file { '/etc/ssh/sshd_config': ensure => present }
}

It is also inefficient since both the regexp match is repeated in every
case. You can nest the if statements, or you can use (nested) case
statements:

case $ldap_conf_file {
/aaa/ : {
case $operatingsystem {
aix: {
file { '/etc/ssh/sshd_config': ensure => present }
}

redhat: {
file { '/etc/ssh/sshd_config': ensure => present }
}
# etc
}
/bbb/ : {
case $operatingsystem {
aix: {
file { '/etc/ssh/sshd_config': ensure => present }
}

redhat: {
file { '/etc/ssh/sshd_config': ensure => present }
}
# etc
}
/ccc/ : {
case $operatingsystem {
aix: {
file { '/etc/ssh/sshd_config': ensure => present }
}

redhat: {
file { '/etc/ssh/sshd_config': ensure => present }
}
# etc
}
default: {
# what to do when not matched
)
}

Or, use case statementss as above, but set a variable instead, and then
have the file resource at the end. Since you are setting a variable, you
can use the selector expression instead of a case - e.g:

$sshd_config_file = $operatingsystem ? {
aix => '/etc/sshd/sshd_config',
redhat => '. . .',
# etc
}

And at the end do like this:

file { "$sshd_config_file": ensure => present }

Hope that helps
Regards
- henrik

John

unread,
Oct 31, 2013, 2:13:32 PM10/31/13
to puppet...@googlegroups.com
Perfect response.  Thanks!!
Reply all
Reply to author
Forward
0 new messages