conditional statement in config.pp

John

unread,

Mar 20, 2014, 1:26:56 PM3/20/14

to puppet...@googlegroups.com

Below is a my current config,.pp file.... I'm trying to create a condition that says

if (/etc/ldap.conf contains the string host1.mydomain.com or host2.mydomain.com)

Then install an sshd_ldap.erb template

else if (/etc/ldap.conf contains the string hostB.mydomain.com or hostA.mydomain.com)

Then install an sshd_freeIPA.erb template

else install a standard template.

The code does not work as written. Any advice to suggestions would be greatly appreciated.

Thanks in advance.

class ssh::config inherits ssh {

file_content { '/etc/ldap.conf':

ensure => file,

}

if $file_content == "host1.mydomain.com || host2.mydomain.com"

{

file { '/etc/ssh/sshd_config':

ensure => present,

owner => $owner,

group => $group,

mode => '0644',

backup => false,

content => template("sshd_config_ldap.erb"),

}

file { '/etc/ssh/ssh_config':

ensure => present,

owner => $owner,

group => $group,

mode => '0644',

backup => false,

content => template("ssh_config_ldap.erb"),

}

elsif $file_content == "hostB.mydomain.com || hostA.mydomain.com"

{

file { '/etc/ssh/sshd_config':

ensure => present,

owner => $owner,

group => $group,

mode => '0644',

backup => false,

content => template("sshd_config_ipa.erb"),

}

file { '/etc/ssh/ssh_config':

ensure => present,

owner => $owner,

group => $group,

mode => '0644',

backup => false,

content => template("ssh_config_ipa.erb"),

}

else

{

file { '/etc/ssh/sshd_config':

ensure => present,

owner => $owner,

group => $group,

mode => '0644',

backup => false,

content => template("sshd_config_standard.erb"),

}

file { '/etc/ssh/ssh_config':

ensure => present,

owner => $owner,

group => $group,

mode => '0644',

backup => false,

content => template("ssh_config_standard.erb"),

}

Peter Bukowinski

unread,

Mar 20, 2014, 2:26:56 PM3/20/14

to puppet...@googlegroups.com

On Mar 20, 2014, at 1:26 PM, John <sami....@gmail.com> wrote:

Below is a my current config,.pp file.... I'm trying to create a condition that says

if (/etc/ldap.conf contains the string host1.mydomain.com or host2.mydomain.com)
Then install an sshd_ldap.erb template
else if (/etc/ldap.conf contains the string hostB.mydomain.com or hostA.mydomain.com)
Then install an sshd_freeIPA.erb template
else install a standard template.

The code does not work as written. Any advice to suggestions would be greatly appreciated.

Thanks in advance.

class ssh::config inherits ssh {
file_content { '/etc/ldap.conf':
ensure => file,
}

I understand what you're trying to do here, but you seem to have made up some puppet code that it won't know how to handle. You're trying to define a variable by using puppet's resource language. That's not going to work.

What you'll need to do is write a custom facter fact, e.g. 'ldapserver', that will contain the name(s) of the configured ldap server(s). I do this in my environment with the following code, which I place into a puppet module named 'custom' (as documented here http://docs.puppetlabs.com/guides/plugins_in_modules.html):

# ldapservers.rb

Facter.add(:ldapservers) do

setcode do

osfam = Facter.value('osfamily')

case osfam

when /RedHat/

%x{authconfig --test | grep -Fwm 1 'LDAP server' | awk -F\\" '{gsub("ldap:","");gsub("/","");print $2}'}.chomp

when /Debian/

%x{awk '/^uri/{print $2,$3}' /etc/ldap.conf}.chomp

end

With this fact in place, you can use a selector instead of an if statement to make your code much more concise:

class ssh::config inherits ssh {

$ssh_type = $::ldapservers ? {

/host(1|2).mydomain.com/ => "ldap",

/host(B|A).mydomain.com/ => "ipa",

default => "standard",

}

file { '/etc/ssh/sshd_config':
ensure => present,
owner => $owner,

group => $group,

mode => '0644',

backup => false,

content => template("sshd_config_${$ssh_type}.erb"),

}

file { '/etc/ssh/ssh_config':

ensure => present,

owner => $owner,

group => $group,

mode => '0644',

backup => false,

content => template("ssh_config_${$ssh_type}.erb"),

}

--

Peter Bukowinski

jcbollinger

unread,

Mar 21, 2014, 9:30:19 AM3/21/14

to puppet...@googlegroups.com

On Thursday, March 20, 2014 1:26:56 PM UTC-5, Peter Bukowinski wrote:

On Mar 20, 2014, at 1:26 PM, John <sami....@gmail.com> wrote:

Below is a my current config,.pp file.... I'm trying to create a condition that says

if (/etc/ldap.conf contains the string host1.mydomain.com or host2.mydomain.com)
Then install an sshd_ldap.erb template
else if (/etc/ldap.conf contains the string hostB.mydomain.com or hostA.mydomain.com)
Then install an sshd_freeIPA.erb template
else install a standard template.

The code does not work as written. Any advice to suggestions would be greatly appreciated.

Thanks in advance.

class ssh::config inherits ssh {
file_content { '/etc/ldap.conf':
ensure => file,
}

I understand what you're trying to do here, but you seem to have made up some puppet code that it won't know how to handle. You're trying to define a variable by using puppet's resource language. That's not going to work.

What you'll need to do is write a custom facter fact, e.g. 'ldapserver', that will contain the name(s) of the configured ldap server(s). I do this in my environment with the following code, which I place into a puppet module named 'custom' (as documented here http://docs.puppetlabs.com/guides/plugins_in_modules.html):

+1

Alternatively, it is often better for Puppet to tell instead of ask. That is, where possible, you should avoid making your nodes authorities for information that is not directly tied to their identities and hardware.

If you adhere to that principle, then instead of using nodes' LDAP configuration to determine which SSH configuration to apply, you would manage both to appropriate, consistent states.

John

Reply all

Reply to author

Forward