Support for resources across different projects

25 views
Skip to first unread message

jdlar...@gmail.com

unread,
Feb 28, 2018, 5:41:56 AM2/28/18
to Puppet On GCP Discussions

Hi,


I'm having a problem using the Google Cloud modules with Puppet. I have a client who has multiple GCP projects, and wants to manage their existing (manually-created) resources with Puppet.


The network resource in each project is named 'network'. However, this causes a problem when I try to apply Puppet:


Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: Gcompute_network[network] is already declared at (file: /etc/puppetlabs/code/environments/production/site-modules/site/manifests/gcp/common_network.pp, line: 15); cannot redeclare (file: /etc/puppetlabs/code/environments/production/site-modules/site/manifests/gcp/common_network.pp, line: 15) (file: /etc/puppetlabs/code/environments/production/site-modules/site/manifests/gcp/common_network.pp, line: 15, column: 3) (file: /etc/puppetlabs/code/environments/production/site-modules/site/manifests/profiles/gcp_orchestrator/cz_ops_prod.pp, line: 5) on node xxx.internal


This is because there is a resource defined like this for project A:


 gcompute_network { 'network':

   ..

   project                 => 'A',

   credential              => $credential,

 }


and another for project B:


 gcompute_network { 'network':

   ..

   project                 => 'B',

   credential              => $credential,

 }


Because all Puppet resources must have unique names, this fails. However, Google Cloud itself doesn't forbid networks in different projects having the same name: indeed, that's the case now with our projects.


This is not just a network issue, of course: any resource which happened to have the same name as another resource of the same type in a different project would cause the same problem.


My question is whether there is an easy way round this. The first thought that occurs is to add an optional attribute to the resource types which would allow you to specify the 'GCP name' for the resource, independently of the Puppet resource title. For example:


 gcompute_network { 'project-A-network':

   ..

   gcp_name                => 'network',

   project                 => 'A',

   credential              => $credential,

 }


Is there a better way to handle this, and if not, can I request that this attribute be added?


Regards,

John


(PS: I sent this question to the puppet...@google.com email address mentioned in the Google blog post, but heard nothing back. Maybe it's just not monitored?)

Cody Herriges

unread,
Mar 1, 2018, 1:24:40 PM3/1/18
to Puppet On GCP Discussions
Ah, thanks John. That was an over site during development and has an already established solution, we should've implemented composite namevars.

Here's an example from one of Puppet's supported modules: https://github.com/puppetlabs/puppetlabs-java_ks/blob/master/lib/puppet/type/java_ks.rb#L182-L207

Its explained briefly in the puppet-specifications repository, https://github.com/puppetlabs/puppet-specifications/blob/master/language/resource_types.md#namevar.

We'll work on getting this feature scoped for development.

Nelson Araujo

unread,
Mar 1, 2018, 6:25:28 PM3/1/18
to Puppet On GCP Discussions
John,

I did respond to your message on Feb 21. Did you not get a response? Anyhow here's a link to my post:

Nelson Araujo

unread,
Mar 1, 2018, 8:52:27 PM3/1/18
to Puppet On GCP Discussions
Hi John,

Cody just pointed out to me that there's something in the configuration that prevented access to seeing the other list. So I'm pasting my other post here so you can see it. Apologies for looking like we did not take your message seriously.

Hi John,

Thanks for bringing this to our attention. The attribute you seek is already there (poorly documented or so it seems ;-)). Every resource has a 'name' attribute that can be used to break the conflicts like the one you point out. So in your case it would be:

gcompute_network { 'project-A-network': 
  ensure     => present,
  name       => 'network', # this is the name on GCP

  project    => 'A', 
  credential => $credential, 


Then you can use the Puppet resource ID wherever it is required:

gcompute_subnetwork { 'my-servers-on-project-A-network': 
  ensure     => present,
  name       => 'my-servers', 
  network    => 'project-A-network',

  project    => 'A', 
  credential => $credential, 


Please let us know if that did not work for you for some reason.

Best regards,
-- Nelson
Reply all
Reply to author
Forward
0 new messages