managing exceptions/specifics on file content / source

73 views
Skip to first unread message

Martin Willemsma

unread,
Dec 6, 2012, 7:07:19 AM12/6/12
to Puppet Users
Hi,

I'm looking for help on this use case:

I have several modules managing e.g. ntp and ssh on some nodes. The content of ntp.conf and sshd_config are generated from templates for most of the nodes. Now we have a use case where some nodes need specific sshd_config or other admins need to make permanent local edits to those files or even provide their own sshd_config.

How can I select between source and template for file resouces and how do I organize this in my VCS?

Snippet from ssh module =>

            file {
                $config :
                    ensure => file,
                    owner => 0,
                    group => 0,
                    mode => 0600,
                    content => template("${module_name}/${config_tpl}"),
                    require => Package[$pkg_name],
                    notify => Service[$svc_name]
            }
 
How can I incorporate a selector that checks for a source first on the fileserver? and defaults to the sshd_config template?

if
source => "puppet://private/${module_name}/file/sshd_config
else
  content => template("${module_name}/${config_tpl}")
end

I have seen some post showing a select like this inside the module, but every module has its own repository and I don't want these node specific configs inside the module.

source => "puppet:///files/modules/${module_name}/etc/ssh/sshd_config.$hostname", "puppet:///files/modules/${module_name}/etc/ssh/sshd_config.$hostname",

Hope someone can give me some pointers on how you (would) do this.  Thank you!

--
Met vriendelijke groet, Kind Regards,

Martin Willemsma

Evelio VILA

unread,
Dec 6, 2012, 8:31:04 AM12/6/12
to puppet...@googlegroups.com
HI,


Le jeudi 6 décembre 2012 13:07:19 UTC+1, mawi a écrit :
Hi,

I'm looking for help on this use case:

I have several modules managing e.g. ntp and ssh on some nodes. The content of ntp.conf and sshd_config are generated from templates for most of the nodes. Now we have a use case where some nodes need specific sshd_config or other admins need to make permanent local edits to those files or even provide their own sshd_config.

How can I select between source and template for file resouces and how do I organize this in my VCS?

Snippet from ssh module =>

            file {
                $config :
                    ensure => file,
                    owner => 0,
                    group => 0,
                    mode => 0600,
                    content => template("${module_name}/${config_tpl}"),
                    require => Package[$pkg_name],
                    notify => Service[$svc_name]
            }
 
How can I incorporate a selector that checks for a source first on the fileserver? and defaults to the sshd_config template?
 
you may want take a look at hiera.

if
source => "puppet://private/${module_name}/file/sshd_config
else
  content => template("${module_name}/${config_tpl}")
end


however be aware, using  something like
$module_name in hiera.yaml won't work as expected, at least in my
experience.

      evelio
 

Martin Willemsma

unread,
Dec 6, 2012, 10:44:38 AM12/6/12
to Puppet Users
Thanks for the pointer, Evelio

For others needed something similar: I created a key in hiera, defaulting to template

$config_src = hiera("openssh_config_src", "template")

My code now looks like this:

        file {
            $config :
                ensure => file,
                owner => 0,
                group => 0,
                mode => 0600,
                content => $config_src ? {
                    source => undef,
                    default => template("${module_name}/${config_tpl}")
                },
                source => $config_src ? {
                    source => "puppet:///private/${module_name}/sshd_config",
                    default => undef,

                },
                require => Package[$pkg_name],
                notify => Service[$svc_name],
        }

For unique configs I now use a fileshare called 'private' and put the files there. I think I will use the same for ntp until I find something better.





2012/12/6 Evelio VILA <eveli...@gmail.com>

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/LXRhCghCx1cJ.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Reply all
Reply to author
Forward
0 new messages