managing exceptions/specifics on file content / source
73 views
Skip to first unread message
Martin Willemsma
Dec 6, 2012, 7:07:19 AM12/6/12
to Puppet Users
Hi,
I'm looking for help on this use case:
I have several modules managing e.g. ntp and ssh on some nodes. The content of ntp.conf and sshd_config are generated from templates for most of the nodes. Now we have a use case where some nodes need specific sshd_config or other admins need to make permanent local edits to those files or even provide their own sshd_config.
How can I select between source and template for file resouces and how do I organize this in my VCS?
Snippet from ssh module =>
file {
$config :
ensure => file,
owner => 0,
group => 0,
mode => 0600,
content => template("${module_name}/${config_tpl}"),
require => Package[$pkg_name],
notify => Service[$svc_name]
}
How can I incorporate a selector that checks for a source first on the fileserver? and defaults to the sshd_config template?
if
source => "puppet://private/${module_name}/file/sshd_config
else
content => template("${module_name}/${config_tpl}")
end
I have seen some post showing a select like this inside the module, but every module has its own repository and I don't want these node specific configs inside the module.
source => "puppet:///files/modules/${module_name}/etc/ssh/sshd_config.$hostname", "puppet:///files/modules/${module_name}/etc/ssh/sshd_config.$hostname",
Hope someone can give me some pointers on how you (would) do this. Thank you!
--
Met vriendelijke groet, Kind Regards,
Martin Willemsma
I'm looking for help on this use case:
I have several modules managing e.g. ntp and ssh on some nodes. The content of ntp.conf and sshd_config are generated from templates for most of the nodes. Now we have a use case where some nodes need specific sshd_config or other admins need to make permanent local edits to those files or even provide their own sshd_config.
How can I select between source and template for file resouces and how do I organize this in my VCS?
Snippet from ssh module =>
file {
$config :
ensure => file,
owner => 0,
group => 0,
mode => 0600,
content => template("${module_name}/${config_tpl}"),
require => Package[$pkg_name],
notify => Service[$svc_name]
}
How can I incorporate a selector that checks for a source first on the fileserver? and defaults to the sshd_config template?
if
source => "puppet://private/${module_name}/file/sshd_config
else
content => template("${module_name}/${config_tpl}")
end
I have seen some post showing a select like this inside the module, but every module has its own repository and I don't want these node specific configs inside the module.
source => "puppet:///files/modules/${module_name}/etc/ssh/sshd_config.$hostname", "puppet:///files/modules/${module_name}/etc/ssh/sshd_config.$hostname",
Hope someone can give me some pointers on how you (would) do this. Thank you!
--
Met vriendelijke groet, Kind Regards,
Martin Willemsma
Evelio VILA
Dec 6, 2012, 8:31:04 AM12/6/12
to puppet...@googlegroups.com
HI,
Le jeudi 6 décembre 2012 13:07:19 UTC+1, mawi a écrit :
however be aware, using something like
$module_name in hiera.yaml won't work as expected, at least in my
experience.
evelio
Le jeudi 6 décembre 2012 13:07:19 UTC+1, mawi a écrit :
Hi,
I'm looking for help on this use case:
I have several modules managing e.g. ntp and ssh on some nodes. The content of ntp.conf and sshd_config are generated from templates for most of the nodes. Now we have a use case where some nodes need specific sshd_config or other admins need to make permanent local edits to those files or even provide their own sshd_config.
How can I select between source and template for file resouces and how do I organize this in my VCS?
Snippet from ssh module =>
file {
$config :
ensure => file,
owner => 0,
group => 0,
mode => 0600,
content => template("${module_name}/${config_tpl}"),
require => Package[$pkg_name],
notify => Service[$svc_name]
}
How can I incorporate a selector that checks for a source first on the fileserver? and defaults to the sshd_config template?
you may want take a look at hiera.
if
source => "puppet://private/${module_name}/file/sshd_config
else
content => template("${module_name}/${config_tpl}")
end
however be aware, using something like
$module_name in hiera.yaml won't work as expected, at least in my
experience.
evelio
Martin Willemsma
Dec 6, 2012, 10:44:38 AM12/6/12
to Puppet Users
Thanks for the pointer, Evelio
For others needed something similar: I created a key in hiera, defaulting to template
$config_src = hiera("openssh_config_src", "template")
My code now looks like this:
file {
$config :
ensure => file,
owner => 0,
group => 0,
mode => 0600,
content => $config_src ? {
source => undef,
default => template("${module_name}/${config_tpl}")
},
source => $config_src ? {
source => "puppet:///private/${module_name}/sshd_config",
default => undef,
},
require => Package[$pkg_name],
notify => Service[$svc_name],
}
For unique configs I now use a fileshare called 'private' and put the files there. I think I will use the same for ntp until I find something better.
For others needed something similar: I created a key in hiera, defaulting to template
$config_src = hiera("openssh_config_src", "template")
My code now looks like this:
file {
$config :
ensure => file,
owner => 0,
group => 0,
mode => 0600,
source => undef,
default => template("${module_name}/${config_tpl}")
},
source => $config_src ? {
source => "puppet:///private/${module_name}/sshd_config",
default => undef,
},
require => Package[$pkg_name],
}
For unique configs I now use a fileshare called 'private' and put the files there. I think I will use the same for ntp until I find something better.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/LXRhCghCx1cJ.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Reply all
Reply to author
Forward
0 new messages