Hi everyone, I would like to show my usage of the Ruby DSL. I use this in Production and together with Hiera this has been very helpful to me. The main reason for me to use the DSL, was Puppets lack of support for data structures. Maybe I am missing something here, so alternative solutions are very welcome.
I am sad to see the deprecation of the Ruby DSL with no new alternative
being available. (New Ruby DSL was just removed from 3.1.0-RC2).
So here we go... I want to configure OpenVPN with per-client IPs. This
is to work around the lack of multicast on CloudProviders. So I would
like to have name/ip-pairs that I can iterate over. The name and number
of clients changes from staging to production, so I made these hiera keys.
This is my hiera keys:
----
openvpn.network: 172.16.0.0
openvpn.netmask: 255.255.255.0
openvpn.server.name: puppetmaster.grid.prod.example.com
openvpn.server.ip: 172.16.0.1
openvpn.clients:
- name: app0.grid.prod.example.com
ip: 172.16.0.100
- name: app1.grid.prod.example.com
ip: 172.16.0.101
- name: app2.grid.prod.example.com
ip: 172.16.0.102
- name: app3.grid.prod.example.com
ip: 172.16.0.103
- name: app4.grid.prod.example.com
ip: 172.16.0.104
- name: app5.grid.prod.example.com
ip: 172.16.0.105
- name: app6.grid.prod.example.com
ip: 172.16.0.106
- name: app7.grid.prod.example.com
ip: 172.16.0.107
-----
Now follows the OpenVPN module (in parts). Let me know if you'd prefer
gist or something else.
clustervpn/manifests/server.pp
-----
class clustervpn::server( $openvpn_clients=hiera("openvpn.clients"),
$openvpn_network=hiera("openvpn.network"),
$openvpn_netmask=hiera("openvpn.netmask")) {
$configdir = "/etc/openvpn"
$sourcedir = "puppet:///modules/vpn/keys/"
<some parts removed>
file { "$configdir/server.conf":
content => template("clustervpn/server.conf.erb"),
owner => root, group => root, mode => 0644,
notify => Service["openvpn"]
}
file { "$configdir/ccd":
ensure => directory,
owner => root, group => root, mode => 0755,
}
->
clustervpn::clientconfigs { "ccd":
clients => $openvpn_clients,
}
service { "openvpn":
ensure => running,
enable => true,
require => Package["openvpn"],
}
}
------
Now the "clustervpn::clientconfigs" allows me to use the power of Ruby
to iterate over the hash.
clustervpn/manifests/clientconfigs.rb
------
define "clustervpn::clientconfigs", :clients do
@clients.each do |client|
scope.find_resource_type 'clustervpn::clientconfig'
create_resource 'clustervpn::clientconfig', "#{client['name']}", {
:ip => client['ip']
}
end
end
-------
As soon as Puppet language is enough I go back again. Here to define a
single client config.
clustervpn/manifests/clientconfig.pp
-------
define clustervpn::clientconfig($ip) {
file { "$clustervpn::server::configdir/ccd/$name":
owner => root, group => root, mode => 0644,
content => template("clustervpn/ccd.erb")
}
}
-------
Let me add that I used hashes/arrays in a couple of places in Hiera.
Common examples are hostname/ip, ip/port, username/password etc. I
recently got my hands dirty with custom types, but I thing to the above
outlined the Ruby DSL is much much lighter and straight forward.
Cheers,
Jens
smime.p7s
Description: S/MIME Cryptographic Signature
