David Lutterkort wrote:
> On Fri, 2008-10-03 at 22:47 +0200, Jeroen van Meeuwen wrote:
>> Even when using augeas, the settings provided in a module like you
>> describe will differ in over a dozen ways even if just one or two
>> organizations are using the module.
>
> My point was that if you have a very granular way to change individual
> config settings, you don't need to worry as much about the different
> ways in which to organize where the whole file comes from; users of the
> module can simply compose the file using puppet's standard mechanisms.
>
On another note, diverging the thread wrt. my previous reply a little,
one of the things I try to avoid is using variables in manifests to
provide/tweak settings from within a manifest, most primarily because
there's just too many configuration settings and writing routines to
check settings for valid values, for or while loops and nesting isn't
something I would like to see in a module's manifest that is supposed to
just work.
That being said, if settings were to be provided in or through the
manifest, including the ssh::server class might start looking something
like this (don't ask about the actual settings provided in this example :P):
$ssh_port = [ "22", "443" ]
$ssh_protocol = [ "1", "2" ]
$ssh_access_groups = [ "sysadmin", "wheel", "webadmin" ]
$ssh_use_pam = $operatingsystem ? {
"RedHat" => $lsbdistrelease ? {
"3" => false,
default => true
},
"CentOS" => $lsbdistrelease ? {
"3" => false,
default => true
},
"Debian" => $operatingsystemversion ? {
"2" => false
(...etc...)
},
default => true
}
include ssh::server
and then in the ssh::server class:
$real_ssh_port = $ssh_port ? { '' => 22, default => $ssh_port }
$real_ssh_protocol = $ssh_protocol ? { '' => 2, default => $ssh_protocol }
(...etc...)
and then in the template... well you get the idea, I guess.
This -providing all settings one might want to tweak- IMHO, should not
happen in a manifest. If someone needs to do such with puppet, I'd say
use augeas instead. Maybe create a subclass to the appropriate class
from the SSH Puppet Common Module and make it do what works for you, or
maybe not use the SSH Puppet Common Module at all, or maybe (better yet)
contribute a SSH module to Puppet Common Modules entirely based on and
wrapped around augeas usage.
Kind regards,
Jeroen van Meeuwen
-kanarip
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
