On Thu, Jul 30, 2009 at 1:05 PM, seph<[email protected]> wrote:
> I am aware of the whole declarative vs. procedural thing. I do still
> have some trouble with it, though I think fewer problems than my first
> email implied.
>
> In my case, I declare a keystore. It has parameters like owner, group,
> and mode. I'd like to declare which keys are in the keystore as part of
> the keystore declaration. But I see no way to accomplish this.
>
> Instead, I need to declare the keys, and which keystores their part
> of. This is contrary to my model of declaring the keystore. I want to
> say:
>
> define keystore(keys) {
> require Keys[$keys]
> }
>
> define key() {
> # an exec to ensure the key is part of the keystore
> }
>
> keystore{/tmp/k1:
> keys => Key[xxxxx],
> }
> keystore{/tmp/k2:
> keys => Key[xxxxx, yyyyy],
> }
>
> This feels clean and declarative. But, it fails -- both things depend on
> Key[xxxxx]. All of the ways I can think to accomplish it, are very
> clunky and much more procedural.
While it may seem clean to you, it doesn't map very well into Puppet.
You can't just have a require hanging out like that in the middle of a
define, just for example. Here's what I'd do (again, not really
understanding the "key" and "keystore" here):
define key($key_arg1, $key_arg2, $keystore) {
# resources to create the key and add it to each keystore.
}
define keystore($keystore_arg1, $path) {
# an exec to create the (empty) keystore
}
key {
"key1":
key_arg1 => value,
key_arg2 => value,
keystore => ["default"],
require => Keystore["default"];
"key2":
key_arg1 => value,
key_arg2 => value,
keystore => ["default", "secure"],
require => Keystore["default", "secure"];
}
keystore {
"default":
keystore_arg1 => value,
path => "/tmp/ks/default";
"secure":
keystore_arg1 => value,
path => "/root/ks/secure";
}
Does that make sense?
--Paul
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
