In my puppet environment I tryed to implement default configuration that
can be extended in child node definition.
For instance:
* All the linux SSH servers must allow connect two groups: group1 and
group2
* Each node (or classnode) should can have more groups allowed to
connect.
* Some "special" nodes can overwrite this value.
First I implemented it using parametrized defines, and using the
redefinition of the instance (I think that I can do this with parametrized
classes)
In this case:
define linux($connect_allowed_groups) {
$ssh_allowed_groups = $connect_allowed_groups
include ssh_server
}
# The general linuxserver case
node linuxserver {
linux{"base":
connect_allowed_groups => [ "group1", "group2" ]
}
}
# A node with an extra group allowed to connect
node 'node1.mydomain.com' inherits linuxserver {
Linux["base"]{
connect_allowed_groups +> [ "group3" ]
}
}
# A node where there is an the connect groups are overwriten
node 'node2.mydomain.com' inherits linuxserver {
Linux["base"]{
connect_allowed_groups => [ "group1", "group3" ]
}
}
Now I am trying to use external nodes, but in external nodes you only can
include non-parametrized classes and set parameters.
Also, from my tests I checked that the parameters (please correct me if I am
wrong):
- Are stored in global scope: All classes has access to it.
- But if a class defines that parameter, it is used the class value.
To simulate the behaviour exposed before I think that the unique way that I
think I can use is:
class linux{
case $overwrite_connect_allowed_groups {
'': { ssh_allowed_groups =
$default_connect_allowed_groups }
default: { ssh_allowed_groups =
$overwrite_connect_allowed_groups }
}
case $extra_connect_allowed_groups {
'': { }
default: { ssh_allowed_groups += $extra_connect_allowed_groups }
}
include ssh::base
}
And have a external node classifier with:
- name: node1.mydomain.com
parameters:
extra_connect_allowed_groups: ["group3"]
classes:
- linux
- name: node2.mydomain.com
parameters:
overwrite_connect_allowed_groups: ["group1","group3"]
classes:
- linux
But it looks extremelly weird and unreadable, specially as it grows in
number of variables.
Other way could be use extlookup, as proposed here:
in site.pp:
$extlookup_datadir = "/etc/puppet/data/common/extdata/"
$extlookup_precedence = ["hosts/%{fqdn}", "domain_%{domain}", "common"]
the linux class:
class linux{
ssh_allowed_groups = extlookup('connect_allowed_groups')
include ssh::base
}
And just have a files for extlookup:
/etc/puppet/data/common/extdata/common.csv
connect_allowed_groups,group1,group2
/etc/puppet/data/common/extdata/hosts/node1.mydomain.com.csv
connect_allowed_groups,group1,group2,group3
/etc/puppet/data/common/extdata/hosts/node2.mydomain.com.csv
connect_allowed_groups,group1,group3
But I do not like too much the extlookup solution because:
* I can not define a common subset of groups that all host will inheret
(except the ones that overwrite this value). May be using again the
"default_connect_allowed_groups" variable.
* I think that is bad to have configuration in two places: external nodes
and cvs's files.
Do you have an idea to implement this better?
--
Atentamente
Héctor Rivas
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
