I have a problem with variables in defined types.
I have dug a hole consisting of three levels of nested defines as in
-------------------------------------------
class users {
...
}
-------------------------------------------
define users::useraccount (
$username = $name,
$uid,
$info,
$ingroups = [],
$dotfiles = [],
$userhome = "/home/${name}",
$ensure = absent,
$is_role = false,
$role_users = [],
$delete_role_users = [],
$user_options = [],
) {
...
if $is_role {
...
if ! empty ( $role_users ) {
$local_role_users = suffix ( $role_users, "_${username}" )
users::role_user_keys { $local_role_users:
ensure => present,
key_options => $user_options,
is_role => $is_role,
}
}
}
...
}
-------------------------------------------
define users::role_user_keys (
$ensure = absent,
$key_options = [],
$is_role = true,
) {
include 'stdlib'
$foo = split ( $title, '_' )
$the_user = $foo[0]
$the_role = $foo[1]
users::restricted_ssh_user { $title:
username => $the_user,
ensure => $ensure,
ssh_options => $key_options,
role_name => $the_role,
is_role => $is_role,
}
}
-------------------------------------------
define users::restricted_ssh_user (
$username,
$ensure = absent,
$ssh_options = [],
$is_role = true,
$role_name,
) {
include stdlib
case $is_role {
‘roleA' : {
$command_string = “/usr/local/${role_name}/local/bin/commandA
--user=${username}"
$canned_options = [
'no-port-forwarding',
'no-agent-forwarding',
'no-X11-forwarding',
'no-pty',
]
$option_string = "command=\"${command_string}\""
$local_options = concat ( $canned_options, [$option_string] )
}
‘roleB' : {
$command_string = “/usr/local/${role_name}/bin/commandB
--user=${username}"
$canned_options = [
'no-port-forwarding',
'no-X11-forwarding',
'no-pty',
]
$option_string = "command=\"${command_string}\""
$local_options = concat ( $canned_options, [$option_string] )
}
'admin' : {
$local_options = $ssh_options
}
default : {
$linkit = link
$command_string = "${homedir}/bin/ssh_${role_name}_${username}”
$option_string = "command=\"${command_string}\""
$local_options = concat ( $ssh_options, [$option_string] )
}
}
ssh_authorized_key { "${username}_rsa_key_for_${role_name}_${is_role}":
ensure => $ensure,
key => file ( "/etc/puppet/config/keys/${username}-rsa" ),
type => 'ssh-rsa',
user => $role_name,
options => $local_options,
}
ssh_authorized_key { "${username}_dss_key_for_${role_name}_${is_role}":
ensure => $ensure,
key => file ( "/etc/puppet/config/keys/${username}-dss" ),
type => 'ssh-dss',
user => $role_name,
options => $local_options,
}
}
The problem is in how I manipulate the array of option parameters as I go down
the levels ( user_options , key_options , ssh_options ) and the contents of the
array created with the “concat” function persists and accumulates (snowballs!!)
at the bottom level as the "users::restricted_ssh_user" defined type in
instantiated many times. The parameters were all called “options” at one
point, and I made them different, hoping that would work.
Is there a way to isolate the variables declared in a defined type instance ?
Or do I need to trash this design and start over ?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
