I wouldn't be that shy of custom facts in Puppet 3/4 (don't know if you are
stair stepping or starting fresh), they mostly "just work". Throw them in a
module and poof, agents get them on the next run, and they're processed
before the catalog compilation of that run so they take effect immediately.
Learning Just Enough Ruby(TM) also should not make you too shy. A long time
ago, I wrote a sample custom fact that parses a hostname with a regex and
grabs a portion of the string (
https://github.com/puppetinabox/controlrepo/blob/production/dist/profile/lib/facter/puppet_role.rb)
- if you are comfortable with regex, you can probably pick up the minimal
ruby required to understand the rest of it. It wouldn't be too difficult to
add a system() call to rpm and check the return code.
All that said, perhaps instead of using a fact, you could use ordering
within your puppet manifest, to implement the PAM module first, THEN update
the config via template afterward. This could be as simple as this:
package{'pam-additional-module':
ensure => present,
} ->
file{'pam-additional-module-config':
ensure => present,
path => /etc/pam.d/additional.conf,
contents => template('profile/pam/additional.conf.erb'),
}
This would install the package 'pam-additional-module', then install a
configuration file for it based on an ERB template. Just an example you can
adapt. I hope that helps!
Rob Nelson
rnels...@gmail.com
On Tue, Sep 13, 2016 at 2:10 PM, HPUX_PUPPET <dride...@gmail.com> wrote:
> I am moving from Puppet 0.25 to Puppet 4. In doing so I am re-writing a
> lot of the modules to work better than what I inherited.
>
> So my current issue I am trying to figure out is how to update PAM
> variables based on what external 3rd party authentication package we have
> installed on that server. The old method that had been employed was to use
> an exec to push a file with the correct settings. I am trying to do it via
> a template.
>
> The problem I am having is that I need to check if the PAM module is
> installed before making the changes and revert them if it is removed. I
> know I can write a custom fact, but on the 0.25 version a custom fact
> required both puppet.conf edits and a bounce of the agent. I haven't tried
> on the later versions, but I remain gun shy,
>
> Ideally I would run an execute to check the module and only do the changes
> if the PAM module is in place. I haven't figured out how to do that yet
> with templates.
>
> Has anyone else figured out the least invasive way to do this. Aka no
> custom facts?
>
> Do I need to just knuckle down and learn enough Ruby to have it determine
> if the package is set and use one variable, if not the other?
>
> I am still new to Puppet coding in Puppet 4, well in general too, when
> getting into the weeds like this. I would assume there is a simple think
> like below. (Notes this is probably not correct puppet code, just a
> pseudocode example)
>
> if ( ! exec { check_package:
> path => "/usr/bin:/bin:/sbin:/usr/sbin",
> command => "rpm -q <package>",
> } ) {
> $extra_lines = [
> 'blah blak',
> 'blah',
> ]
> }
>
> Think is I just don't have enough skill yet to make it work on my own yet,
> so I am reaching out to see if someone already figured this out as I keep
> hammering on it.
>
> Thanks!
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/fd5cb2f3-8ab1-4c0e-8134-f8e5ec49c1ac%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/fd5cb2f3-8ab1-4c0e-8134-f8e5ec49c1ac%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAC76iT-ONfsSvxegE75WTO8BLm%3D4jTTORF7k3Vr5UE3RW-foVA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
