[Puppet Users] Help pulling data from hiera hash

Mon, 23 Jul 2018 18:57:02 -0700 

I am required to configure FreeRADIUS with a white list of authorized MACs
that are allowed on my network. I currently have a module that uses a file
resource to drop the authorized_macs file selected by hostname of the
server from my modules file directory. For example, currently server1 gets
freeradius/files/server1_authorized_macs dropped into the proper location.

I am also using ghoneycutt/hosts to manage /etc/hosts on my servers. Every
devices that is required to be listed in the authorized MACs file has an
/etc/hosts entry managed via this module and defined in the server's yaml
file.

I would like to modify my freeradius module to dynamically build the
authorized_macs file based based on data in hiera instead of managing a
file per server in my module. I plan to add a key to the existing
hosts::host_entries hash already in place for the ghoneycutt/hosts module
that contains the MAC of the host and use that to generate my
authorized_macs file.

Is the sample code below on the right path for this? This is the first time
I've done anything more complicated than a simple variable lookup in hiera.
I haven't tested any of the code below, just trying to get an idea if I'm
heading down the right path first.

sample hiera node file:
hosts::host_entries::
  'fqdn-1':
    ip: '192.168.1.1'
    host_aliases:
      - 'host-1'
    mac: '00-00-00-00-00-11'
  'fqdn-2':
    ip: '192.168.1.2'
    host_aliases:
      - 'host-2'
    mac: '00-00-00-00-00-22'

freeradius/manifests/config.pp
class config (
  $host_entries = $hosts::host_entries
) {
  validate_hash($host_entries)
  $host_entries.each |$host_entry| {
    validate_hash($host_entry)
    $host_entry.each | $title, $attributes| {
      validate_hash($attributes)
      if has_key($attributes, 'mac') {
        #insert code here to add the $mac to the authorized_macs file on
this server
      }
    }
  }
}


Thanks,
Nick Hasser

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAmyyqoCr-Ni9%3DtKeFYH65vhPxoxKx6xJxO8PBbS0Xaa%2BfCPzw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to