[Puppet Users] Re: Creating a config file dynamically based on the group membership of a node
On Monday, May 19, 2014 2:39:47 AM UTC-5, Grant Street wrote: Hi First time poster to this forum. I'm in the process of doing a pilot to convert a cfengine v2 install to puppet. I was wondering if any one had any ideas on the following. I have machines that can be in any combination(ie 0 or more) of 10 groups, that can change. I need to create an access.conf based on the group membership of the node. I would like the file to be dynamically created with any redundant lines removed. I have had a look at augeus but I can't see how to both add lines based on the group as well as remove unwanted and unknown lines. I have also had a look at templates but unsure how that would look like when the you have 0-10 insertion points A template is probably the way to go. The point to understand there is that you will be templating the entire contents of the file, not just the lines related to the 10 groups. Supposing that you have an array of the names of the wanted groups, then, your template might look like this: +:root:LOCAL % @wanted_groups.each do |g| -% +:(%= g %):ALL % end -% -:ALL:ALL John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d7a86966-d1c9-4de5-9484-97494f0696d6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Creating a config file dynamically based on the group membership of a node
On Wednesday, May 21, 2014 12:31:59 AM UTC+10, jcbollinger wrote: On Monday, May 19, 2014 2:39:47 AM UTC-5, Grant Street wrote: Hi First time poster to this forum. I'm in the process of doing a pilot to convert a cfengine v2 install to puppet. I was wondering if any one had any ideas on the following. I have machines that can be in any combination(ie 0 or more) of 10 groups, that can change. I need to create an access.conf based on the group membership of the node. I would like the file to be dynamically created with any redundant lines removed. I have had a look at augeus but I can't see how to both add lines based on the group as well as remove unwanted and unknown lines. I have also had a look at templates but unsure how that would look like when the you have 0-10 insertion points A template is probably the way to go. The point to understand there is that you will be templating the entire contents of the file, not just the lines related to the 10 groups. Supposing that you have an array of the names of the wanted groups, then, your template might look like this: +:root:LOCAL % @wanted_groups.each do |g| -% +:(%= g %):ALL % end -% -:ALL:ALL John Hi John Thanks a lot for the guidance my solution would have been a whole lot more messy. I was able to massage your example so that I could use a hash to specify the user and origin like this +:root:LOCAL % pam_access.each_pair do |user,origin| -% +:%= user %:%= origin % % end -% -:ALL:ALL Now what is the best way to dynamically create the array/hash? I am doing a hash merge at the moment is there a better/more puppet way? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/75b1fcd4-4315-40b0-9924-38557eece79d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Creating a config file dynamically based on the group membership of a node
On 5/21/14, 12:40 AM, Grant Street wrote: On Wednesday, May 21, 2014 12:31:59 AM UTC+10, jcbollinger wrote: On Monday, May 19, 2014 2:39:47 AM UTC-5, Grant Street wrote: Hi First time poster to this forum. I'm in the process of doing a pilot to convert a cfengine v2 install to puppet. I was wondering if any one had any ideas on the following. I have machines that can be in any combination(ie 0 or more) of 10 groups, that can change. I need to create an access.conf based on the group membership of the node. I would like the file to be dynamically created with any redundant lines removed. I have had a look at augeus but I can't see how to both add lines based on the group as well as remove unwanted and unknown lines. I have also had a look at templates but unsure how that would look like when the you have 0-10 insertion points A template is probably the way to go. The point to understand there is that you will be templating the entire contents of the file, not just the lines related to the 10 groups. Supposing that you have an array of the names of the wanted groups, then, your template might look like this: +:root:LOCAL % @wanted_groups.each do |g| -% +:(%= g %):ALL % end -% -:ALL:ALL John Hi John Thanks a lot for the guidance my solution would have been a whole lot more messy. I was able to massage your example so that I could use a hash to specify the user and origin like this +:root:LOCAL % pam_access.each_pair do |user,origin| -% +:%= user %:%= origin % % end -% -:ALL:ALL Now what is the best way to dynamically create the array/hash? I am doing a hash merge at the moment is there a better/more puppet way? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/75b1fcd4-4315-40b0-9924-38557eece79d%40googlegroups.com https://groups.google.com/d/msgid/puppet-users/75b1fcd4-4315-40b0-9924-38557eece79d%40googlegroups.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. Hi Grant, I have a puppet module[1] for PAM that manages access.conf. You can specify an array in Hiera with the key pam::allowed_users. Currently it uses a parameterized class which will look up the value in Hiera and stop on the first match. The code could be changed to allow for the use of the hiera_array[2] function which would return all instances found in Hiera. So if your groups are defined at multiple levels of the hierarchy, you would want that functionality. Here's an example[3] of how you might add it. I would be happy to work with you on a pull request. [1] - https://github.com/ghoneycutt/puppet-module-pam [2] - http://docs.puppetlabs.com/references/latest/function.html#hieraarray [3] - https://github.com/ghoneycutt/puppet-module-ssh/blob/master/manifests/init.pp#L534-544 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/537C3244.2030107%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.