Puppet users - May 2008 - Cross module variables/sudoers trouble!

Hi,

I''m really struggling to express this in a clean way, and I thought
I''d turn
to the list.  I currently have a bunch of modules, and I have a sudo/ module
that defines my sudoers file via a template.  I also have a rhythmyx/ module
which is a piece of CMS software we''re using.

I need to add two lines into sudoers but ONLY if the rhythmyx module is
included.  I am unsure of the best way to handle this, but I tried modifying
the template in sudo/ to have:

<% if $rhythmyx %>
Cmnd_Alias RHYTHMYXD = /etc/init.d/RhythmyxD
nrpe ALL=(ALL) NOPASSWD: RHYTHMYXD
<% end %>

Then, in ''/rhythmyx/manifests/init.pp'' I added
''$rhythmyx tagged("rhythmyx")''.  However, this fails
because I first tried to test on a
machine that includes sudo and not rhythmyx, and I get the following:

/var/log/messages.1:May  2 15:27:10 hlslinutil02 puppetd[3778]: Could not
retrieve catalog: Failed to parse template sudo/sudoers.erb: Could not find
value for ''rhythmyx'' at
/etc/puppet/modules/sudo/manifests/sudoers.pp:11 on
node hlslinutil02.law.harvard.edu

Is this even the right way to do this, or should I try to modify sudoers in
the rhythmyx module somehow, by appending some lines?  It seems cleaner to
keep it all in sudo/ and have if checks for the various other classes that
might require custom sudo content.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Mon, May 5, 2008 at 7:17 AM, Ashley Penney <apenney@gmail.com>
wrote:
> I''m really struggling to express this in a clean way, and I
thought I''d turn
> to the list.  I currently have a bunch of modules, and I have a sudo/
module
> that defines my sudoers file via a template.  I also have a rhythmyx/
module
> which is a piece of CMS software we''re using.
>
> I need to add two lines into sudoers but ONLY if the rhythmyx module is
> included.  I am unsure of the best way to handle this, but I tried
modifying
> the template in sudo/ to have:
>
> <% if $rhythmyx %>
> Cmnd_Alias RHYTHMYXD = /etc/init.d/RhythmyxD
>  nrpe ALL=(ALL) NOPASSWD: RHYTHMYXD
> <% end %>
>
> Then, in ''/rhythmyx/manifests/init.pp'' I added
''$rhythmyx > tagged("rhythmyx")''.  However, this
fails because I first tried to test on a
> machine that includes sudo and not rhythmyx, and I get the following:
Throw that in to your sudoers module instead, and you''re good to go.

/sudoers/manifests/init.pp
$rhythmyx = tagged("rhythmyx")

Adam

-- 
HJK Solutions - We Launch Startups - http://www.hjksolutions.com
Adam Jacob, Senior Partner
T: (206) 508-4759 E: adam@hjksolutions.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

OH!  So how does that line break down:

$rhythmyx = tagged("rhythmyx")

I can''t find any reference to tagged() in the documentation, but I
assume
that it means (if the class exists, put something into $rhythmyx).

On Mon, May 5, 2008 at 12:57 PM, Adam Jacob <adam@hjksolutions.com> wrote:
>
> On Mon, May 5, 2008 at 7:17 AM, Ashley Penney <apenney@gmail.com>
wrote:
> > I''m really struggling to express this in a clean way, and I
thought I''d
> turn
> > to the list.  I currently have a bunch of modules, and I have a sudo/
> module
> > that defines my sudoers file via a template.  I also have a rhythmyx/
> module
> > which is a piece of CMS software we''re using.
> >
> > I need to add two lines into sudoers but ONLY if the rhythmyx module
is
> > included.  I am unsure of the best way to handle this, but I tried
> modifying
> > the template in sudo/ to have:
> >
> > <% if $rhythmyx %>
> > Cmnd_Alias RHYTHMYXD = /etc/init.d/RhythmyxD
> >  nrpe ALL=(ALL) NOPASSWD: RHYTHMYXD
> > <% end %>
> >
> > Then, in ''/rhythmyx/manifests/init.pp'' I added
''$rhythmyx > > tagged("rhythmyx")''.  However,
this fails because I first tried to test
> on a
> > machine that includes sudo and not rhythmyx, and I get the following:
>
> Throw that in to your sudoers module instead, and you''re good to
go.
>
> /sudoers/manifests/init.pp
> $rhythmyx = tagged("rhythmyx")
>
> Adam
>
> --
> HJK Solutions - We Launch Startups - http://www.hjksolutions.com
> Adam Jacob, Senior Partner
> T: (206) 508-4759 E: adam@hjksolutions.com
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On May 5, 8:17 am, "Ashley Penney" <apen...@gmail.com>
wrote:
>
> I''m really struggling to express this in a clean way, and I
thought I''d turn
> to the list.  I currently have a bunch of modules, and I have a sudo/
module
> that defines my sudoers file via a template.  I also have a rhythmyx/
module
> which is a piece of CMS software we''re using.
We gave up on trying to handle our sudoers file via a template very
early on. Instead, we use a single sudoers file with different host
aliases for host/app specific contexts. Our Puppet manifests for
sudoers consist of only the file resource, so it is very simple.

To use your example, we might have:

Cmnd_Alias RHYTHMYXD = /etc/init.d/RhythmyxD
Host_Alias RHYTHMYXD = web01, web02
nrpe RHYTHMYXD=(ALL) NOPASSWD: RHYTHMYXD

In this case, you would know that only ''web01'' and
''web02'' have the
rhythmyxd module installed, because that would be included with their
node definition, or associated with them in your external nodes tool,
whichever you''re using.

-joshua
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Mon, May 5, 2008 at 10:12 AM, Ashley Penney <apenney@gmail.com>
wrote:
> OH!  So how does that line break down:
>
> $rhythmyx = tagged("rhythmyx")
>
> I can''t find any reference to tagged() in the documentation, but I
assume
> that it means (if the class exists, put something into $rhythmyx).
http://reductivelabs.com/trac/puppet/wiki/FunctionReference#tagged

Adam

-- 
HJK Solutions - We Launch Startups - http://www.hjksolutions.com
Adam Jacob, Senior Partner
T: (206) 508-4759 E: adam@hjksolutions.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Mon, May 5, 2008 at 10:19 AM, jtimberman <grumpysmurf@gmail.com>
wrote:
>  Cmnd_Alias RHYTHMYXD = /etc/init.d/RhythmyxD
>  Host_Alias RHYTHMYXD = web01, web02
>  nrpe RHYTHMYXD=(ALL) NOPASSWD: RHYTHMYXD
>
>  In this case, you would know that only ''web01'' and
''web02'' have the
>  rhythmyxd module installed, because that would be included with their
>  node definition, or associated with them in your external nodes tool,
>  whichever you''re using.
One of the things we do with iClassify is pull the puppet classes out
of the yaml file on the client periodically, and update a puppet_class
attribute with it.  That way, we can easily say:

<% if puppet_class.detect { |c| c == "rhythmyx" } %>
...
<% end %>

It won''t work the first pass through, though, like tagged will.

Adam

-- 
HJK Solutions - We Launch Startups - http://www.hjksolutions.com
Adam Jacob, Senior Partner
T: (206) 508-4759 E: adam@hjksolutions.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

I''m more confused than ever now.  I finally got it to find the variable
by
moving it above the include sudo::sudoers subclass that I have, and then the
template part works.  However, it ALWAYS works.  I currently have
''<% if
rhythmyx = true %>'', with the variable being ''$rhythmyx
tagged("rhythmyx")''.

Even if I don''t include rhythmyx in the node definition, it always
becomes
true.  What else can I try? :/

On Mon, May 5, 2008 at 1:35 PM, Adam Jacob <adam@hjksolutions.com> wrote:
>
> On Mon, May 5, 2008 at 10:19 AM, jtimberman <grumpysmurf@gmail.com>
wrote:
> >  Cmnd_Alias RHYTHMYXD = /etc/init.d/RhythmyxD
> >  Host_Alias RHYTHMYXD = web01, web02
> >  nrpe RHYTHMYXD=(ALL) NOPASSWD: RHYTHMYXD
> >
> >  In this case, you would know that only ''web01'' and
''web02'' have the
> >  rhythmyxd module installed, because that would be included with their
> >  node definition, or associated with them in your external nodes tool,
> >  whichever you''re using.
>
> One of the things we do with iClassify is pull the puppet classes out
> of the yaml file on the client periodically, and update a puppet_class
> attribute with it.  That way, we can easily say:
>
> <% if puppet_class.detect { |c| c == "rhythmyx" } %>
> ...
> <% end %>
>
> It won''t work the first pass through, though, like tagged will.
>
> Adam
>
> --
> HJK Solutions - We Launch Startups - http://www.hjksolutions.com
> Adam Jacob, Senior Partner
> T: (206) 508-4759 E: adam@hjksolutions.com
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Try <% rhythmyx == true %> :)

Adam

On Mon, May 5, 2008 at 12:01 PM, Ashley Penney <apenney@gmail.com>
wrote:
> I''m more confused than ever now.  I finally got it to find the
variable by
> moving it above the include sudo::sudoers subclass that I have, and then
the
> template part works.  However, it ALWAYS works.  I currently have
''<% if
> rhythmyx = true %>'', with the variable being
''$rhythmyx > tagged("rhythmyx")''.
>
> Even if I don''t include rhythmyx in the node definition, it always
becomes
> true.  What else can I try? :/
>
>
>
> On Mon, May 5, 2008 at 1:35 PM, Adam Jacob <adam@hjksolutions.com>
wrote:
>
> >
> >
> > On Mon, May 5, 2008 at 10:19 AM, jtimberman
<grumpysmurf@gmail.com> wrote:
> > >  Cmnd_Alias RHYTHMYXD = /etc/init.d/RhythmyxD
> > >  Host_Alias RHYTHMYXD = web01, web02
> > >  nrpe RHYTHMYXD=(ALL) NOPASSWD: RHYTHMYXD
> > >
> > >  In this case, you would know that only ''web01''
and ''web02'' have the
> > >  rhythmyxd module installed, because that would be included with
their
> > >  node definition, or associated with them in your external nodes
tool,
> > >  whichever you''re using.
> >
> > One of the things we do with iClassify is pull the puppet classes out
> > of the yaml file on the client periodically, and update a puppet_class
> > attribute with it.  That way, we can easily say:
> >
> > <% if puppet_class.detect { |c| c == "rhythmyx" } %>
> > ...
> > <% end %>
> >
> > It won''t work the first pass through, though, like tagged
will.
> >
> >
> > Adam
> >
> > --
> > HJK Solutions - We Launch Startups - http://www.hjksolutions.com
> > Adam Jacob, Senior Partner
> > T: (206) 508-4759 E: adam@hjksolutions.com
> >
> >
> >
>
>
>
>  >
>


-- 
HJK Solutions - We Launch Startups - http://www.hjksolutions.com
Adam Jacob, Senior Partner
T: (206) 508-4759 E: adam@hjksolutions.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---