Puppet users - Mar 2012 - Creating multiple resources from an array

Hi,

I''m currently trying to write a module to manage Squid, including the
SSL certificates it uses. Sometimes you want Squid to listen on
multiple IPs with multiple certificates, so I''m trying to get Puppet
to push the certificates to the nodes and configure Squid accordingly.

I''ve run into a problem with the idea of pushing multiple certificates
though. The module has a definition called squid::config, which is
called in each node manifest if you need to override certain settings
on the node. For example, if a node needed Squid to use two
certificates, you would put this in the manifest:

squid::config { "www.example.com":
 certificatename =>
[''www.example.com'',''www.example2.com'']
}

Now, I''ve got the config file management working fine, but getting it
to push the certificates and private keys is a pain. Essentially I
need Puppet to iterate over the keys in the array as part of a file
resource, like this:

file { "/etc/squid/keys/$certificatename.crt":
 ensure => present,
 source =>
"puppet:///modules/squid/certificates/$certificatename.crt"
 }

file { "/etc/squid/keys/$certificatename.key.pem":
 ensure => present,
 source => "puppet:///modules/squid/certificates/
$certificatename.key.pem"
 }

It would then grab the .crt files from the /certificates directory and
put them on the node. If I was writing this in Bash, I''d just use a
for loop, but that isn''t an option with Puppet as far as I can see...
I''ve tried a number of different things, but I keep on hitting a brick
wall, to the point that I think I''m just approaching this in entirely
the wrong way. If anyone could give me some advice on how to proceed
it would be much appreciated.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Mar 13, 11:28 am, Andy Taylor <andytaylo...@gmail.com>
wrote:
> Hi,
>
> I''m currently trying to write a module to manage Squid, including
the
> SSL certificates it uses. Sometimes you want Squid to listen on
> multiple IPs with multiple certificates, so I''m trying to get
Puppet
> to push the certificates to the nodes and configure Squid accordingly.
>
> I''ve run into a problem with the idea of pushing multiple
certificates
> though. The module has a definition called squid::config, which is
> called in each node manifest if you need to override certain settings
> on the node. For example, if a node needed Squid to use two
> certificates, you would put this in the manifest:
>
> squid::config { "www.example.com":
>  certificatename =>
[''www.example.com'',''www.example2.com'']
>
> }
>
> Now, I''ve got the config file management working fine, but getting
it
> to push the certificates and private keys is a pain. Essentially I
> need Puppet to iterate over the keys in the array as part of a file
> resource, like this:
>
> file { "/etc/squid/keys/$certificatename.crt":
>  ensure => present,
>  source =>
"puppet:///modules/squid/certificates/$certificatename.crt"
>  }
>
> file { "/etc/squid/keys/$certificatename.key.pem":
>  ensure => present,
>  source => "puppet:///modules/squid/certificates/
> $certificatename.key.pem"
>  }
>
> It would then grab the .crt files from the /certificates directory and
> put them on the node. If I was writing this in Bash, I''d just use
a
> for loop, but that isn''t an option with Puppet as far as I can
see...
> I''ve tried a number of different things, but I keep on hitting a
brick
> wall, to the point that I think I''m just approaching this in
entirely
> the wrong way. If anyone could give me some advice on how to proceed
> it would be much appreciated.

Puppet DSL does not support iteration, but it does support declaring
multiple resources based on an array of the desired resource titles.
That may feel like iteration to you, and it probably will be
sufficient for your purposes.  One typically combines that with
defined types to tackle the sort of problems that are described as "I
need Puppet to iterate [...].".

modules/mysquid/manifests/certificate.pp
=============================define mysquid::certificate () {
  file { "/etc/squid/keys/${name}.crt":
    ensure => present,
    source => "puppet:///modules/squid/certificates/${name}.crt"
  }

  file { "/etc/squid/keys/${name}.key.pem":
    ensure => present,
    source =>
"puppet:///modules/squid/certificates/${name}.key.pem"
  }
}


somewhere/else/manifests.pp
=====================...
  mysquid::certificate { $certificatname: }
...

===
This relies on the facts that
1) When you use an array as a resource title, Puppet interprets it as
a declaration of one resource for each array element, with the array
element as the resource title, all with the same parameters; and
2) inside the definition body, the variable ${name} automagically
refers to the name/title of the resource instance.


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

And tell Barney I said "hey."

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks for the solution, works great :) And I had to resort to google
for the barney reference - I''ll pass that right along :)

On Mar 13, 9:37 pm, jcbollinger <John.Bollin...@stJude.org>
wrote:
> And tell Barney I said "hey."
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.