Hi all, so, summary: I am cant think of a way to supply group creds on the same group to two different classes that both require access to the ssl certificates. The ssl certs are group but not world accessible, ''mode => 660''. I have ldap doing tls, in one class, so the ldap user needs to be in the sslcerts group, and httpd::ssl, so apache needs to be in the sslcerts group. how can I create the group so both classes can add their users to the group ? Thanks in advance, Andrew. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/vSTbyOvGfsMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
devzero2000
2012-Aug-13 05:35 UTC
Re: [Puppet Users] puppet class and user groups question
For situation like this define the group as a virtual group , better yet define a module that contain the virtual group including it in your class and "realize" it when necessary. Or sometime better use the "spaceship" operator if you want to realize with a command multiple user resources, virtual of course, for example. Check virtual resources here Http://docs.puppetlabs.com/guides/ hth 2012/8/13, Andrew <andrewgray1965@gmail.com>:> Hi all, > so, > summary: I am cant think of a way to supply group creds on the same group to > two different classes that both require access to the ssl certificates. The > ssl certs are group but not world accessible, ''mode => 660''. > > I have ldap doing tls, in one class, so the ldap user needs to be in the > sslcerts group, and httpd::ssl, so apache needs to be in the sslcerts > group. > > how can I create the group so both classes can add their users to the group > ? > > Thanks in advance, > Andrew. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/vSTbyOvGfsMJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- Inviato dal mio dispositivo mobile -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jcbollinger
2012-Aug-13 13:54 UTC
Re: [Puppet Users] puppet class and user groups question
On Monday, August 13, 2012 12:35:32 AM UTC-5, yersinia.spiros wrote:> > For situation like this define the group as a virtual group , better > yet define a module that contain the virtual group including it in > your class and "realize" it when necessary. Or sometime better use the > "spaceship" operator if you want to realize with a command multiple > user resources, virtual of course, for example. > >The key point is to create a separate class declaring the group, and to make the other classes rely on that one. Declaring the group as ''virtual'' and realizing it later are useful if the class providing the declaration cannot assume that every node that includes it in fact wants the group. That might be the case, for instance, in a central class that provides virtual declarations for all the groups that any node in the site might want. It might also be the case for a parametrized class, since those can only be assigned to a node once (in Puppet 2; this is a deal-breaking limitation of parametrized classes as far as I am concerned). On the other hand, if the class declaring your group is in fact specific to that purpose, and if it is not parametrized, then it can just declare the group concretely and not worry about realization. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/MJYQUZowc9gJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.