Darin Perusich
2013-Feb-12 14:21 UTC
[Puppet Users] shared header across multiple defined types via concat
Hello All,
I have two defined types which I''d like to share a common, realized
header concat resource but when both are declared in a manifest the
header is only applied to one of the types. When the headers are
declared independently for each type the work but that''s is a bunch of
nearly identical code that should be able to be reused, but i''m
missing whatever magic is needed to accomplish it.
The class is pam and the defined types are pam::access and
pam::limits. I''ve only included init.pp and limits.pp since access.pp
is nearly identical but the full module can be found at
https://github.com/deadpoint/puppet-module-pam.
Any thoughts on how to accomplish this?
init.pp:
class pam {
include concat::setup
$access_conf = ''/etc/security/access.conf''
$limits_conf = ''/etc/security/limits.conf''
@concat { $limits_conf:
owner => ''root'',
group => ''root'',
mode => ''0644'',
}
# header
@concat::fragment { "header":
target => undef,
name => undef,
order => 01,
content => template("pam/header.erb"),
}
}
limits.pp:
define pam::limits ( $domain, $type, $item, $value, $ensure present, $priority
= ''10'' )
{
include pam
$limits_conf = $pam::limits_conf
realize ( Concat[$limits_conf] )
Concat::Fragment <| title == ''header'' |> { target =>
$limits_conf,
name => "limits" }
concat::fragment { "pam::limits ${domain}-${type}-${item}-${value}":
ensure => $ensure,
target => $limits_conf,
content => "${domain} ${type} ${item} ${value}\n",
order => $priority,
}
}
--
Later,
Darin
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Felix Frank
2013-Feb-14 12:07 UTC
Re: [Puppet Users] shared header across multiple defined types via concat
Wait, what? You''re starship-overriding the one header resource to use whatever target "gets lucky"? I think this is bound to break, no? So basically you want all generated files to use the same header template? Hmm. I believe what you want is another defined type that represents "the header snippet for a specific pam config file" and declares a concat::fragment "$name-header" or somesuch. Each of the other defined types then contains an instance of this new type, probably not passing more than the name. This is not a use case for virtual resources as far as I can tell. Cheers, Felix On 02/12/2013 03:21 PM, Darin Perusich wrote:> Concat::Fragment <| title == ''header'' |> { target => $limits_conf, > name => "limits" }-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Darin Perusich
2013-Feb-15 14:31 UTC
Re: [Puppet Users] shared header across multiple defined types via concat
Hi Felix, On Thu, Feb 14, 2013 at 7:07 AM, Felix Frank <felix.frank@alumni.tu-berlin.de> wrote:> So basically you want all generated files to use the same header > template? Hmm.This is correct.> I believe what you want is another defined type that represents "the > header snippet for a specific pam config file" and declares a > concat::fragment "$name-header" or somesuch. Each of the other defined > types then contains an instance of this new type, probably not passing > more than the name.I''ve tried this approach and the problem you run into is when defining multiple pam::limits you create a duplicate declaration caused by pam::header being called for each instance. It attempts to create multiple headers. -- Later, Darin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Felix Frank
2013-Feb-15 15:12 UTC
Re: [Puppet Users] shared header across multiple defined types via concat
Hi,
it''s paramount that you generate a unique $name for each invocation of
your defined type, e.g.
pam::header { "limits-$name": }
You can take advantage of the fact that the "calling" defines have
unique names of their own.
HTH,
Felix
On 02/15/2013 03:31 PM, Darin Perusich wrote:>> > I believe what you want is another defined type that represents
"the
>> > header snippet for a specific pam config file" and declares a
>> > concat::fragment "$name-header" or somesuch. Each of the
other defined
>> > types then contains an instance of this new type, probably not
passing
>> > more than the name.
> I''ve tried this approach and the problem you run into is when
defining
> multiple pam::limits you create a duplicate declaration caused by
> pam::header being called for each instance. It attempts to create
> multiple headers.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Darin Perusich
2013-Feb-15 16:53 UTC
Re: [Puppet Users] shared header across multiple defined types via concat
On Fri, Feb 15, 2013 at 10:12 AM, Felix Frank <felix.frank@alumni.tu-berlin.de> wrote:> Hi, > > it''s paramount that you generate a unique $name for each invocation of > your defined type, e.g. > > pam::header { "limits-$name": } > > You can take advantage of the fact that the "calling" defines have > unique names of their own.Right, that was my dump mistake. It still doesn''t take away from the fact that the header will be added multiple times.> HTH, > Felix > > On 02/15/2013 03:31 PM, Darin Perusich wrote: >>> > I believe what you want is another defined type that represents "the >>> > header snippet for a specific pam config file" and declares a >>> > concat::fragment "$name-header" or somesuch. Each of the other defined >>> > types then contains an instance of this new type, probably not passing >>> > more than the name. >> I''ve tried this approach and the problem you run into is when defining >> multiple pam::limits you create a duplicate declaration caused by >> pam::header being called for each instance. It attempts to create >> multiple headers. > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Felix Frank
2013-Feb-15 17:08 UTC
Re: [Puppet Users] shared header across multiple defined types via concat
Ah, now I see where you''re coming from. Turns out the virtual resource is a good idea then after all. To make this work, I believe you have to - not declare the virtual resource in the central class - do declare one virtual header snippet per defined type - realize the header snippet in the same defined type - not try and override any of its parameters Of course, the specific header snippets can still not share the same name. I hope that doesn''t pose a problem. HTH, Felix On 02/15/2013 05:53 PM, Darin Perusich wrote:> Right, that was my dump mistake. It still doesn''t take away from the > fact that the header will be added multiple times.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.