Hi there.
I''m trying to wrap my head around puppet and its parlance and need some
guidance...
2 Questions:
1) I have done some puppet stuff on a new server and would like to hear
whether I have done things "the right way"
2) I want to build on top of that and am not sure how...
Question 1
=========We don''t normally host static websites for people, but have
been asked
to so so for a small number of sites. I decided to use this opportunity
to get into puppet.
Based on the recipe at
http://reductivelabs.com/trac/puppet/wiki/Recipes/DebianApache2Recipe
I''ve created the following:
1. A class called reahlapache, which inherits from apache2. It adds
files into /etc/apache2/conf.d, makes sure all the modules we typically
need are present in the apache installation (using apache2::module for
this), etc. In other words node-specific apache stuff specific to our
environment.
2. The reahlapache class also has a define called "staticsite" which
"calls" apache2::site and then does some extra things that we
"typically" do for such a static site. Such as creating an apache
config
file for a virtual host for the site (from an erb template); creating a
directory for the virtual host.
3. We then have a site.pp that imports the reahlapache class, and, for
the correct node includes it. In that node we also create
reahlapache::staticsite instances for each of the websites.
Does this make sense? (It works...) Can I "override" as in OO parlance
apache2::site in reahlapache::site instead?
Question 2
=========We enable webdav on these sites for the client to be able to upload
files. And for this we use the apache settings:
AuthDigestProvider file
AuthUserFile /somefilesomewhere
Which means that we need to create /somefilesomewhere and populate it
using invocations of "htdigest realm username" (which will ask for a
password and store a hash of it in the file it seems).
It would be nice if I can specify a list of domains somewhere, and a
list of users elsewhere, stating which users belong to which domains. (A
particular user possible belonging to more than one domain.)
Then I''d like to get puppet to generate the
appropriate /somefilesomewhere for a particular reahlapache by getting
the set of all domains used for all the sites on it, and creating the
file with all the users of all those domains in that file.
Is this too ambitious or am I missing the point somewhere? Would one
need to go down to Ruby for doing this, or should I try to express it in
Puppet?
Thanks
-Iwan
Hi Iwan, Cool, I worked a little on that module :D For your questions: On 10/31/07, Iwan Vosloo <iwan@reahl.org> wrote:> > 1) I have done some puppet stuff on a new server and would like to hear > whether I have done things "the right way"Yeah, you inherit the base module and create the site-specific stuff in your new class. Sounds cool and proper. You might also want to look at DavidS'' repository at http://git.black.co.at for an updated version of that module. 2) I want to build on top of that and am not sure how... Simply keep on going! :)> Can I "override" as in OO parlanceapache2::site in reahlapache::site instead? Not sure if you can override a define... But simply extending on it seems a bit easier for the eyes imo. AuthDigestProvider file> AuthUserFile /somefilesomewhereHow about using MySQL as a provider? Haven''t used Digest yet, but I know it''s possible with Basic Auth. Can''t imagine it wouldn''t be possible in Digest. Saves a lot of hassle, I think.> Then I''d like to get puppet to generate the > appropriate /somefilesomewhere for a particular reahlapache by getting > the set of all domains used for all the sites on it, and creating the > file with all the users of all those domains in that file.I don''t see how you could do this without some heavy scripting, I''m afraid. Especially if you want to not keep the passwords in plain text somewhere. Is this too ambitious or am I missing the point somewhere? Would one> need to go down to Ruby for doing this, or should I try to express it in > Puppet?If you''d create a custom type, you can do anything you want. Lots of work, though. -- Gegroet, Tim _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
Hi Tim, Thanks. I thought I was trying to be too OOish. On Wed, 2007-10-31 at 10:53 -0500, Tim Stoop wrote:> You might also want to look at DavidS'' > repository at http://git.black.co.at for an updated version of that > module.Will do.> How about using MySQL as a provider? Haven''t used Digest yet, but I > know > it''s possible with Basic Auth. Can''t imagine it wouldn''t be possible > in > Digest. Saves a lot of hassle, I think.Yes, I''m sure that''s a better way to go - just want to keep to stuff I know for now :-)> > Then I''d like to get puppet to generate the > > appropriate /somefilesomewhere for a particular reahlapache by > getting > > the set of all domains used for all the sites on it, and creating > the > > file with all the users of all those domains in that file. > > > I don''t see how you could do this without some heavy scripting, I''m > afraid. > Especially if you want to not keep the passwords in plain text > somewhere.I think I should calm down and just ship the whole digest password file with puppet, not try and write a complicated model on top of it... That also simplifies things. There is a lot of config we still need to get to! Thanks -Iwan