Puppet users - Jun 2010 - "onlyif" for resource type "file"

Hello,

How do I deploy a file, but then stop deploying it when it has been
changed in a certain way?

Something like:

file { "/etc/ldap.conf":
        owner   => root,
        group   => nscd,
        mode    => 640,
        content => template("gu_auth/ldap.conf.rb"),
        onlyifnot => "grep -E ''^PUPPET ME NOT''
''/etc/ldap.conf''",
    }



Thanks a lot.
Mohamed.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Mohamed Lrhazi <lrhazi@gmail.com> writes:
> How do I deploy a file, but then stop deploying it when it has been changed
> in a certain way?
Don''t do that.  That way lies madness.  You will have machines that are
randomly in and out of the pool of managed files all over the place, with no
way to audit or manage that.

Instead, only include the "file" define on machines where you do want
to
manage the content, or do something like this:

file { "/etc/ldap.conf.puppet": ... }
exec { "/bin/ln -s /etc/ldap.conf.puppet /etc/ldap.conf":
  creates => "/etc/ldap.conf"
}

That way you will only put the puppet file in place (by creating the symlink)
until something exists in that location.  Refining this (eg: dealing with
pre-existing files) is easy enough to extend it to.


However, I *strongly* urge you to tell us what you problem is — because you
are clearly wanting to do this to solve some problem, and there might be a
much better way to do what you want.

Regards,
        Daniel
-- 
✣ Daniel Pittman            ✉ daniel@rimspace.net            ☎ +61 401 155 707
               ♽ made with 100 percent post-consumer electrons

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Mon, 28 Jun 2010, Mohamed Lrhazi wrote:
> file { "/etc/ldap.conf":
>         owner   => root,
>         group   => nscd,
>         mode    => 640,
>         content => template("gu_auth/ldap.conf.rb"),
>         onlyifnot => "grep -E ''^PUPPET ME NOT''
''/etc/ldap.conf''",
>     }
"onlyif" doesn''t work on file resources, but see bug #651.
For now, you can fake it like this:

file { "/etc/ldap.conf.puppet":
        owner   => root,
        group   => nscd,
        mode    => 640,
        content => template("gu_auth/ldap.conf.rb"),
}
exec { "update /etc/ldap.conf":
        command => "cp /etc/ldap.conf.puppet /etc/ldap.conf",
	unless =>  "grep -E ''^PUPPET ME NOT''
/etc/ldap.conf",
}

--apb (Alan Barrett)

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks a lot Daniel.
> However, I *strongly* urge you to tell us what you problem is
Right, am newbie here, so am sure am doing a lot of things wrong, or
thinking about them from a wrong way....

I have a bunch of files that were deployed via kickstart and manual
provisioning procedures that I am "translating" to Puppet...

This one file, /etc/ldap.conf, is deployed from kickstart, but then
later, a manual run of a script by an admin, as part of later
provisioning step, updates ldap.conf with bind password... I need
/etc/ldap.conf deployed right after initial install, and maintained...
but don''t want the bindpassword overwritten once it has been updated,
the password is unique to each host.... What would be the right way to
maintain such a file?

Thanks a lot.
Mohamed.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On 6/28/2010 5:33 PM, Mohamed Lrhazi wrote:
>> However, I *strongly* urge you to tell us what you problem is
>
> I have a bunch of files that were deployed via kickstart and manual
> provisioning procedures that I am "translating" to Puppet...
My condolences.
> This one file, /etc/ldap.conf, is deployed from kickstart, but then
> later, a manual run of a script by an admin, as part of later
> provisioning step, updates ldap.conf with bind password... I need
> /etc/ldap.conf deployed right after initial install, and maintained...
> but don''t want the bindpassword overwritten once it has been
updated,
> the password is unique to each host.... What would be the right way to
> maintain such a file?
Maintain the lists of passwords on the master and provision them using 
extlookup and a template. You can still provision a basic ldap.conf on 
kickstart, but as soon as puppet kicks in, you''ll be in total and 
perpetual control of the file.



Best Regards, David
-- 
dasz.at OG              Tel: +43 (0)664 2602670     Web: http://dasz.at
Klosterneuburg                                         UID: ATU64260999

        FB-Nr.: FN 309285 g          FB-Gericht: LG Korneuburg

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Jun 28, 2010, at 8:33 AM, Mohamed Lrhazi wrote:
> Thanks a lot Daniel.
> 
>> However, I *strongly* urge you to tell us what you problem is
> 
> Right, am newbie here, so am sure am doing a lot of things wrong, or
> thinking about them from a wrong way....
> 
> I have a bunch of files that were deployed via kickstart and manual
> provisioning procedures that I am "translating" to Puppet...
> 
> This one file, /etc/ldap.conf, is deployed from kickstart, but then
> later, a manual run of a script by an admin, as part of later
> provisioning step, updates ldap.conf with bind password... I need
> /etc/ldap.conf deployed right after initial install, and maintained...
> but don''t want the bindpassword overwritten once it has been
updated,
> the password is unique to each host.... What would be the right way to
> maintain such a file?

You might want to look into Augeas.  That would allow you to manage some
settings in the file, but not all the settings.  This way you can change any
settings you want even after the password is set.

Here''s an example.

augeas { "set_ldap_settings":
	#If your ldap.conf is directly in etc, you''ll need to change the next
line
	context => "/files/etc/ldap/ldap.conf",
	changes => [
		"set SIZELIMIT 11",
		"set BASE dc=exaple,dc=com",
		"set URI ''ldap://ldap.exaple.com
ldap://ldap-master.exaple.com:666''"
	},
}

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Jun 28, 2010, at 9:09 AM, David Schmitt wrote:
> On 6/28/2010 5:33 PM, Mohamed Lrhazi wrote:
>>> However, I *strongly* urge you to tell us what you problem is
>> 
>> I have a bunch of files that were deployed via kickstart and manual
>> provisioning procedures that I am "translating" to Puppet...
> 
> My condolences.
> 
>> This one file, /etc/ldap.conf, is deployed from kickstart, but then
>> later, a manual run of a script by an admin, as part of later
>> provisioning step, updates ldap.conf with bind password... I need
>> /etc/ldap.conf deployed right after initial install, and maintained...
>> but don''t want the bindpassword overwritten once it has been
updated,
>> the password is unique to each host.... What would be the right way to
>> maintain such a file?
> 
> Maintain the lists of passwords on the master and provision them using
extlookup and a template. You can still provision a basic ldap.conf on
kickstart, but as soon as puppet kicks in, you''ll be in total and
perpetual control of the file.
My solution is simpler and easier to implement, but this solution will probably
be much easier to deal with in the long run.  With David''s solution,
you won''t need to have the admin set the password using the script.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks a lot guys. I will explore both roads.

Mohamed.

On Mon, Jun 28, 2010 at 12:30 PM, Patrick Mohr <kc7zzv@gmail.com>
wrote:
>
> On Jun 28, 2010, at 9:09 AM, David Schmitt wrote:
>
>> On 6/28/2010 5:33 PM, Mohamed Lrhazi wrote:
>>>> However, I *strongly* urge you to tell us what you problem is
>>>
>>> I have a bunch of files that were deployed via kickstart and manual
>>> provisioning procedures that I am "translating" to
Puppet...
>>
>> My condolences.
>>
>>> This one file, /etc/ldap.conf, is deployed from kickstart, but then
>>> later, a manual run of a script by an admin, as part of later
>>> provisioning step, updates ldap.conf with bind password... I need
>>> /etc/ldap.conf deployed right after initial install, and
maintained...
>>> but don''t want the bindpassword overwritten once it has
been updated,
>>> the password is unique to each host.... What would be the right way
to
>>> maintain such a file?
>>
>> Maintain the lists of passwords on the master and provision them using
extlookup and a template. You can still provision a basic ldap.conf on
kickstart, but as soon as puppet kicks in, you''ll be in total and
perpetual control of the file.
>
> My solution is simpler and easier to implement, but this solution will
probably be much easier to deal with in the long run.  With David''s
solution, you won''t need to have the admin set the password using the
script.
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
" Logic merely sanctions the conquests of the intuition."
Jacques Hadamard

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.