tormsl
2011-Nov-06 00:29 UTC
[Puppet Users] Overriding/changing default definitions on a child node
Hi all, Now, I know this question has probably been answered before, but could you please answer it again? I have this setup where I want to build a list of allowed login groups for PAM based on their place in the node inheritance chain. I have created a class which takes an array as a parameter and simply writes this array to a text file (/etc/login.groups.allow). I want to build this array as the interpreter steps down the inheritance chain from the default node which starts with the "root" group. Here''s an example (default node at the bottom): node "some.client" inherits clients { } node "clients" inherits default { # add the clients group .... } node "login-server" inherits servers { # add the clients group } node "normal-server" inherits servers { } node "servers" inherits default { # add the serveradmins group .... } node default { # start off with the root group } So, every client should end up with a file containing "root" and "clients", every server should end up with a file containing "root" and "serveradmins" and the login-server should have "root", "serveradmins" and "clients". This is the class which shall receive the final list of groups: class login_groups ($logingroups) { file { "/etc/login.groups.allow": owner => root, group => root, mode => 600, content => template("login_groups/ login.groups.allow.erb"), } } This is the template: <% logingroups.each do |val| -%> <%= val %> <% end -%> Is there any way of doing this or should I just give up on the idea? I have done much searching and reading, but cannot find a suitable way of solving this problem. Thanks, Tor Martin. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Felix Frank
2011-Nov-25 13:25 UTC
Re: [Puppet Users] Overriding/changing default definitions on a child node
Hi, difficult problem. I''ve made an (anti-)pattern for server-side concatenation, but so far I haven''t found an *easy* way to do it with puppet. In your case, you may find it easier to just use variables. Please don''t use node inheritance (or, in you use case, class inheritance, either). class logingroups { $groups = "root" } class logingroups::servers { include logingroups $groups = "$logingroups::groups,serveradmins" } class logingroups::loginserver { include logingroups::servers $groups = "$logingroups::servers::groups,clients" } ...etc. It will then be up to each node to decide which class/variable to use to populate the file content. The template will look like <% groups.split(",").each do |val| -%> <%= val %> <% end -%> HTH, Felix On 11/06/2011 01:29 AM, tormsl wrote:> Hi all, > > Now, I know this question has probably been answered before, but could > you please answer it again? > > I have this setup where I want to build a list of allowed login groups > for PAM based on their place in the node inheritance chain. > I have created a class which takes an array as a parameter and simply > writes this array to a text file (/etc/login.groups.allow). I want to > build this array as the interpreter steps down the inheritance chain > from the default node which starts with the "root" group. > > Here''s an example (default node at the bottom): > > node "some.client" inherits clients { } > > node "clients" inherits default { > # add the clients group > .... > } > > node "login-server" inherits servers { > # add the clients group > } > > node "normal-server" inherits servers { } > > node "servers" inherits default { > # add the serveradmins group > .... > } > > node default { > # start off with the root group > } > > So, every client should end up with a file containing "root" and > "clients", every server should end up with a file containing "root" > and "serveradmins" and the login-server should have "root", > "serveradmins" and "clients". > > > This is the class which shall receive the final list of groups: > > class login_groups ($logingroups) { > file { "/etc/login.groups.allow": > owner => root, > group => root, > mode => 600, > content => template("login_groups/ > login.groups.allow.erb"), > } > } > > This is the template: > > <% logingroups.each do |val| -%> > <%= val %> > <% end -%> > > Is there any way of doing this or should I just give up on the idea? I > have done much searching and reading, but cannot find a suitable way > of solving this problem. > > Thanks, > Tor Martin. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.