Puppet users - Nov 2011 - Overriding/changing default definitions on a child node

Hi all,

Now, I know this question has probably been answered before, but could
you please answer it again?

I have this setup where I want to build a list of allowed login groups
for PAM based on their place in the node inheritance chain.
I have created a class which takes an array as a parameter and simply
writes this array to a text file (/etc/login.groups.allow). I want to
build this array as the interpreter steps down the inheritance chain
from the default node which starts with the "root" group.

Here''s an example (default node at the bottom):

node "some.client" inherits clients { }

node "clients" inherits default {
    # add the clients group
    ....
}

node "login-server" inherits servers {
    # add the clients group
}

node "normal-server" inherits servers { }

node "servers" inherits default {
    # add the serveradmins group
    ....
}

node default {
    # start off with the root group
}

So, every client should end up with a file containing "root" and
"clients", every server should end up with a file containing
"root"
and "serveradmins" and the login-server should have "root",
"serveradmins" and "clients".


This is the class which shall receive the final list of groups:

class login_groups ($logingroups) {
        file { "/etc/login.groups.allow":
                owner => root,
                group => root,
                mode => 600,
                content => template("login_groups/
login.groups.allow.erb"),
        }
}

This is the template:

<% logingroups.each do |val| -%>
<%= val %>
<% end -%>

Is there any way of doing this or should I just give up on the idea? I
have done much searching and reading, but cannot find a suitable way
of solving this problem.

Thanks,
Tor Martin.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,

difficult problem. I''ve made an (anti-)pattern for server-side
concatenation, but so far I haven''t found an *easy* way to do it with
puppet.

In your case, you may find it easier to just use variables. Please
don''t
use node inheritance (or, in you use case, class inheritance, either).

class logingroups {
  $groups = "root"
}

class logingroups::servers {
  include logingroups
  $groups = "$logingroups::groups,serveradmins"
}

class logingroups::loginserver {
  include logingroups::servers
  $groups = "$logingroups::servers::groups,clients"
}

...etc.

It will then be up to each node to decide which class/variable to use to
populate the file content.

The template will look like
<% groups.split(",").each do |val| -%>
<%= val %>
<% end -%>

HTH,
Felix

On 11/06/2011 01:29 AM, tormsl wrote:
> Hi all,
> 
> Now, I know this question has probably been answered before, but could
> you please answer it again?
> 
> I have this setup where I want to build a list of allowed login groups
> for PAM based on their place in the node inheritance chain.
> I have created a class which takes an array as a parameter and simply
> writes this array to a text file (/etc/login.groups.allow). I want to
> build this array as the interpreter steps down the inheritance chain
> from the default node which starts with the "root" group.
> 
> Here''s an example (default node at the bottom):
> 
> node "some.client" inherits clients { }
> 
> node "clients" inherits default {
>     # add the clients group
>     ....
> }
> 
> node "login-server" inherits servers {
>     # add the clients group
> }
> 
> node "normal-server" inherits servers { }
> 
> node "servers" inherits default {
>     # add the serveradmins group
>     ....
> }
> 
> node default {
>     # start off with the root group
> }
> 
> So, every client should end up with a file containing "root" and
> "clients", every server should end up with a file containing
"root"
> and "serveradmins" and the login-server should have
"root",
> "serveradmins" and "clients".
> 
> 
> This is the class which shall receive the final list of groups:
> 
> class login_groups ($logingroups) {
>         file { "/etc/login.groups.allow":
>                 owner => root,
>                 group => root,
>                 mode => 600,
>                 content => template("login_groups/
> login.groups.allow.erb"),
>         }
> }
> 
> This is the template:
> 
> <% logingroups.each do |val| -%>
> <%= val %>
> <% end -%>
> 
> Is there any way of doing this or should I just give up on the idea? I
> have done much searching and reading, but cannot find a suitable way
> of solving this problem.
> 
> Thanks,
> Tor Martin.
> 
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.