Puppet users - May 2012 - mixing source & content (templates) in concat::fragment

All-

We''re using puppet 2.7.11.

Our custom firewall module currently builds the RHEL
/etc/sysconfig/iptables (and ip6tables) from multiple fragments using
concat::fragment.

The base part of the firewall is constructed like this:

class firewall {
   include concat::setup

   $firewall_config  = ''/etc/sysconfig/iptables''

   concat::fragment { "firewall-base":
     target => "$firewall_config",
     source => [
       "puppet:///modules/firewall/firewall-base.$fqdn",
       "puppet:///modules/firewall/firewall-base"
     ],
     order => ''01'',
   }

   concat::fragment {"firewall-end":
     target  => "$firewall_config",
     content => "COMMIT\n",
     order   => ''99'',
   }
}


As you can see, we use source to look for a per-box custom firewall base
first, and then fall back to a stock firewall-base file fragment.

I want to modify this config so that the fall-back fragment comes from
a template, rather than a file fragment.  The problem is that it appears
I can''t do this:

   concat::fragment { "firewall-base":
     target => "$firewall_config",
     source => [
       "puppet:///modules/firewall/firewall-base.$fqdn",
       template(''firewall/firewall-base.erb''),
     ],
     order => ''01'',
   }

When I try that, I get:

$sudo puppet agent --test --noop
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/ipmi_product.rb
info: Loading facts in /var/lib/puppet/lib/facter/biosversion.rb
info: Loading facts in /var/lib/puppet/lib/facter/net_info.rb
info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
info: Loading facts in /var/lib/puppet/lib/facter/net_location.rb
info: Loading facts in /var/lib/puppet/lib/facter/pacemaker.rb
info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
info: Caching catalog for host.nodak.edu
err: Failed to apply catalog: Parameter source failed: Could not understand
source #


and then it spits out the file template.

Is there an easy way to mix, in one fragment, a source and a template,
as I''m trying to do?

It occurs to me that I could just "pretend" that all of our per-host
firewall-base.$fqdn files are instead templates, even if there''s no
actual templating going on, and use something like:

   concat::fragment { "firewall-base":
     target => "$firewall_config",
     content => [
       template("firewall/firewall-base.$fqdn.erb"),
       template(''firewall/firewall-base.erb''),
     ],
     order => ''01'',
   }

But that seems kind of hackish.  Can anyone suggest a more elegant method,
or some syntax that I''m missing?

Thanks,

Tim
-- 
Tim Mooney                                             Tim.Mooney@ndsu.edu
Enterprise Computing & Infrastructure                  701-231-1076 (Voice)
Room 242-J6, IACC Building                             701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

----- Original Message -----
> From: "Tim Mooney" <Tim.Mooney@ndsu.edu>
> To: puppet-users@googlegroups.com
> Sent: Wednesday, May 2, 2012 7:00:30 PM
> Subject: [Puppet Users] mixing source & content (templates) in
concat::fragment
> 
> 
> All-
> 
> We''re using puppet 2.7.11.
> 
> Our custom firewall module currently builds the RHEL
> /etc/sysconfig/iptables (and ip6tables) from multiple fragments using
> concat::fragment.
> 
> The base part of the firewall is constructed like this:
> 
> class firewall {
>    include concat::setup
> 
>    $firewall_config  = ''/etc/sysconfig/iptables''
> 
>    concat::fragment { "firewall-base":
>      target => "$firewall_config",
>      source => [
>        "puppet:///modules/firewall/firewall-base.$fqdn",
>        "puppet:///modules/firewall/firewall-base"
>      ],
>      order => ''01'',
>    }
> 
>    concat::fragment {"firewall-end":
>      target  => "$firewall_config",
>      content => "COMMIT\n",
>      order   => ''99'',
>    }
> }
> 
> 
> As you can see, we use source to look for a per-box custom firewall
> base first, and then fall back to a stock firewall-base file fragment.
> 
> I want to modify this config so that the fall-back fragment comes
> from a template, rather than a file fragment.  The problem is that it
> appears I can''t do this:
> 
the file type in puppet does not provide a way to do this, so unfortunately
the concat cant do it either - since its just relying on the file type

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

In regard to: Re: [Puppet Users] mixing source & content (templates) in...:
>> All-
>>
>> We''re using puppet 2.7.11.
>>
>> Our custom firewall module currently builds the RHEL
>> /etc/sysconfig/iptables (and ip6tables) from multiple fragments using
>> concat::fragment.
>>
>> The base part of the firewall is constructed like this:
>>
>> class firewall {
>>    include concat::setup
>>
>>    $firewall_config  = ''/etc/sysconfig/iptables''
>>
>>    concat::fragment { "firewall-base":
>>      target => "$firewall_config",
>>      source => [
>>        "puppet:///modules/firewall/firewall-base.$fqdn",
>>        "puppet:///modules/firewall/firewall-base"
>>      ],
>>      order => ''01'',
>>    }
>>
>>    concat::fragment {"firewall-end":
>>      target  => "$firewall_config",
>>      content => "COMMIT\n",
>>      order   => ''99'',
>>    }
>> }
>>
>>
>> As you can see, we use source to look for a per-box custom firewall
>> base first, and then fall back to a stock firewall-base file fragment.
>>
>> I want to modify this config so that the fall-back fragment comes
>> from a template, rather than a file fragment.  The problem is that it
>> appears I can''t do this:
>>
>
> the file type in puppet does not provide a way to do this, so unfortunately
> the concat cant do it either - since its just relying on the file type
Thanks R.I. (and thanks for concat).  I guess I''ll switch all of our
host-specific base fragments to be a templates, even when there''s no
template code in them, and use

   concat::fragment { ''firewall-base'':
     target => $firewall_config,
     content => [
       template("firewall/firewall-base.${::fqdn}.erb"),
       template(''firewall/firewall-base''),
     ],
     order => ''01'',
   }

Tim
-- 
Tim Mooney                                             Tim.Mooney@ndsu.edu
Enterprise Computing & Infrastructure                  701-231-1076 (Voice)
Room 242-J6, IACC Building                             701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

----- Original Message -----
> From: "Tim Mooney" <Tim.Mooney@ndsu.edu>
> To: puppet-users@googlegroups.com
> Sent: Wednesday, May 2, 2012 10:39:08 PM
> Subject: Re: [Puppet Users] mixing source & content (templates) in
concat::fragment
> 
> In regard to: Re: [Puppet Users] mixing source & content (templates)
> in...:
> 
> >> All-
> >>
> >> We''re using puppet 2.7.11.
> >>
> >> Our custom firewall module currently builds the RHEL
> >> /etc/sysconfig/iptables (and ip6tables) from multiple fragments
> >> using
> >> concat::fragment.
> >>
> >> The base part of the firewall is constructed like this:
> >>
> >> class firewall {
> >>    include concat::setup
> >>
> >>    $firewall_config  = ''/etc/sysconfig/iptables''
> >>
> >>    concat::fragment { "firewall-base":
> >>      target => "$firewall_config",
> >>      source => [
> >>        "puppet:///modules/firewall/firewall-base.$fqdn",
> >>        "puppet:///modules/firewall/firewall-base"
> >>      ],
> >>      order => ''01'',
> >>    }
> >>
> >>    concat::fragment {"firewall-end":
> >>      target  => "$firewall_config",
> >>      content => "COMMIT\n",
> >>      order   => ''99'',
> >>    }
> >> }
> >>
> >>
> >> As you can see, we use source to look for a per-box custom
> >> firewall
> >> base first, and then fall back to a stock firewall-base file
> >> fragment.
> >>
> >> I want to modify this config so that the fall-back fragment comes
> >> from a template, rather than a file fragment.  The problem is that
> >> it
> >> appears I can''t do this:
> >>
> >
> > the file type in puppet does not provide a way to do this, so
> > unfortunately
> > the concat cant do it either - since its just relying on the file
> > type
> 
> Thanks R.I. (and thanks for concat).  I guess I''ll switch all of
our
> host-specific base fragments to be a templates, even when there''s
no
> template code in them, and use
> 
>    concat::fragment { ''firewall-base'':
>      target => $firewall_config,
>      content => [
>        template("firewall/firewall-base.${::fqdn}.erb"),
>        template(''firewall/firewall-base''),
>      ],
>      order => ''01'',
>    }
> 
puppet does not support this either :)

what you''ll get there is a concat of the 2 templates

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

In regard to: Re: [Puppet Users] mixing source & content (templates) in...:
>>> the file type in puppet does not provide a way to do this, so
>>> unfortunately
>>> the concat cant do it either - since its just relying on the file
>>> type
>>
>> Thanks R.I. (and thanks for concat).  I guess I''ll switch all
of our
>> host-specific base fragments to be a templates, even when
there''s no
>> template code in them, and use
>>
>>    concat::fragment { ''firewall-base'':
>>      target => $firewall_config,
>>      content => [
>>        template("firewall/firewall-base.${::fqdn}.erb"),
>>        template(''firewall/firewall-base''),
>>      ],
>>      order => ''01'',
>>    }
>>
>
> puppet does not support this either :)
>
> what you''ll get there is a concat of the 2 templates
Oh, that''s quite disappointing.  We''ll need to completely
rethink how
we''re doing this.

Thanks again,

Tim
-- 
Tim Mooney                                             Tim.Mooney@ndsu.edu
Enterprise Computing & Infrastructure                  701-231-1076 (Voice)
Room 242-J6, IACC Building                             701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I''ve been using this, which works pretty well for a template selector:

  file { "foo":
    content => inline_template(
      file(
        "/literal/path/to/template/on/puppetmaster/$hostname.erb",
        "/literal/path/to/template/on/puppetmaster/$devicename.erb",
        "/literal/path/to/template/on/puppetmaster/$clientname.erb",
        "/literal/path/to/template/on/puppetmaster/motd.erb"
      )),
      ...
}

On May 2, 2012, at 8:00 PM, Tim Mooney wrote:
>
> All-
>
> We''re using puppet 2.7.11.
>
> Our custom firewall module currently builds the RHEL
> /etc/sysconfig/iptables (and ip6tables) from multiple fragments using
> concat::fragment.
>
> The base part of the firewall is constructed like this:
>
> class firewall {
>  include concat::setup
>
>  $firewall_config  = ''/etc/sysconfig/iptables''
>
>  concat::fragment { "firewall-base":
>    target => "$firewall_config",
>    source => [
>      "puppet:///modules/firewall/firewall-base.$fqdn",
>      "puppet:///modules/firewall/firewall-base"
>    ],
>    order => ''01'',
>  }
>
>  concat::fragment {"firewall-end":
>    target  => "$firewall_config",
>    content => "COMMIT\n",
>    order   => ''99'',
>  }
> }
>
>
> As you can see, we use source to look for a per-box custom firewall base
> first, and then fall back to a stock firewall-base file fragment.
>
> I want to modify this config so that the fall-back fragment comes from
> a template, rather than a file fragment.  The problem is that it appears
> I can''t do this:
>
>  concat::fragment { "firewall-base":
>    target => "$firewall_config",
>    source => [
>      "puppet:///modules/firewall/firewall-base.$fqdn",
>      template(''firewall/firewall-base.erb''),
>    ],
>    order => ''01'',
>  }
>
> When I try that, I get:
>
> $sudo puppet agent --test --noop
> info: Retrieving plugin
> info: Loading facts in /var/lib/puppet/lib/facter/ipmi_product.rb
> info: Loading facts in /var/lib/puppet/lib/facter/biosversion.rb
> info: Loading facts in /var/lib/puppet/lib/facter/net_info.rb
> info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
> info: Loading facts in /var/lib/puppet/lib/facter/net_location.rb
> info: Loading facts in /var/lib/puppet/lib/facter/pacemaker.rb
> info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
> info: Caching catalog for host.nodak.edu
> err: Failed to apply catalog: Parameter source failed: Could not understand
source #
>
>
> and then it spits out the file template.
>
> Is there an easy way to mix, in one fragment, a source and a template,
> as I''m trying to do?
>
> It occurs to me that I could just "pretend" that all of our
per-host
> firewall-base.$fqdn files are instead templates, even if there''s
no
> actual templating going on, and use something like:
>
>  concat::fragment { "firewall-base":
>    target => "$firewall_config",
>    content => [
>      template("firewall/firewall-base.$fqdn.erb"),
>      template(''firewall/firewall-base.erb''),
>    ],
>    order => ''01'',
>  }
>
> But that seems kind of hackish.  Can anyone suggest a more elegant method,
> or some syntax that I''m missing?
>
> Thanks,
>
> Tim
> --
> Tim Mooney                                             Tim.Mooney@ndsu.edu
> Enterprise Computing & Infrastructure                  701-231-1076
(Voice)
> Room 242-J6, IACC Building                             701-231-8541 (Fax)
> North Dakota State University, Fargo, ND 58105-5164
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
Wolf Noble
Senior UNIX Systems administrator
Datapipe Managed IT Services
Tel: 201.792.1918 x2910




________________________________

This message may contain confidential or privileged information. If you are not
the intended recipient, please advise us immediately and delete this message.
See http://www.datapipe.com/legal/email_disclaimer/ for further information on
confidentiality and the risks of non-secure electronic communication. If you
cannot access these links, please notify us by reply message and we will send
the contents to you.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.