Tim Mooney
2012-May-02 18:00 UTC
[Puppet Users] mixing source & content (templates) in concat::fragment
All- We''re using puppet 2.7.11. Our custom firewall module currently builds the RHEL /etc/sysconfig/iptables (and ip6tables) from multiple fragments using concat::fragment. The base part of the firewall is constructed like this: class firewall { include concat::setup $firewall_config = ''/etc/sysconfig/iptables'' concat::fragment { "firewall-base": target => "$firewall_config", source => [ "puppet:///modules/firewall/firewall-base.$fqdn", "puppet:///modules/firewall/firewall-base" ], order => ''01'', } concat::fragment {"firewall-end": target => "$firewall_config", content => "COMMIT\n", order => ''99'', } } As you can see, we use source to look for a per-box custom firewall base first, and then fall back to a stock firewall-base file fragment. I want to modify this config so that the fall-back fragment comes from a template, rather than a file fragment. The problem is that it appears I can''t do this: concat::fragment { "firewall-base": target => "$firewall_config", source => [ "puppet:///modules/firewall/firewall-base.$fqdn", template(''firewall/firewall-base.erb''), ], order => ''01'', } When I try that, I get: $sudo puppet agent --test --noop info: Retrieving plugin info: Loading facts in /var/lib/puppet/lib/facter/ipmi_product.rb info: Loading facts in /var/lib/puppet/lib/facter/biosversion.rb info: Loading facts in /var/lib/puppet/lib/facter/net_info.rb info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb info: Loading facts in /var/lib/puppet/lib/facter/net_location.rb info: Loading facts in /var/lib/puppet/lib/facter/pacemaker.rb info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb info: Caching catalog for host.nodak.edu err: Failed to apply catalog: Parameter source failed: Could not understand source # and then it spits out the file template. Is there an easy way to mix, in one fragment, a source and a template, as I''m trying to do? It occurs to me that I could just "pretend" that all of our per-host firewall-base.$fqdn files are instead templates, even if there''s no actual templating going on, and use something like: concat::fragment { "firewall-base": target => "$firewall_config", content => [ template("firewall/firewall-base.$fqdn.erb"), template(''firewall/firewall-base.erb''), ], order => ''01'', } But that seems kind of hackish. Can anyone suggest a more elegant method, or some syntax that I''m missing? Thanks, Tim -- Tim Mooney Tim.Mooney@ndsu.edu Enterprise Computing & Infrastructure 701-231-1076 (Voice) Room 242-J6, IACC Building 701-231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
R.I.Pienaar
2012-May-02 19:10 UTC
Re: [Puppet Users] mixing source & content (templates) in concat::fragment
----- Original Message -----> From: "Tim Mooney" <Tim.Mooney@ndsu.edu> > To: puppet-users@googlegroups.com > Sent: Wednesday, May 2, 2012 7:00:30 PM > Subject: [Puppet Users] mixing source & content (templates) in concat::fragment > > > All- > > We''re using puppet 2.7.11. > > Our custom firewall module currently builds the RHEL > /etc/sysconfig/iptables (and ip6tables) from multiple fragments using > concat::fragment. > > The base part of the firewall is constructed like this: > > class firewall { > include concat::setup > > $firewall_config = ''/etc/sysconfig/iptables'' > > concat::fragment { "firewall-base": > target => "$firewall_config", > source => [ > "puppet:///modules/firewall/firewall-base.$fqdn", > "puppet:///modules/firewall/firewall-base" > ], > order => ''01'', > } > > concat::fragment {"firewall-end": > target => "$firewall_config", > content => "COMMIT\n", > order => ''99'', > } > } > > > As you can see, we use source to look for a per-box custom firewall > base first, and then fall back to a stock firewall-base file fragment. > > I want to modify this config so that the fall-back fragment comes > from a template, rather than a file fragment. The problem is that it > appears I can''t do this: >the file type in puppet does not provide a way to do this, so unfortunately the concat cant do it either - since its just relying on the file type -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Tim Mooney
2012-May-02 21:39 UTC
Re: [Puppet Users] mixing source & content (templates) in concat::fragment
In regard to: Re: [Puppet Users] mixing source & content (templates) in...:>> All- >> >> We''re using puppet 2.7.11. >> >> Our custom firewall module currently builds the RHEL >> /etc/sysconfig/iptables (and ip6tables) from multiple fragments using >> concat::fragment. >> >> The base part of the firewall is constructed like this: >> >> class firewall { >> include concat::setup >> >> $firewall_config = ''/etc/sysconfig/iptables'' >> >> concat::fragment { "firewall-base": >> target => "$firewall_config", >> source => [ >> "puppet:///modules/firewall/firewall-base.$fqdn", >> "puppet:///modules/firewall/firewall-base" >> ], >> order => ''01'', >> } >> >> concat::fragment {"firewall-end": >> target => "$firewall_config", >> content => "COMMIT\n", >> order => ''99'', >> } >> } >> >> >> As you can see, we use source to look for a per-box custom firewall >> base first, and then fall back to a stock firewall-base file fragment. >> >> I want to modify this config so that the fall-back fragment comes >> from a template, rather than a file fragment. The problem is that it >> appears I can''t do this: >> > > the file type in puppet does not provide a way to do this, so unfortunately > the concat cant do it either - since its just relying on the file typeThanks R.I. (and thanks for concat). I guess I''ll switch all of our host-specific base fragments to be a templates, even when there''s no template code in them, and use concat::fragment { ''firewall-base'': target => $firewall_config, content => [ template("firewall/firewall-base.${::fqdn}.erb"), template(''firewall/firewall-base''), ], order => ''01'', } Tim -- Tim Mooney Tim.Mooney@ndsu.edu Enterprise Computing & Infrastructure 701-231-1076 (Voice) Room 242-J6, IACC Building 701-231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
R.I.Pienaar
2012-May-02 21:43 UTC
Re: [Puppet Users] mixing source & content (templates) in concat::fragment
----- Original Message -----> From: "Tim Mooney" <Tim.Mooney@ndsu.edu> > To: puppet-users@googlegroups.com > Sent: Wednesday, May 2, 2012 10:39:08 PM > Subject: Re: [Puppet Users] mixing source & content (templates) in concat::fragment > > In regard to: Re: [Puppet Users] mixing source & content (templates) > in...: > > >> All- > >> > >> We''re using puppet 2.7.11. > >> > >> Our custom firewall module currently builds the RHEL > >> /etc/sysconfig/iptables (and ip6tables) from multiple fragments > >> using > >> concat::fragment. > >> > >> The base part of the firewall is constructed like this: > >> > >> class firewall { > >> include concat::setup > >> > >> $firewall_config = ''/etc/sysconfig/iptables'' > >> > >> concat::fragment { "firewall-base": > >> target => "$firewall_config", > >> source => [ > >> "puppet:///modules/firewall/firewall-base.$fqdn", > >> "puppet:///modules/firewall/firewall-base" > >> ], > >> order => ''01'', > >> } > >> > >> concat::fragment {"firewall-end": > >> target => "$firewall_config", > >> content => "COMMIT\n", > >> order => ''99'', > >> } > >> } > >> > >> > >> As you can see, we use source to look for a per-box custom > >> firewall > >> base first, and then fall back to a stock firewall-base file > >> fragment. > >> > >> I want to modify this config so that the fall-back fragment comes > >> from a template, rather than a file fragment. The problem is that > >> it > >> appears I can''t do this: > >> > > > > the file type in puppet does not provide a way to do this, so > > unfortunately > > the concat cant do it either - since its just relying on the file > > type > > Thanks R.I. (and thanks for concat). I guess I''ll switch all of our > host-specific base fragments to be a templates, even when there''s no > template code in them, and use > > concat::fragment { ''firewall-base'': > target => $firewall_config, > content => [ > template("firewall/firewall-base.${::fqdn}.erb"), > template(''firewall/firewall-base''), > ], > order => ''01'', > } >puppet does not support this either :) what you''ll get there is a concat of the 2 templates -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Tim Mooney
2012-May-03 20:14 UTC
Re: [Puppet Users] mixing source & content (templates) in concat::fragment
In regard to: Re: [Puppet Users] mixing source & content (templates) in...:>>> the file type in puppet does not provide a way to do this, so >>> unfortunately >>> the concat cant do it either - since its just relying on the file >>> type >> >> Thanks R.I. (and thanks for concat). I guess I''ll switch all of our >> host-specific base fragments to be a templates, even when there''s no >> template code in them, and use >> >> concat::fragment { ''firewall-base'': >> target => $firewall_config, >> content => [ >> template("firewall/firewall-base.${::fqdn}.erb"), >> template(''firewall/firewall-base''), >> ], >> order => ''01'', >> } >> > > puppet does not support this either :) > > what you''ll get there is a concat of the 2 templatesOh, that''s quite disappointing. We''ll need to completely rethink how we''re doing this. Thanks again, Tim -- Tim Mooney Tim.Mooney@ndsu.edu Enterprise Computing & Infrastructure 701-231-1076 (Voice) Room 242-J6, IACC Building 701-231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Wolf Noble
2012-May-04 10:07 UTC
Re: [Puppet Users] mixing source & content (templates) in concat::fragment
I''ve been using this, which works pretty well for a template selector: file { "foo": content => inline_template( file( "/literal/path/to/template/on/puppetmaster/$hostname.erb", "/literal/path/to/template/on/puppetmaster/$devicename.erb", "/literal/path/to/template/on/puppetmaster/$clientname.erb", "/literal/path/to/template/on/puppetmaster/motd.erb" )), ... } On May 2, 2012, at 8:00 PM, Tim Mooney wrote:> > All- > > We''re using puppet 2.7.11. > > Our custom firewall module currently builds the RHEL > /etc/sysconfig/iptables (and ip6tables) from multiple fragments using > concat::fragment. > > The base part of the firewall is constructed like this: > > class firewall { > include concat::setup > > $firewall_config = ''/etc/sysconfig/iptables'' > > concat::fragment { "firewall-base": > target => "$firewall_config", > source => [ > "puppet:///modules/firewall/firewall-base.$fqdn", > "puppet:///modules/firewall/firewall-base" > ], > order => ''01'', > } > > concat::fragment {"firewall-end": > target => "$firewall_config", > content => "COMMIT\n", > order => ''99'', > } > } > > > As you can see, we use source to look for a per-box custom firewall base > first, and then fall back to a stock firewall-base file fragment. > > I want to modify this config so that the fall-back fragment comes from > a template, rather than a file fragment. The problem is that it appears > I can''t do this: > > concat::fragment { "firewall-base": > target => "$firewall_config", > source => [ > "puppet:///modules/firewall/firewall-base.$fqdn", > template(''firewall/firewall-base.erb''), > ], > order => ''01'', > } > > When I try that, I get: > > $sudo puppet agent --test --noop > info: Retrieving plugin > info: Loading facts in /var/lib/puppet/lib/facter/ipmi_product.rb > info: Loading facts in /var/lib/puppet/lib/facter/biosversion.rb > info: Loading facts in /var/lib/puppet/lib/facter/net_info.rb > info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb > info: Loading facts in /var/lib/puppet/lib/facter/net_location.rb > info: Loading facts in /var/lib/puppet/lib/facter/pacemaker.rb > info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb > info: Caching catalog for host.nodak.edu > err: Failed to apply catalog: Parameter source failed: Could not understand source # > > > and then it spits out the file template. > > Is there an easy way to mix, in one fragment, a source and a template, > as I''m trying to do? > > It occurs to me that I could just "pretend" that all of our per-host > firewall-base.$fqdn files are instead templates, even if there''s no > actual templating going on, and use something like: > > concat::fragment { "firewall-base": > target => "$firewall_config", > content => [ > template("firewall/firewall-base.$fqdn.erb"), > template(''firewall/firewall-base.erb''), > ], > order => ''01'', > } > > But that seems kind of hackish. Can anyone suggest a more elegant method, > or some syntax that I''m missing? > > Thanks, > > Tim > -- > Tim Mooney Tim.Mooney@ndsu.edu > Enterprise Computing & Infrastructure 701-231-1076 (Voice) > Room 242-J6, IACC Building 701-231-8541 (Fax) > North Dakota State University, Fargo, ND 58105-5164 > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >Wolf Noble Senior UNIX Systems administrator Datapipe Managed IT Services Tel: 201.792.1918 x2910 ________________________________ This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.