Puppet users - Jun 2012 - arrays, notify, multiple config files, exec

Hey guys,

I''m a noob.  I learn best by doing, but I''ve been throwing
myself at
this problem a while & have come up with a solution that''s too ugly
for
words.  I''m seeking some direction or idea on best practice and 
direction specific to my problem.

A perfect example of my use case is opendkim:

1x global config file opendkim.conf # << out of scope for my question, 
simplistic to configure

2x config files: KeyTable, SigningTable  # << each line in each file 
consists of a config based on subdomain and domain
1x exec: creates subdomain.private and subdomain.txt # << private key
&
dns txt record respectively per subdomain

domans {
     domain1: subdomain1, subdomain2  ... subdomain n.... subdomain k
     domain2: subdomain1, subdomain2  ... subdomain n.... subdomain k
     ....
}

The opendkim daemon should only be restarted if the KeyTable or the 
SigningTable change, or if a new key is generated.

I think I an interate through the arrays using an inline_template in a 
define to run an exec using creates (to look for the .private file and 
generate it only if it doesn''t exist).  I can notify if I create the 
private key or on KeyTable or on SigningTable, but I don''t want to 
notify 3 times so the choice would seem to be to pick one.

Am I close?

Any stray thoughts appreciated.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,

> Am I close?
Yes, but some details are far out ;-)

On 06/16/2012 09:58 AM, Marc Lucke wrote:
> I think I an interate through the arrays using an inline_template in a
> define to run an exec using creates (to look for the .private file and
> generate it only if it doesn''t exist).
I don''t see how the template fits in here.

Structure:

opendkim_domain {
  "foo.org": subdomains => [ "foo", "bar",
"baz" ];
}

define opendkim_domain($subdomains) {
  $domain = $name
  opendkim_subdomain { $subdomains: domain => $domain }
}

define opendkim_subdomain($domain) {
  $subdomain = $name
  # resources for creating stuff using values of $domain and $subdomain
}

You *can* unroll arrays to larger strings using inline templates, but
usually you only need defined types to process your data.
> I can notify if I create the
> private key or on KeyTable or on SigningTable, but I don''t want to
> notify 3 times so the choice would seem to be to pick one.
This is a non-issue. 3 notifications are perfectly fine and will not
result in three restarts. Puppet will refresh your service resource at
most once per run.
The notify => metaparameter implies a "before" relationship, so
puppet
also makes sure to evaluate all config pieces before the service
resource. So if any number of your configurations steps needs
performing, puppet guarantees (barring intermittent agent crashes) that
the service will be restarted as needed, but not more so.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.