Puppet users - Jul 2012 - Adding resource parameters in inheritence

Hello,
 
On some machines being managed by Puppet I would like to perform targetted 
audit runs with "puppet -t --noop --tags audit"
 
For better or for worse I am trying to do this with a separate module 
"audit" rather than add the audit => to the resources and use
inheritence.
 
i.e.
class audit::resolver inherits resolver::config {
  notify{"Running audit on $resolver::params::config_file": }
  File[''resolv.conf''] {
    audit +> all
  }
}
The $resolver::params::config sets the path for the resource and I just 
want to audit it rather than change amend it but it doesn''t seem to
work.
 
Is this possible or not really ? Or is there a fundamentally better way of 
doing it ?
 
Cheers
Paul

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/y4kA-jMgTNQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tuesday, July 24, 2012 4:45:11 AM UTC-5, Olli...@googlemail.com
wrote:
>
> Hello,
>  
> On some machines being managed by Puppet I would like to perform targetted 
> audit runs with "puppet -t --noop --tags audit"
>  
> For better or for worse I am trying to do this with a separate module 
> "audit" rather than add the audit => to the resources and use
inheritence.
>  
> i.e.
> class audit::resolver inherits resolver::config {
>   notify{"Running audit on $resolver::params::config_file": }
>   File[''resolv.conf''] {
>     audit +> all
>   }
> }
> The $resolver::params::config sets the path for the resource and I just 
> want to audit it rather than change amend it but it doesn''t seem
to work.
>  
> Is this possible or not really ? Or is there a fundamentally better way of 
> doing it ?
>  
>
"Doesn''t seem to work" isn''t very helpful.  Does
Puppet emit any relevant
messages?  Did you try running with --debug?

Your general idea sounds feasible.  I see two specific problems in the 
example code you posted, however:

   1. Is the title of the File resource you want to override really 
   ''resolv.conf''?  I mean, it could be if you specified the
full path via the
   ''path'' parameter in the original declaration, but it
didn''t sound like
   that''s what you had done.
   2. You do not want plussignment in this case.  You want to set the value 
   of the ''audit'' parameter to the scalar value
''all'', regardless of what
   might have been declared in the parent class.  Use the regular assignment 
   operator for that.

So what you want might be:

class audit::resolver inherits resolver::config {
  notify{"Running audit on $resolver::params::config_file": }
  File["$resolver::params::config_file"] {
    audit => all
  }
}

That also assumes, of course, that the File whose declaration you are 
trying to override is in fact declared in class resolver::config (or an 
ancestor).


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/yZAyKFfRsTIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

>
> Your general idea sounds feasible.  I see two specific problems in the 
> example code you posted, however:
>
>    1. Is the title of the File resource you want to override really 
>    ''resolv.conf''?  I mean, it could be if you specified
the full path via the
>    ''path'' parameter in the original declaration, but it
didn''t sound like
>    that''s what you had done. 
>    2. You do not want plussignment in this case.  You want to set the 
>    value of the ''audit'' parameter to the scalar value
''all'', regardless of
>    what might have been declared in the parent class.  Use the regular 
>    assignment operator for that.
>
> So what you want might be:
>
> class audit::resolver inherits resolver::config {
>   notify{"Running audit on $resolver::params::config_file": }
>   File["$resolver::params::config_file"] {
>     audit => all
>   }
>
Thanks so resolver::config looks like this:-
class resolver::config {
  file { ''/etc/resolv.conf.predhclient'':
    ensure => absent
  }
  file { ''/etc/resolv.conf'':
    ensure  => file,
    owner   => root,
    group   => root,
    mode    => ''0644'',
    content => template(''resolver/resolv.conf.erb''),
    require => File[''/etc/resolv.conf.predhclient'']
  }
The audit class looks like this:-
class audit::resolver inherits resolver::config {
  File[''/etc/resolv.conf''] {
    audit => all
  }
}
There is nothing related to this in the debug logs of a run the notify was 
put in originally to make sure the class was called which is was. The only 
thing in this is that the catalog run completes without error.
 
The plus assignment was because it was an addition rather than a 
replacement.
 
Cheers
Paul
 
>  }
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/s5QOGTT2Jc4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tuesday, July 24, 2012 9:17:40 AM UTC-5, Olli...@googlemail.com
wrote:
>
>
> There is nothing related to this in the debug logs of a run the notify was 
> put in originally to make sure the class was called which is was. The only 
> thing in this is that the catalog run completes without error.
>
Ok.  Is there a question there?  Are you still experiencing your problem?
 
>  
> The plus assignment was because it was an addition rather than a 
> replacement.
>
You may have misunderstood me.  It *should* be a replacement. It
doesn''t
make sense as an addition, and it might not mean what you want if it were 
an addition.

From the docs for the ''audit'' metaparameter: "Accepts an
attribute name, an
array *of attribute names*, *or* all" (emphasis added).  The
''all'' option
is already inclusive of any attribute name or names that may have been 
specified in the base class''s resource declaration, so it
doesn''t need to
be an addition.  If I take that specification literally, moreover, then 
''all'' as a member of an array tells puppet to audit a
parameter named
''all'', not to audit all parameters.


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/WchT-c4cZJ8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.