FAQ
All-

We're using puppet 2.7.11.

Our custom firewall module currently builds the RHEL
/etc/sysconfig/iptables (and ip6tables) from multiple fragments using
concat::fragment.

The base part of the firewall is constructed like this:

class firewall {
include concat::setup

$firewall_config = '/etc/sysconfig/iptables'

concat::fragment { "firewall-base":
target => "$firewall_config",
source => [
"puppet:///modules/firewall/firewall-base.$fqdn",
"puppet:///modules/firewall/firewall-base"
],
order => '01',
}

concat::fragment {"firewall-end":
target => "$firewall_config",
content => "COMMIT\n",
order => '99',
}
}


As you can see, we use source to look for a per-box custom firewall base
first, and then fall back to a stock firewall-base file fragment.

I want to modify this config so that the fall-back fragment comes from
a template, rather than a file fragment. The problem is that it appears
I can't do this:

concat::fragment { "firewall-base":
target => "$firewall_config",
source => [
"puppet:///modules/firewall/firewall-base.$fqdn",
template('firewall/firewall-base.erb'),
],
order => '01',
}

When I try that, I get:

$sudo puppet agent --test --noop
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/ipmi_product.rb
info: Loading facts in /var/lib/puppet/lib/facter/biosversion.rb
info: Loading facts in /var/lib/puppet/lib/facter/net_info.rb
info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
info: Loading facts in /var/lib/puppet/lib/facter/net_location.rb
info: Loading facts in /var/lib/puppet/lib/facter/pacemaker.rb
info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
info: Caching catalog for host.nodak.edu
err: Failed to apply catalog: Parameter source failed: Could not understand source #


and then it spits out the file template.

Is there an easy way to mix, in one fragment, a source and a template,
as I'm trying to do?

It occurs to me that I could just "pretend" that all of our per-host
firewall-base.$fqdn files are instead templates, even if there's no
actual templating going on, and use something like:

concat::fragment { "firewall-base":
target => "$firewall_config",
content => [
template("firewall/firewall-base.$fqdn.erb"),
template('firewall/firewall-base.erb'),
],
order => '01',
}

But that seems kind of hackish. Can anyone suggest a more elegant method,
or some syntax that I'm missing?

Thanks,

Tim
--
Tim Mooney Tim.Mooney@ndsu.edu
Enterprise Computing & Infrastructure 701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • R.I.Pienaar at May 2, 2012 at 7:10 pm

    ----- Original Message -----
    From: "Tim Mooney" <Tim.Mooney@ndsu.edu>
    To: puppet-users@googlegroups.com
    Sent: Wednesday, May 2, 2012 7:00:30 PM
    Subject: [Puppet Users] mixing source & content (templates) in concat::fragment


    All-

    We're using puppet 2.7.11.

    Our custom firewall module currently builds the RHEL
    /etc/sysconfig/iptables (and ip6tables) from multiple fragments using
    concat::fragment.

    The base part of the firewall is constructed like this:

    class firewall {
    include concat::setup

    $firewall_config = '/etc/sysconfig/iptables'

    concat::fragment { "firewall-base":
    target => "$firewall_config",
    source => [
    "puppet:///modules/firewall/firewall-base.$fqdn",
    "puppet:///modules/firewall/firewall-base"
    ],
    order => '01',
    }

    concat::fragment {"firewall-end":
    target => "$firewall_config",
    content => "COMMIT\n",
    order => '99',
    }
    }


    As you can see, we use source to look for a per-box custom firewall
    base first, and then fall back to a stock firewall-base file fragment.

    I want to modify this config so that the fall-back fragment comes
    from a template, rather than a file fragment. The problem is that it
    appears I can't do this:
    the file type in puppet does not provide a way to do this, so unfortunately
    the concat cant do it either - since its just relying on the file type

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Tim Mooney at May 2, 2012 at 9:40 pm

    In regard to: Re: [Puppet Users] mixing source & content (templates) in...:

    All-

    We're using puppet 2.7.11.

    Our custom firewall module currently builds the RHEL
    /etc/sysconfig/iptables (and ip6tables) from multiple fragments using
    concat::fragment.

    The base part of the firewall is constructed like this:

    class firewall {
    include concat::setup

    $firewall_config = '/etc/sysconfig/iptables'

    concat::fragment { "firewall-base":
    target => "$firewall_config",
    source => [
    "puppet:///modules/firewall/firewall-base.$fqdn",
    "puppet:///modules/firewall/firewall-base"
    ],
    order => '01',
    }

    concat::fragment {"firewall-end":
    target => "$firewall_config",
    content => "COMMIT\n",
    order => '99',
    }
    }


    As you can see, we use source to look for a per-box custom firewall
    base first, and then fall back to a stock firewall-base file fragment.

    I want to modify this config so that the fall-back fragment comes
    from a template, rather than a file fragment. The problem is that it
    appears I can't do this:
    the file type in puppet does not provide a way to do this, so unfortunately
    the concat cant do it either - since its just relying on the file type
    Thanks R.I. (and thanks for concat). I guess I'll switch all of our
    host-specific base fragments to be a templates, even when there's no
    template code in them, and use

    concat::fragment { 'firewall-base':
    target => $firewall_config,
    content => [
    template("firewall/firewall-base.${::fqdn}.erb"),
    template('firewall/firewall-base'),
    ],
    order => '01',
    }

    Tim
    --
    Tim Mooney Tim.Mooney@ndsu.edu
    Enterprise Computing & Infrastructure 701-231-1076 (Voice)
    Room 242-J6, IACC Building 701-231-8541 (Fax)
    North Dakota State University, Fargo, ND 58105-5164

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • R.I.Pienaar at May 2, 2012 at 9:44 pm

    ----- Original Message -----
    From: "Tim Mooney" <Tim.Mooney@ndsu.edu>
    To: puppet-users@googlegroups.com
    Sent: Wednesday, May 2, 2012 10:39:08 PM
    Subject: Re: [Puppet Users] mixing source & content (templates) in concat::fragment

    In regard to: Re: [Puppet Users] mixing source & content (templates)
    in...:
    All-

    We're using puppet 2.7.11.

    Our custom firewall module currently builds the RHEL
    /etc/sysconfig/iptables (and ip6tables) from multiple fragments
    using
    concat::fragment.

    The base part of the firewall is constructed like this:

    class firewall {
    include concat::setup

    $firewall_config = '/etc/sysconfig/iptables'

    concat::fragment { "firewall-base":
    target => "$firewall_config",
    source => [
    "puppet:///modules/firewall/firewall-base.$fqdn",
    "puppet:///modules/firewall/firewall-base"
    ],
    order => '01',
    }

    concat::fragment {"firewall-end":
    target => "$firewall_config",
    content => "COMMIT\n",
    order => '99',
    }
    }


    As you can see, we use source to look for a per-box custom
    firewall
    base first, and then fall back to a stock firewall-base file
    fragment.

    I want to modify this config so that the fall-back fragment comes
    from a template, rather than a file fragment. The problem is that
    it
    appears I can't do this:
    the file type in puppet does not provide a way to do this, so
    unfortunately
    the concat cant do it either - since its just relying on the file
    type
    Thanks R.I. (and thanks for concat). I guess I'll switch all of our
    host-specific base fragments to be a templates, even when there's no
    template code in them, and use

    concat::fragment { 'firewall-base':
    target => $firewall_config,
    content => [
    template("firewall/firewall-base.${::fqdn}.erb"),
    template('firewall/firewall-base'),
    ],
    order => '01',
    }
    puppet does not support this either :)

    what you'll get there is a concat of the 2 templates

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Tim Mooney at May 3, 2012 at 8:15 pm

    In regard to: Re: [Puppet Users] mixing source & content (templates) in...:

    the file type in puppet does not provide a way to do this, so
    unfortunately
    the concat cant do it either - since its just relying on the file
    type
    Thanks R.I. (and thanks for concat). I guess I'll switch all of our
    host-specific base fragments to be a templates, even when there's no
    template code in them, and use

    concat::fragment { 'firewall-base':
    target => $firewall_config,
    content => [
    template("firewall/firewall-base.${::fqdn}.erb"),
    template('firewall/firewall-base'),
    ],
    order => '01',
    }
    puppet does not support this either :)

    what you'll get there is a concat of the 2 templates
    Oh, that's quite disappointing. We'll need to completely rethink how
    we're doing this.

    Thanks again,

    Tim
    --
    Tim Mooney Tim.Mooney@ndsu.edu
    Enterprise Computing & Infrastructure 701-231-1076 (Voice)
    Room 242-J6, IACC Building 701-231-8541 (Fax)
    North Dakota State University, Fargo, ND 58105-5164

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Wolf Noble at May 4, 2012 at 10:07 am
    I've been using this, which works pretty well for a template selector:

    file { "foo":
    content => inline_template(
    file(
    "/literal/path/to/template/on/puppetmaster/$hostname.erb",
    "/literal/path/to/template/on/puppetmaster/$devicename.erb",
    "/literal/path/to/template/on/puppetmaster/$clientname.erb",
    "/literal/path/to/template/on/puppetmaster/motd.erb"
    )),
    ...
    }
    On May 2, 2012, at 8:00 PM, Tim Mooney wrote:


    All-

    We're using puppet 2.7.11.

    Our custom firewall module currently builds the RHEL
    /etc/sysconfig/iptables (and ip6tables) from multiple fragments using
    concat::fragment.

    The base part of the firewall is constructed like this:

    class firewall {
    include concat::setup

    $firewall_config = '/etc/sysconfig/iptables'

    concat::fragment { "firewall-base":
    target => "$firewall_config",
    source => [
    "puppet:///modules/firewall/firewall-base.$fqdn",
    "puppet:///modules/firewall/firewall-base"
    ],
    order => '01',
    }

    concat::fragment {"firewall-end":
    target => "$firewall_config",
    content => "COMMIT\n",
    order => '99',
    }
    }


    As you can see, we use source to look for a per-box custom firewall base
    first, and then fall back to a stock firewall-base file fragment.

    I want to modify this config so that the fall-back fragment comes from
    a template, rather than a file fragment. The problem is that it appears
    I can't do this:

    concat::fragment { "firewall-base":
    target => "$firewall_config",
    source => [
    "puppet:///modules/firewall/firewall-base.$fqdn",
    template('firewall/firewall-base.erb'),
    ],
    order => '01',
    }

    When I try that, I get:

    $sudo puppet agent --test --noop
    info: Retrieving plugin
    info: Loading facts in /var/lib/puppet/lib/facter/ipmi_product.rb
    info: Loading facts in /var/lib/puppet/lib/facter/biosversion.rb
    info: Loading facts in /var/lib/puppet/lib/facter/net_info.rb
    info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
    info: Loading facts in /var/lib/puppet/lib/facter/net_location.rb
    info: Loading facts in /var/lib/puppet/lib/facter/pacemaker.rb
    info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
    info: Caching catalog for host.nodak.edu
    err: Failed to apply catalog: Parameter source failed: Could not understand source #


    and then it spits out the file template.

    Is there an easy way to mix, in one fragment, a source and a template,
    as I'm trying to do?

    It occurs to me that I could just "pretend" that all of our per-host
    firewall-base.$fqdn files are instead templates, even if there's no
    actual templating going on, and use something like:

    concat::fragment { "firewall-base":
    target => "$firewall_config",
    content => [
    template("firewall/firewall-base.$fqdn.erb"),
    template('firewall/firewall-base.erb'),
    ],
    order => '01',
    }

    But that seems kind of hackish. Can anyone suggest a more elegant method,
    or some syntax that I'm missing?

    Thanks,

    Tim
    --
    Tim Mooney Tim.Mooney@ndsu.edu
    Enterprise Computing & Infrastructure 701-231-1076 (Voice)
    Room 242-J6, IACC Building 701-231-8541 (Fax)
    North Dakota State University, Fargo, ND 58105-5164

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
    Wolf Noble
    Senior UNIX Systems administrator
    Datapipe Managed IT Services
    Tel: 201.792.1918 x2910




    ________________________________

    This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you.

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedMay 2, '12 at 6:02p
activeMay 4, '12 at 10:07a
posts6
users3
websitepuppetlabs.com

People

Translate

site design / logo © 2021 Grokbase