On Tue, Nov 18, 2008 at 5:22 PM, <[EMAIL PROTECTED]> wrote:
>
>>> - you want to install via a custom installer an application, so you
>>> need to do the following:
>>> 1. copy the file and installer over
>>> 2. run installer and cleanup
>>
>>Well, myself I'd package the application in the native package format,
>>but I'm a bit crazy.
>
> Take another example, then.
>
> I've got Glassfish. I want to configure an application domain. As part
> of the configuration, I want to configure a JDBC connection.
>
> Not being totally mad, I want to not leave the database password lying
> around in plain text, so I use Glassfish's handy feature of "password
> aliases". Unfortunately, these need a seed file, a plaintext file that
> looks like:
>
> AS_ADMIN_ALIASPASSWORD=my_secret_password
>
> So, I copy that over from my puppet server:
>
> file {
> "$glassfish::GF/jdbc_secret_password.txt":
> source => ...
> }
>
> And then I run asadmin to create the alias:
>
> exec {
> "$glassfish::GF/bin/asadmin create-password-alias
> --passwordfile $glassfish::GF/jdbc_secret_password.txt
> jdbc_secret_password":
> alias => "create_jdbc_password_alias",
> unless => "$glassfish::GF/bin/asadmin list-password-aliases |
> grep -q jdbc_secret_password",
> require => [File["$glassfish::GF/jdbc_secret_password.txt"],
> Exec["gf_create_instance"]]
> }
>
> Unfortunately, this leaves the seed file, required only for the command
> to run, lying around on disk. Now, I can protect the file with mode
> 0400, or I can tidy it with a dependency on the exec command, but what
> I really want is something like "refreshonly" for files; only copy the
> file over if something is being evaluated that explicitly requires it.
>
> Otherwise, I'll get the file appearing and disappearing again, which is
> rather a waste of time.
>
> -- michael.
Michael,
I'm not sure you understand that I'm not arguing *against* 'onlyif' as
a metaparameter. I'm focusing on how to do what you want, now, with
Puppet as it is today. I do think it is slightly odd the way people
choose to model things, but flexibility is one of Puppet's strong
points.
Why not wrap the process of fetching the seed file, generating the
"password alias", and then securely deleting the seed file into a
script, which you would then put in your exec with an appropriate
'onlyif'?
--Paul
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
