James Cammarata <j...@sngx.net> writes: > On Sat, 29 May 2010 02:30:03 +1000, Daniel Pittman <dan...@rimspace.net> > wrote: >> James Cammarata <j...@sngx.net> writes:
[...] >>> My primary motivation for this is something like sudoers, where certain >>> system roles require sudoers commands for different groups to use. >> >> FWIW, my short term solution to that problem is to use a concatenated file >> module, which allows me to incorporate arbitrary ordered fragments into the >> output file. >> >> Those can be nicely generated from a puppet define, wrapping up the process >> in a way that is reasonably error-checked and in which the nasty >> implementation details are hidden from the "end users" in my sysadmin team. > > That sounds like just what I need, any documentation on the web for that, > or anything you can share? I based my concat module on the work of R.I.Pienaar, which you can find here: http://www.devco.net/archives/2010/05/07/puppet_concat_20100507.php The changes are pretty much insignificant outside some specialized requirements of our use of the code; grab his bits and go with it. I suspect the implementation will be obvious, but just in case it isn't the rough template is that you create a class for sudo: class sudo { package { "sudo": ensure => latest } # do the stuff to get concat working concat { "/etc/sudoers": } # ...and the bulk of the file: concat::fragment { "sudoers header": order => 10, source => "whatever" } concat::fragment { "sudoers trailer": order => 90, source => "whatever" } } That will put those two fragments, the header and trailer, in the right places for you. Now you can inject stuff between them. (Obviously, you can have as many fragments and injection points as you want. :) Then, make life easy for other people: define sudo::grant (users => 'ALL', hosts => 'ALL', commands => 'ALL') { concat::fragment { "sudoers ${name} grant": order => 30, # right in the middle content => template('sudoers_grant.erb') # or whatever... } } That way your team can use the high level "sudo::grant" definition to grant someone a right, and the whole concat thing does the magic to make it work. Regards, Daniel -- ✣ Daniel Pittman ✉ dan...@rimspace.net ☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
