> > thank you both. my current task will use a file action. I'm trying
> > to make puppet chose between alturnative versions of a file based on
> > the result of a binary.
> >
> > I will work on the custom fact idea. if such an issue is coming at
> > me so early in the game, then I may as well get started learning
> > how to build facts.
>
> For what it is worth, I would say that the reason you are running into
> this so early in the process is that you are not yet using puppet the
> way it expects to be used – and, so, you run into these complications.
>
> In the puppet model you would not ask the system about that binary,
> then do something: you would say "machine A should have the binary,
> and the something, while machine B should not have either".
>
> The idea is that you declare, as far as possible, the state your
> system should be – not what calculations you make to get from the
> current to the desired state. Fact should, ideally, be things about
> the system that don't vary (memory size, disk space) with state
> changes, not questions about the current state.
>
> So, I would strongly encourage you to "answer" the question about that
> binary by deciding if the machine should have it installed, and if it
> should work, and then implementing *that* in puppet. The file install
> bit should just fall into line after that.
>
You caught me. I'm a recoveing cfengine junky. It will take a while
to stop thinking in terms of making actions dependent on client's
membership in a (cf) class.
So here are the specifics of what I'm trying to do in this particular
task. I welcome any ideas on following the puppet way:
We run a 3rd party tool called centrifyDC to integrate our linux
servers with AD. a client can either be "joined" to a centrify (AD)
zone or not. I'm writing a puppet module to manage site
customizations to various files in /etc/pam.d. Trouble is centrify,
when joining to AD, will prepend it's own pam configs to my existing
pam files. so before I can push my custom pam configs, I need to
know if the client is joined to AD or not. the command to check the
centify status is /usr/bin/adinfo. it is installed on all nodes via
puppet.
My first fact (I am so proud):
# adinfo.rb
# Mon Jan 31 15:54:02 PST 2011
# ago...@ucop.edu
#
# a custom fact returning the centrify zone
if FileTest.exists?("/usr/bin/adinfo")
Facter.add(:adinfo) do
setcode do
%x{/usr/bin/adinfo --zone}.chomp
end
end
end
modules/pam/manifests/init.pp:
# module pam
# pmlab01-vhost.ucop.edu
# Fri Jan 28 17:34:53 PST 2011
# ago...@ucop.edu
# Pam configs
class pam {
file { "/etc/pam.d":
owner => root, group => root, mode => 644,
if $adinfo {
source => "puppet:///pam/centrify",
} else {
source => "puppet:///pam/no_centrify",
}
recurse => true,
}
}
On Mon, Jan 31, 2011 at 03:46:32PM -0800, Daniel Pittman wrote:
> On Mon, Jan 31, 2011 at 15:31, Ashley Gould <ago...@ucop.edu> wrote:
> > On Mon, Jan 31, 2011 at 02:14:29PM -0800, jcbollinger wrote:
> >> On Jan 31, 3:12 pm, Ashley Gould <ago...@ucop.edu> wrote:
> >>
> >> > if [ "/usr/bin/my_harmless_binary 2>&1 >/dev/null" ]; then
> >> > echo "my_harmless_binary succeeded"
> >> > cp /tmp/file1 /data/
> >> > else
> >> > echo "my_harmless_binary FAILED"
> >> > fi
>
> [...]
> Regards,
> Daniel
> --
> ⎋ Puppet Labs Developer – http://puppetlabs.com
> ✉ Daniel Pittman <dan...@puppetlabs.com>
> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775
> ♲ Made with 100 percent post-consumer electrons
--
-ashley
Did you try poking at it with a stick?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
