On Wed, Aug 10, 2011 at 18:31, Craig White <craig.wh...@ttiltd.com> wrote:
>
> On Aug 10, 2011, at 11:14 AM, Daniel Pittman wrote:
>
>> On Wed, Aug 10, 2011 at 17:56, Craig White <craig.wh...@ttiltd.com> wrote:
>>> On Aug 10, 2011, at 9:52 AM, Daniel Pittman wrote:
>>>> On Wed, Aug 10, 2011 at 16:40, Craig White <craig.wh...@ttiltd.com> wrote:
>>>>
>>>>> Seems I don't quite understand how it's supposed to work
>>>>> At the moment, I have it inside a 'file' resource
>>>>>
>>>>> content => generate("/etc/puppet/scripts/ldap-add-host.sh $fqdn
>>>>> admins_all"),
>>>>
>>>> generate("/etc/puppet/scripts/ldap-add-hosh.sh", $fqdn, "admins_all")
>>> ----
>>> that worked great but brings me to a place I can't figure out.
>>>
>>> A file resource doesn't have 'unless' or 'onlyif' and thus it seems to
>>> execute every time.
>>>
>>> An exec resource doesn't have 'content' but does have command and 'unless'
>>> so it would seem exec would be a better way to go but...
>>>
>>> # Puppet maintained file /etc/puppet/deployment_files/ldap_admins_all
>>> exec{"/etc/puppet/deployment_files/ldap_admins_all":
>>> command => ['/bin/touch /etc/puppet/deployment_files/admins_all',
>>> generate("/etc/puppet/scripts/ldap-add-host.sh", $fqdn, "admins_all")],
>>> unless => "/bin/ls -l /etc/puppet/deployment_files/ldap_admins_all",
>>> require => Class["mod_puppet::deployment_files"],
>>> }
>>>
>>> gives me the error...
>>>
>>> err: Failed to apply catalog: private method `split' called for
>>> #<Array:0x4873be8>
>>
>> Yeah. So, that is a totally awful error message. The `command` needs
>> to be a string, not an array, but the exec type isn't checking that,
>> it just fails trying to call the Ruby `split` method on it. Which
>> doesn't work. :)
>>
>> That said, it isn't entirely clear to me what you are trying to do.
>>
>> The `generate` function runs a command on the Puppet master while the
>> catalog is being compiled, but an `exec` resource is run on the
>> client. Generally, you use `generate` to allow you to query an
>> external data source.
>>
>> Is your `ldap-add-host.sh` script doing that query, or does it
>> actually create things?
>>
>> If the later, is it idempotent - will it do the same thing if you run it
>> twice?
>>
>> Finally, you need multiple `exec` resources (or a shell script) if you
>> want to run multiple commands. Generally, best to be explicit about
>> that, so you would separate the touch and the running of your script.
>>
>>
>> Anyway, at a guess, `generate` is not at all what you want to do, and
>> you should try and forget about it. Instead, make the
>> `ldap-add-host.sh` script create the lock on disk, and then just run
>> that internally.
> ----
> what I am trying to do is execute a shell script on the puppetmaster...
> essentially add 'host' attribute to specific ldap users. That's why the
> command has parameters...
>
> shellscript HOSTNAME GROUP
OK.
> the script is more than capable of getting the users from GROUP, adding host
> attribute HOSTNAME to each of the users but it must run on the puppetmaster,
> not on puppet clients which is why I am using the generate function. So in
> answer to your question, my ldap-add-host.sh script is actually creating
> things.
>
> yes, it is idempotent - I can run it and run it and it will always do the
> same thing but and if uid=craig already has 'host' ubuntu.ttinet, it will
> simply move on if I try to add it again. I could almost live with that except
> that if I manually remove 'host' ubuntu.ttinet from uid=craig, the next pass
> it will add it again so I need some method of tracking it so therefore I was
> trying to use 'unless' which is only available in an exec resource, not a
> file resource. I suppose if I had no alternative, I could maintain a list on
> the puppetmaster of which hosts have already been added to which groups and
> abort if it has already been done.
OK. So, yeah. `generate` doesn't do what you want: functions don't
take parameters of any sort, let alone resource level metaparameters.
You will need to implement all your logic in the script you invoke
from generate, so that it will avoid doing things twice when called
with the same arguments.
...and if you are wondering why this seems so hard? This really isn't
something that Puppet is designed to support. Generally, modifying
external data sources from Puppet like you are trying to do isn't
really the way we approach things. Better, we feel, to modify the
external data source and then draw read-only from that into the
manifest.
So, rather than calling generate to modify LDAP, instead modify LDAP
and have code in your manifest to do whatever stuff when the LDAP
changes have been applied.
You can do it the way you are trying, more or less, but you really
don't get much help from the tool.s
Daniel
--
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
