On Jan 6, 6:23 am, Jonathan Gazeley <jonathan.gaze...@bristol.ac.uk>
wrote:
> I realise I've b0rked the syntax. I meant this:
>
> class common {
> class { selinux: mode => enforcing }
> ...
> ...
>
> }
>
> node server1 {
> include common
>
> }
>
> node server2 {
> include common
> class { selinux: mode => permissive }
>
> }
>
> I'm trying to achieve that all servers have SELinux in enforcing by
> default, unless explicitly specified otherwise. Is this possible?
What you have written will not work, but this might:
class common {
class { selinux: mode => enforcing }
}
class common::permissive inherits common {
Class['selinux'] {
mode => permissive
}
}
node server1 {
include common
}
node server2 {
include common # optional
include common::permissive
}
If that doesn't work as written, then you should be able to make it
work by wrapping the delarations of Class['selinux'] in a definition
taking the mode as a parameter, and then overriding the definition's
parameter instead of directly overriding the class's parameter.
Alternatively, this might be a good use case for external data: have
class common lookup the appropriate SELinux mode via extlookup() or
hiera instead of always setting it explicitly to 'enforcing'.
Either of those approaches is also compatible with putting "include
common" in a default node definition that other node definitions then
inherit; that is often what people want to do when they have settings
to apply to all servers by default. Example:
node default {
include common
}
node server2 inherits default {
include common::permissive
}
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
