----- jcbollinger <john.bollin...@stjude.org> wrote:
>
>
> On Jan 6, 6:23 am, Jonathan Gazeley <jonathan.gaze...@bristol.ac.uk>
> wrote:
> > I realise I've b0rked the syntax. I meant this:
> >
> > class common {
> > class { selinux: mode => enforcing }
> > ...
> > ...
> >
> > }
> >
> > node server1 {
> > include common
> >
> > }
> >
> > node server2 {
> > include common
> > class { selinux: mode => permissive }
> >
> > }
> >
> > I'm trying to achieve that all servers have SELinux in enforcing by
> > default, unless explicitly specified otherwise. Is this possible?
>
> What you have written will not work, but this might:
>
> class common {
> class { selinux: mode => enforcing }
> }
>
> class common::permissive inherits common {
> Class['selinux'] {
> mode => permissive
> }
> }
>
> node server1 {
> include common
> }
>
> node server2 {
> include common # optional
> include common::permissive
> }
>
> If that doesn't work as written, then you should be able to make it
> work by wrapping the delarations of Class['selinux'] in a definition
> taking the mode as a parameter, and then overriding the definition's
> parameter instead of directly overriding the class's parameter.
>
> Alternatively, this might be a good use case for external data: have
> class common lookup the appropriate SELinux mode via extlookup() or
> hiera instead of always setting it explicitly to 'enforcing'.
>
> Either of those approaches is also compatible with putting "include
> common" in a default node definition that other node definitions then
> inherit; that is often what people want to do when they have settings
> to apply to all servers by default. Example:
>
> node default {
> include common
> }
>
> node server2 inherits default {
> include common::permissive
> }
>
>
> John
>
Or something like this:
class common {
# totally remove selinux at this level
}
class common::se-enforcing inherits common {
class { selinux: mode => enforcing }
}
class common::se-permissive inherits common {
class { selinux: mode => permissive }
}
class common::se-disabled inherits common {
class { selinux: mode => disabled }
}
node server1 {
include common::se-enforcing
}
node server2 {
include common::se-permissive
}
-- “Sometimes I think the surest sign that intelligent life exists elsewhere in
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
