Ask Your Question
0

Accessing resource collector from template

asked 2015-02-18 22:17:36 -0500

Supermathie gravatar image

I'm using puppet to deploy haproxy configurations and SSL keys/certificates.

I'm trying to use puppet's knowledge about the deployed keyfiles to automatically generate parts of the haproxy configuration but I'm a little stumped on how to best accomplish this.

I've reduced the problem to the following non-working code:

config.erb

This site's certificates are:
<% @certs.each do |crt| -%>* <%= crt.title %>
<% end -%>

test.pp

file { '/tmp/1.ssl': ensure => file, content => "secret 1", tag => [site1] }
file { '/tmp/2.ssl': ensure => file, content => "secret 2", tag => [site1,site2] }
file { '/tmp/3.ssl': ensure => file, content => "secret 3", tag => [site2] }

$certs = File <| tag == site1 |>

file { '/tmp/config.ssl':
    ensure => file,
    content => template('config.erb'),
}

As my puppet-fu is comparatively weak I'm hoping someone can point me in the correct direction.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2015-02-19 09:00:29 -0500

DGM gravatar image

updated 2015-02-19 09:02:20 -0500

I would need more information about the exact nature of the key and cert deployment and where/how they are used in the haproxy configuration to give details, but I can give you some general info that will enhance your puppet-fu and maybe lead you to a solution:

The resource collector is used to "realize" (activate? include?) virtual resources you have defined elsewhere (using notation like '@file' instead of 'file' when defining the resource makes it a virtual resource). So in a nut shell, it allows you to define a bunch of virtual resources in one place and then use the resource collector to include a subset of those resources in a given catalog (in essence, adding a set of file resources to the list of things your client needs to verify/create). This is usually handy for centralizing things like host and user definitions, and then having individual classes realize the ones that they care about (for example, all of your users are in a master list, but since only the application nodes collect the user tagged 'app_user', the application user only gets created on those nodes). In this instance, you appear to be trying to access the information about the file resources, which isn't really what it was built for.

A variation on virtual resource/collector is the ability to export resources from one node, and import/collect them on another (resources are exported using notation like @@file; importing resources uses <<| |>> instead of <| |>). This allows you, for example, to have one node define a file and then on another node collect/realize that resource to be added to its own catalog. I think this ability gets you a bit closer to the functionality you are interested in, but it isn't a quick win or anything. BIG NOTE: Function calls (like 'template') inside the parameters for an exported resource are evaluated during catalog compilation for the node that is importing/realizing the resource. That means if you call a template inside an exported resource definition and that template uses the 'hostname' variable, the file that ends up on the importing node will contain that importing nodes hostname, NOT the hostname of the node that exported the file. An easy way around this is to store the results of the template in a variable, and then set the exported file resource's content to that variable (thus exporting a static string as the files contents).

Before you go much further, there are a few Puppet modules you might want to look into:

HAProxy: It might not do everything you need, but it can generate a fairly decent HAProxy configuration with the ability to add in balance members as they are provisioned and all that.

concat: A version of this also comes pre-installed with Puppet Enterprise. This module lets you define a file, and then register fragments/snippets that will be used to make up that file. This is vary handy for dynamically assembling a file based on snippets ... (more)

edit flag offensive delete link more

Comments

Evidently resource collectors may not do what I was thinking they would do - I want to more or less reference all types of a resource defined with a specific tag, as per my example.

Supermathie gravatar imageSupermathie ( 2015-02-25 19:59:24 -0500 )edit
0

answered 2015-02-26 00:35:38 -0500

Supermathie gravatar image

In my particular situation the right thing to do was to drive both the generation of the content and the aggregation of data from the same variables - it doesn't really solve the problem but feels like a more puppet-like approach:

config.erb

This site's certificates are:
<% @certs.each do |crt| -%>* <%= crt %>
<% end -%>

test.pp

include stdlib

define cert {
    file { "/tmp/$title.ssl" :
        ensure => file, content => "secret $title",
    }
}

$site1 = [1,2]
$site2 = [2,3]
$certs = unique(flatten([$site1,$site2]))

cert{$certs:}

file { '/tmp/config.ssl':
    ensure => file,
    content => template('config.erb'),
}
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-02-18 22:17:36 -0500

Seen: 764 times

Last updated: Feb 26 '15