I need to call a recipe and pass it specific attribute data, like:
include_recipe [nginx::passenger['my_attributeA' => 'foobar' , 'my_attributeB' => 'foofii']
i.e. in my wrapper, I have to pass data to a called cookbook.
Thanks
Node attributes in chef are global variables you should do this by setting them in the attributes file:
my_cookbook/attributes/default.rb:
default['my_attributeA'] = 'foobar'
default['my_attributeB'] = 'foofii'
my_cookbook/recipe/default.rb:
include_recipe "nginx::passenger"
my_cookbook/metadata.rb:
name "my_coobook"
version "1.2.3"
depends "nginx"
Note, gnerally you'd be setting node attributes like default['nginx']['some_nginx_cookbook_attribute'] in your wrapper to control the nginx cookbook, you probably wouldn't be setting something arbitrary like default['my_attributeA'].
there is no need to pass an argument for attribute assignment; rather, you will need to overload the attribute before including the desired recipe.
the attributes set in the dependent cookbooks before including other dependee cookbook, will be merged.
if the attribute precedence levels are the same, then that data is merged. If the attribute value precedence levels in an array are different, then that data is replaced. For all other value types (such as strings, integers, etc.), that data is replaced.
Related
When writing terraform modules, one is commonly writing pass through variables/inputs for dependent objects.
How can I write the variable so that the description/type just references the dependent description?
I imagine something like
variable "foo" {
type = dependant.resource.foo.var.type
description = dependant.resource.foo.var.description
default = "module default"
}
Variable descriptions are metadata used by Terraform itself (specifically: by documentation mechanisms like Terraform Registry) and are not data visible to your module code.
Each module's input variables and output values must be entirely self-contained. Mechanisms like the Terraform Registry rely on this so that they are able to generate the documentation for a module only by reference to that module, without any need to fetch and analyze any other modules or other dependencies.
If you do intend to have a variable just "pass through" to a child module or to a resource configuration then you will need to redeclare its type and description in your module.
I would also suggest considering the advice in the documentation section When to write a module; directly passing through a variable to a child object isn't necessarily a wrong thing to do, but it can result from a module not raising the level of abstraction and therefore not passing the test described there.
In such cases, it can be better to use module composition instead of nested modules.
In this case would mean that the caller of your module would themselves call the other module you are currently wrapping. Instead of your module taking that other module's input variables as its own, it would be declared to accept the other module's output values as its input, so that the caller can pass the object representing the first module result into the second module:
module "first" {
# ...
}
module "second" {
# ...
first = module.first
}
Inside this "second" module, the input variable first would be declared as requiring an object type with attributes matching whatever subset of the output values of "first" that the second module depends on.
I have a module "base" with an init.pp class which has some parameters as such:
class base (
$listen_ip = "xx.xx.xx.xx",
$listen_port = 3306,
$admin_username = 'admin',
$admin_password = 'admin',
)
{
...
}
Then I have created a profile "base" where I want to set some of the parameters:
class profile::base {
class { 'base':
$listen_ip = "xxx.xxx.xx.xx",
$listen_port => 6033,
}
}
Then the is a secondary profile where I want to set the username and password:
class profile::department::sales::base {
class { '::profile::base':
$admin_username = "some_user",
$admin_password => "some_pw",
}
}
However it's not possible to set the parameters from the "sales" profile.
The idea is that some values will be always the same for the base class and that some differ based on the department.
However it's not possible to set the parameters from the "sales" profile.
Not exactly. What is not allowed is using two different resource-like declarations for the same class while building one manifest. If you use even one then you must make certain that it is the first (or only) declaration of that class that the catalog builder evaluates.
To understand this, you need to appreciate that assigning parameter values is not the principal purpose of declarations such you are using. The principal purpose is rather to specify that the class in question should be included in the catalog in the first place. In service to that goal, values are bound to all the parameters of a class at the point where its first declaration is evaluated. Thus, your two class declarations do not supplement each other. Instead, they conflict with each other.
Even if the parameter values it specified for class base were identical to those declared by class profile::base, however, Puppet would still object to all uses of class profile::department::sales::base. To simplify evaluation and be absolutely certain to avoid inconsistency, it implements a stronger constraint than is actually required: that only the first-evaluated declaration of any given class may be a resource-like one.
Note: the latest docs actually specify an even stronger constraint than that: "Resource-like class declarations require that you declare a given class only once." In practice, however, this is a simplification (in every version of Puppet so far released since the introduction of parameterized classes). It is likely inspired by the fact that the order in which Puppet manifests are evaluated can be difficult to predict, so if you use include-like declarations along with a resource-like declaration of the same class, in different manifests, then it can be hard to ensure that the resource-like one is always evaluated first.
The idea is that some values will be always the same for the base
class and that some differ based on the department.
For most purposes it is best to avoid resource-like class declarations altogether, relying instead on external data (Hiera) for binding values to class parameters. Hiera recognizes a hierarchy of data sources (hence the name) and supports specifying different parameters at different levels, and even overriding data from one level at a higher-priority level.
My suggestion, then, is to leverage Hiera to assign appropriate parameter values to class base. There are many ways the specifics could play out.
If I create a varaible definition like this:
variable "aws_ecs_config" {
type = object({
cpu = number
memory = number
ecs_image_address = string
})
logs = {
type = object({
group = string
region = string
stream_prefix = string
})
}
}
How can I reuse that definition in multiple places without copy-pasting?
It is not possible to re-use variable declarations in Terraform. If variables in different modules will have the same type, that type must be repeated in each module.
Terraform has a structural type system rather than a nominal type system, so types themselves are not named and instead are matched/constrained by their form. When passing values between modules, we can use type constraints to create conventions between a family of related modules, but there is no mechanism to define a type (or declare a variable) in one place and reuse it in other places.
Terraform's type constraint mechanism considers any object with at least the attributes in the type constraint to be valid, so it's not necessary to define an exhaustive object type every time.
For example, if you define a variable with the following type:
object({
name = string
})
The following object value is acceptable for that type constraint, because it has a name attribute of the correct type regardless of any other attributes it defines:
{
name = "foo"
other = "bar"
}
For that reason, it can be better to limit the variable declaration in each module to only the subset of attributes that particular module actually requires, which reduces the coupling between the modules: they only need to be compatible to the extent that their attribute names overlap, and don't need to directly bind to one another.
Workaround
This is possible without explicit Terraform support. (There are some discussions about types. Weigh in if you think it would be handy)
Terraform allows variables to be declared over multiple files, and if the modules live on a Linux filesystem, reuse is vastly simplified. (Windows folks... well, it is possible, just not pretty and may not play well with version control.)
How?
Move the variable definition to a file named variable.aws_ecs_config.tf
Place it in a well known place. Say, a directory called variables that lives next to modules.
Whenever the variable is needed in a module, create a symlink to the variable file: ln -s <path/to/variables>/variable.aws_ecs_config.tf
Trying to use two of the conf objects find_objects_w_child &
find_objects_wo_child in a single file.
I need to find out "interfaces" from a Cisco config file which have a specific QoS "service-policy" command configured.
At the same time should not be a part of any Etherchannel.
Using object "find_objects_w_child" I can get all 'interface' objects having the command "service-policy" configured on it, and
Using object "find_objects_wo_child" to get all the 'interface' objects which do not have the command "channel-group".
Is it even possible to use these 2 objects on a same config file?
CiscoConfParse objects do not offer a method that allows you to find objects with specific children, but without other specific children. However, we can utilize a list comprehension to accomplish the same task with the IOSCfgLine object's re_search_children() method, as shown below:
from ciscoconfparse import CiscoConfParse
parse = CiscoConfParse("ios_cfg.txt")
phys_intfs_w_qos = [obj for obj in parse.find_objects_wo_child(r"^interface", "channel-group") if obj.re_search_children(r"service-policy")]
Because regex objects are truthy, the above list comprehension will only return IOSCfgLine objects representing interfaces that do not have channel-group configured, but does have service-policy configured.
I am using https://github.com/openstack/puppet-keystone to set up an OpenStack management/controller node. I need to add the 'glance' user to keystone. I want to try and do as much as I can in my hiera data so my manifest will be simple.
Here is my manifest:
class kilo2_keystone {
include controller_ceph
include keystone
include keystone::config
include keystone::user
# keystone_user { 'glance':
# ensure => present,
# }
}
The commented out section works, but I want to be able to do include keystone::user and supply the parameters in my hiera data like so:
keystone::user:
"%{hiera('glance_admin_user')}":
ensure: present
But when I run puppet agent -t on my node I get this error:
Could not find class ::keystone::user
The commented-out code declares a resource of type keystone_user, not a class. Presumably its type, keystone_user, is provided by the puppet-keystone module. The include() family of functions are for declaring classes, not resources, so they are inapplicable to keystone_user.
There is more than one way you could proceed. If you don't anticipate wanting to anything more complicated than declaring one or more keystone_users present, then I'd recommend giving your class a parameter for the user name(s), to which you can assign a value via Hiera:
class kilo2_keystone($usernames = []) {
include controller_ceph
include keystone
include keystone::config
keystone_user { $usernames:
ensure => present,
}
}
On the other hand, if you want to be able to declare multiple users, each with its own set of attributes, then the create_resources() function is probably the path of least resistance. You still want to parameterize your class so that it gets the data from Hiera via automated data binding, but now you want the data to be structured differently, as described in the create_resources() docs: as a hash mapping resource titles (usernames, in your case) to inner hashes of resource parameters to corresponding values.
For example, your class might look like this:
class kilo2_keystone($userdata = {}) {
include controller_ceph
include keystone
include keystone::config
create_resources('keystone_user', $userdata)
}
The corresponding data for this class might look like this:
kilo2_keystone::userdata:
glance:
ensure: present
enabled: true
another_user:
ensure: absent
Note also that you are placing your kilo2_keystone class in the top scope. You really ought to put it in a module and assign it to that module's namespace. The latter would look like this:
class mymodule::kilo2_keystone($userdata = {}) {
# ...
}