I'm setting up my firewalld services via puppet codes as below. My class refer to data hiera to fetch data
class profile::base::firewalld(
Hash $zones = {},
Hash $ports = {},
Hash $services = {},
Hash $rich_rules = {},
Hash $custom_services = {},
Hash $add_services = {},
Hash $remove_services = {},
Array $zone_name = [],
){
class{'firewalld':
zones => $zones,
ports => $ports,
services => $services,
rich_rules => $rich_rules,
custom_services => $custom_services,
}
contain firewalld
#remove firewalld services (ipp-client, samba-client)
$remove_services.each | String $zone, Array[String] $services|{
$services.each | String $service |{
firewalld_service {"${service}":
ensure => absent,
service => $service,
zone => $zone,
}
}
}
#add zone zPrivate zInternet zTier1
$zone_name.each | String $zone_names |{
firewalld_zone{"${zone_names}":
ensure => present,
target => 'default',
purge_rich_rules => true,
purge_services => true,
purge_ports => true,
}
}
I want to use this class multiple times. For example. If I want to re-use the profile::base::firewalld but I dont know how to refer to hiera data with differens variables. Can someone provide my good way to solve my issue. The codes below is my approach but it does not work
class profile::bs::firewalld(
Hash $zones = {},
Hash $ports = {},
Hash $services = {},
Hash $rich_rules = {},
Hash $custom_services = {},
Hash $add_services = {},
Hash $remove_services = {},
Array $zone_name = [],
){
include profile::base::firewalld
}
Related
I am successfully installing several PHP modules by version with puppet on Debian linux like this:
$php_version = '7.3'
ensure_packages([
"php$php_version-xml",
"php$php_version-zip",
"php$php_version-curl",
"php$php_version-mbstring",
"libapache2-mod-php$php_version",
],
{
'ensure' => 'present',
}
)
now I want to prepare for an update from PHP 7.3 to 7.4. This basically works, but the 7.3 packages stay installed. I would like to adapt the code to remove the old packages. I am looking for a way to reuse the list of packages of modules for uninstalling.
I am thinking of a signature like this
class profile::software::apache (
$php_version = '7.4',
$php_remove = ['7.0‘, ‘7.3'],
#...
) {
$myPackages = [
"php$php_version-xml",
"php$php_version-zip",
"php$php_version-curl",
"php$php_version-mbstring",
"libapache2-mod-php$php_version",
]
ensure_packages($myPackages,
{
'ensure' => 'present',
}
)
$php_remove.each | String $php_version | {
ensure_packages($myPackages,
{
'ensure' => 'absent',
}
)
}
}
Is there a way to solve this?
thx
I was able to solve this by using iteration functions of puppet.
From the two parameters I build a hash with keys of versions to work on and values to either install or remove the given version.
Now I can iterate over this hash with each, reusing the structure:
class profile::software::apache (
$php_version = '7.4',
$php_remove = ['7.0‘, ‘7.3'],
#...
) {
# build a hash of PHP Versions with a value of either present or absent
# and iterate over it with each
$phpInstallHash = { $php_version => 'present' }
#notify { "Value of phpRemove: ${php_remove}": }
if $php_remove {
# We have the array, use the map function to build remove hash
$phpRemoveHash = $php_remove.map |$version| {
{ $version => 'absent' }
}
$phpFullHash = $phpInstallHash + $phpRemoveHash
} else {
$phpFullHash = $phpInstallHash
}
#notify { "phpHash to iterate over to install/uninstall: ${phpFullHash}": }
#iterate over the result installing/uninstalling
$phpFullHash.each | $php_version, $ensure_value | {
ensure_packages([
"php$php_version-xml",
"php$php_version-zip",
"php$php_version-curl",
"php$php_version-mbstring",
"libapache2-mod-php$php_version",
],
{
'ensure' => $ensure_value,
require => [Class['apt::update'],
Apt::Source['source_php_sury'],
],
notify => Class['apache::service'],
}
)
}
}
hth
I am getting the following error in the event viewer on my node during a puppet run. I suspect the issue is with incorrect lookup function in my profile.
Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Scconfig::Coserveradmin[SomeSettings]:
parameter 'parameterA' expects a String value, got Undef
parameter 'parameterB' expects a String value, got Undef
parameter 'parameterC' expects a String value, got Undef
parameter 'parameterD' expects a String value, got Undef
coserveradmin is a define resource with all string parameters. I would like to do lookup of values from a Json file
{
"SASettings" : {
"Watchdog" : {
"ParameterA" : "somevalue",
"ParameterB" : "somevalue"
},
"Serversettings" : {
"ParameterC" : "somevalue",
"ParameterD" : "somevalue",
},
"GeneralSettings" : {
"ParameterE" : "somevalue",
"ParameterF" : "somevalue",
},
"customsettings_prod" : {
"ParameterG" :"somevalue",
"ParameterH" : "%{facts.hostname}.example-cloud.com"
},
"customsettings_dev" : {
"ParameterI" :"",
"ParameterK" : "%{facts.hostname}.example.net"
}
}
}
In my hiera.yaml file I have defined the name and path to the json file.
- name: "Desired Some Settings"
path: "default/serveradmin.json"
In profile I have the following code .
class profile::scconfig_someprofile_a {
.
.
.
$hname= $::facts['hostname']
$mac= "${facts['macaddress'].delete(':')}"
$adminpropeties = lookup('SASettings')
if $hname=~someregex {
scconfig::coserveradmin{ 'SomeSettings':
property1 => $adminpropeties['customsettings_prod.ParameterG'],
property2 => $adminproperties['Watchdog.ParameterA'],
property3 => $adminproperties['Watchdog.ParameterB'],
property4 => $adminproperties['Serversettings.ParameterC'],
.
.
.
.
and so on
.
macaddress => $mac,
}
elsif $hname=~someregex {
scconfig::coserveradmin{ 'SomeSettings':
property1 => $adminpropeties['customsettings_dev.ParameterI'],
property2 => $adminproperties['Watchdog.ParameterA'],
property3 => $adminproperties['Watchdog.ParameterB'],
property4 => $adminproperties['Serversettings.ParameterC'],
.
.
.
.
and so on
.
macaddress => $mac,
}
Also adding the code for the "define" resource as requested.
define scconfig::coserveradmin(
String $Property1,
String $Property2,
String $Property3,
String $Property4,
.
.
.
String $macaddress,
) {
$dscmoduleversion = lookup('requires.modules.codsc.version')
if $dscmoduleversion != '' {
$module = {
'name' => 'codsc',
'version' => $dscmoduleversion,
}
}else{
$module = 'codsc'
}
$configname1='someconfig1'
$configname2='someconfig2'
$configname3='someconfig3'
dsc { 'someconfig1':
require => lookup('requires.cloudopssoftware'),
resource_name => 'Someresourcename',
module => $module,
properties => {
configname => $configname1,
Prop1 => $Property1,
Prop2 => $Property2,
Prop3 =>$Property3,
},
}
dsc { 'someconfig2':
require => lookup('requires.cloudopssoftware'),
resource_name => 'someresourcename2',
module => $module,
properties => {
configname => $configname2,
Prop1 => $Property4,
Prop2 => $Property5,
Prop3 =>$Property6,
},
}
dsc { 'someconfig3':
require => lookup('requires.cloudopssoftware'),
resource_name => 'someresourcename3',
module => $module,
properties => {
configname => $configname3,
Prop1 => $Property6,
Prop2 => $Property7,
Prop3 =>$Property8,
.
.
.
Propn => $macaddress
},
}
Please note that the last property which is the macaddress is evaluated within the profile class therefore I don't see any error for it.
Any ideas what could be the issue.
I suspect the issue is with incorrect lookup function in my profile.
That does not appear to be the case. If your lookup() call were not successfully looking up and returning a hash then you would get a different error when you tried to extract values.
I guess it's possible that you're retrieving the wrong hash -- which would be a matter of your hiera configuration and / or data, not the lookup() call itself -- but whether it's the right hash or the wrong one, the syntax you are trying to use to extract the data from it is not matched to the hash structure presented in the question. For example, this expression
$adminpropeties['customsettings_prod.ParameterG']
attempts to retrieve the value whose key is 'customsettings_prod.ParameterG', but the data presented contain no such key.
What you seem to want is
$adminpropeties['customsettings_prod']['ParameterG']
That extracts the value having key 'customsettings_prod', and, that value being a hash itself, extracts its value associated with key 'ParameterG'.
Alternatively, you may find the dig() function convenient for extracting data from nested data structures such as yours:
dig($adminpropeties, 'customsettings_prod', 'ParameterG')
I am very new to Puppet programming.
I have the following class which configures the resolv.conf file correctly:
class dnsclient (
$nameservers = [ 'ns1 ip',
'ns2 ip' ,
'ns3 ip' ],
$options = [ 'rotate',
'timeout:5',
'attempts:3' ],
$search = [ 'example.com',
'example2.com' ],
$domain = 'UNSET',
$sortlist = ['UNSET'],
$resolver_config_file = '/etc/resolv.conf',
$resolver_config_file_ensure = 'file',
$resolver_config_file_owner = 'root',
$resolver_config_file_group = 'root',
$resolver_config_file_mode = '0644',
) {
# Validates domain
if is_domain_name($domain) != true {
fail("Domain name, ${domain}, is invalid.")
}
# Validates $resolver_config_file_ensure
case $resolver_config_file_ensure {
'file', 'present', 'absent': {
# noop, these values are valid
}
default: {
fail("Valid values for \$resolver_config_file_ensure are \'absent\', \'file\', or \'present\'. Specified value is ${resolver_config_file_ensure}")
}
}
file { 'dnsclient_resolver_config_file':
ensure => $resolver_config_file_ensure,
content => template('dnsclient/resolv.conf.erb'),
path => $resolver_config_file,
owner => $resolver_config_file_owner,
group => $resolver_config_file_group,
mode => $resolver_config_file_mode,
}
}
I created a custom fact default_gateway which should find the client default gateway, and according to that I want to then assign different name servers.
I tried to enter the condition at the beginning of the dnsclient class:
class dnsclient
if $default_gateway == 'DG ip' {
$nameservers = [ 'ns1 ip',
'ns2 ip' ,
'ns3 ip' ],
}
But I am getting a syntax error on the client, please advise. Where do I place the if statement to assign different name servers if the default gateway is different.
I assume you need to also remove the $nameservers class parameter, so you would change the beginning of the file to:
class dnsclient (
# This parameter is no longer required?
# $nameservers = [ 'ns1 ip',
# 'ns2 ip' ,
# 'ns3 ip' ],
$options = [ 'rotate',
'timeout:5',
'attempts:3' ],
$search = [ 'example.com',
'example2.com' ],
$domain = 'UNSET',
$sortlist = ['UNSET'],
$resolver_config_file = '/etc/resolv.conf',
$resolver_config_file_ensure = 'file',
$resolver_config_file_owner = 'root',
$resolver_config_file_group = 'root',
$resolver_config_file_mode = '0644',
) {
# Your code goes here:
if $default_gateway == 'DG ip' {
$nameservers = ['ns1 ip', 'ns2 ip', 'ns3 ip'],
}
...
I am using following puppet class
class myclass{
$foo = [{"id" => "bar", "ip" => "1.1.1.1"}, {"id" => "baz", "ip" => "2.2.2.2"}]
map {$foo:}
define map () { notify {$name['id']: } }
}
But this gives me
err: Could not retrieve catalog from remote server: Could not intern from pson: Could not convert from pson: Could not find relationship target "Change_config::Map[ip1.1.1.1idbar]"
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
What is the reason for this ?
Regards,
Malintha Adikari
Your array contains hashes. The resource declaration syntax works only for arrays of strings.
$foo = ["bar", "baz"]
map {$foo:}
define map () { notify {$name: } }
If you want to pass data with each resource title, you need to
build a hash of your data, not an array of hashes
use the create_resources function
Untested example code:
$foo = {
"bar" => { "ip" => "1.1.1.1" },
"baz" => { "ip" => "2.2.2.2" },
}
create_resources('map', $foo)
define map ($ip="") { notify { "$name has ip $ip": } }
I want to provision multiple sets of things on a server using existing puppet modules the simplest example would be:
file { "/var/www/MYVARIABLEHERE":
ensure => "directory",
}
mysql::db { MYVARIABLEHERE:
user => MYVARIABLEHERE,
password => MYVARIABLEHERE,
host => 'localhost',
grant => ['all'],
}
Is there a way to abstract this out so that I can have say an array of pre defined options and then pass them into existing puppet modules so I don't end up with a manifest file that's thousands of lines long?
As per the answer below I have setup:
define mySites {
mysql::db { $name:
user => $name,
password => $name,
host => 'localhost',
grant => ['all'],
}
file { "/var/www/${name}.drupal.dev":
ensure => "directory",
}
}
I then call:
mySites {"site": $name => "test", }
and get the following error:
Could not parse for environment production: Syntax error at 'name'; expected '}'
You could use a define type to simplify as much :
define mydef( $usern, $passn) {
file { "/var/www/$usern":
ensure => "directory",
}
mysql::db { $usern :
user => $usern,
password => $passn,
host => "localhost",
grant => ['all'],
}
}
# You have to call the define type for each cases.
mydef{"u1": usern => "john", password => "pass", }
# It might be possible to provide multiple arrays to a define
# type if you use puppet's future parser