phact_erb - 源码 - 源码 - 免费下载

phact_erb

文件大小： unknow

源码售价： 5 个金币积分规则积分充值

资源说明：use multi-valued (and anonymous data structs) facts in your puppet erbs

Whenever I'm creating erb templates for config files in puppet, I find the single-valued facts that facter provides to be very limiting. When I want to do something like re-configure a VPN, or shift mail server load around, I need to be able to query external sources and get the data from the *authorititative* source to make a config change. 

Note: a puppetmasterd server is not authoritative. If you want to know what your domain's MX records are, you don't query a puppetmasterd, because it doesn't matter what the puppetmasterd thinks the state should be. It's the actual MX records *in DNS* that clients are going to send mail to. 

(i.e. "Authoritative" == "where everything that isn't a puppet client looks for this information.")

Sure, the puppetmasterd may change that information in the authoritative source, but until it does, all the clients will use what DNS says anyway, so there's no point in configuring a system for what the state *will be*, you need it configured for what the state *actually is*.

So this little module just queries the system, DNS, and LDAP for my current desired states, and populates variables in my erbs that may be iterated on. This was originally put together to pair ip the remote and sainfo sections of a racoon.conf file, so let's look at what that file needs as an example...

== 

I need:
   # what facter provides "out of the box"
   my_hostname     facter:host facter:fqdn
   my_ip           facter:ipaddress
   my_domain       facter:domain

   # custom facts we wrote
   my_basedn       facter:base_dn           || derived from domain
   my_binddn       facter:bind_dn           || derived from $hostname & $domain
   my_bindpw       facter:bind_pw           || derived from `secret`
   anon_binddn     facter:anonymous_bind_dn
   anon_bindpw     facter:anonymous_bind_pw

   # things not suited for facts at all, because they're multi-valued key-value sets (suited for LDAP)

   my_vpn          ldap: cn=${domain},ou=VPNs,ou=Sets,${basedn}
   my_dhcp_network ldap: cn=${host}-vpn-anon,ou=Networks,${basedn}
   my_dhcp_netmask ldap: cn=${host}-vpn-anon,ou=Networks,${basedn}

   am_i_ldap_host  dns srv || ldap relativeDomainName(srv)

   pool_size       derive from my_dhcp_netmask

   @peers          ldap: cn=${domain},ou=VPNs,ou=Sets,${basedn} (uniquMembers)
   hostname[peer]  ldap: :cn
   ipaddr[peer]    ldap: :ipHostNumber (not in an ou=Network?) || dns?
                   ldap: relativeDomainName=,dc=websages,dc=com,ou=DNS,${basedn}



==

so a block of code like:

p = PhactERB.new
data ={
        :fqdn     => p.fqdn,
        :hostname => p.hostname,
        :domain   => p.domainname,
        :basedn   => p.basedn,
        :binddn   => p.binddn,
        #:bindpw   => p.bindpw,
        #:secret   => p.secret,
        :ipaddress => p.default_ipaddress,
        :imma_ldap => p.imma_ldap_server,
        :default_route => p.default_route,
        :default_iface => p.default_iface,
        :dns      => {
                        :soa   => p.dig(p.domainname, 'SOA' ),
                        :ldaps => p.dig(['_ldaps._tcp',p.domainname].join('.'),'SRV' ),
                        :mx    => p.dig(p.domainname, 'MX' ),
                        :ns    => p.dig(p.domainname, 'NS' ),
                        :a     => p.dig(p.domainname, 'A' ),
                        :ptr   => Array.new,
                     },
        :vpn => p.vpn_data(p.domainname)
}
 
# add some things that depend on the element being pre-defined as an array in a hash before we can reference the hash...
p.dig(p.domainname, 'A' ).each do | ptr | data.fetch(:dns).fetch(:ptr).push(ptr) end

require 'yaml'
puts YAML::dump( data )

== 

will generate an anonymous data struct I can use in my erb like: ( I don't need nearly all of this)

--- 
:imma_ldap: false
:fqdn: eir.websages.com
:vpn: 
- :vpn_ip: 172.16.0.2
  :network: 172.16.0.64
  :cidr: 172.16.0.64/27
  :netmask: 255.255.255.224
  :pool: 32
  :pub_ip: 65.19.178.106
  :peer: odin.websages.com
- :vpn_ip: 172.16.0.1
  :network: 172.16.0.32
  :cidr: 172.16.0.32/27
  :netmask: 255.255.255.224
  :pool: 32
  :pub_ip: 72.14.177.235
  :peer: freyr.websages.com
- :vpn_ip: 172.16.0.3
  :network: 172.16.0.96
  :cidr: 172.16.0.96/27
  :netmask: 255.255.255.224
  :pool: 32
  :pub_ip: 207.192.74.54
  :peer: thor.websages.com
- :vpn_ip: 172.16.0.10
  :network: 172.16.0.128
  :cidr: 172.16.0.128/27
  :netmask: 255.255.255.224
  :pool: 32
  :pub_ip: 74.207.230.73
  :peer: loki.websages.com
- :vpn_ip: 172.16.0.11
  :network: 172.16.0.160
  :cidr: 172.16.0.160/27
  :netmask: 255.255.255.224
  :pool: 32
  :pub_ip: 74.207.235.127
  :peer: vili.websages.com
:dns: 
  :ptr: 
  - 65.19.178.106
  - 72.14.177.235
  :mx: 
  - mail04.websages.com
  - mail05.websages.com
  - mail01.websages.com
  - mail02.websages.com
  - mail03.websages.com
  :soa: 
  - :refresh: 43200
    :retry: 3600
    :rname: hostmaster.websages.com
    :expire: 1209600
    :serial: 2009032401
    :minimum: 3600
    :mname: ns01.websages.com
  :ns: 
  - ns03.websages.com
  - ns01.websages.com
  - ns02.websages.com
  :a: 
  - 72.14.177.235
  - 65.19.178.106
  :ldaps: 
  - :server: loki.websages.com
    :port: 636
  - :server: odin.websages.com
    :port: 636
  - :server: thor.websages.com
    :port: 636
  - :server: vili.websages.com
    :port: 636
  - :server: freyr.websages.com
    :port: 636
:basedn: dc=websages,dc=com
:default_route: 172.17.2.1
:default_iface: wlan0
:hostname: eir
:domain: websages.com
:binddn: cn=eir,ou=Hosts,dc=websages,dc=com
:ipaddress: 172.17.2.9

部分文件列表（点击文件名可查看文件内容）

					
									本源码包内暂不包含可直接显示的源代码文件，请下载源码包。