On Monday, April 7, 2014 6:58:40 PM UTC-5, Andreas Ntaflos wrote:
>
> Hi list,
>
> I am in the process of writing a module to manage strongSwan, an IKE
> keying daemon for IPsec VPNs on Linux [1]. The strongSwan daemon's
> (charon) configuration file is basically formatted like a hash, with
> sections containing key-value pairs that may themselves contain further
> sections [2]. Sections may also be empty. I don't think there is a
> maximum depth defined.
>
> It seems to me that this kind of configuration file format is easily
> modelled as a Puppet/Ruby hash, so now I am wondering how I can go about
> rendering the configuration file from such a hash.
>
> Is it feasibly to use an ERB template for this? You may notice that I am
> (still) not much of a Ruby guy and I don't want to reinvent any wheels,
> so I am asking: what are my options?
>
>
ERB is just a convenient way of writing a Ruby program to output data
containing (usually) substantial portions of static text mixed with some
(or many) dynamic bits. Pretty much anything you can do with Ruby, you can
do with Ruby in ERB.
> Can ERB templates in Puppet be used to render hashes of arbitrary depth?
>
Ruby has no built-in limit on hash depth. Whether you can use ERB to
render your particular hashes is more likely to depend on how clever you
are than on the limits of the tool. It is, however, an interesting problem.
> Or should I look to something else? Can this even be done?
>
>
Of course it can be done. You can plug arbitrary software into Puppet via
a variety of techniques, so any computation you want to perform, you can
perform in Puppet.
> I'd appreciate any and all pointers and ideas.
>
> Here is an example hash that I would supply as a parameter to my
> strongswan class:
>
> charon_config => {
> ikesa_limit => '0',
> install_virtual_ip => 'yes',
> keep_alive => '20s',
> host_resolver => {
> max_threads => '3'
> },
> processor => {
> priority_threads => {
> high => '1',
> medium => '4'
> }
> },
> tls => {},
> x509 => {}
> }
>
> This should result in the following configuration file content (sorting
> the keys is only of secondary concern):
>
Actually, no, sorting the keys is a primary concern because otherwise the
computed content may not be stable, which could cause Puppet to needlessly
update the file.
>
> charon {
> ikesa_limit = 0
> install_virtual_ip = yes
> keep_alive = 20s
> host_resolver {
> max_threads = 3
> }
> processor {
> priority_threads {
> high = 1
> medium = 4
> }
> }
> tls {
> }
> x509 {
> }
> }
>
>
So, here's an attempt at an ERB template to produce that output from the
given input:
strongswan.conf.erb:
-----------------------------
<%
default_handler = Proc.new do |v|
%> = <%= v.to_s %>
<%
end
hash_handler = Proc,new do |v|
%> {
<%
v.sort_by { |k,v| k }.each do |pair|
%><%= pair[0] %><%
(v.is_a? Hash ? hash_handler : default_handler).call(v)
end
%>
}
<%
end
-%>
charon <%
hash_handler.call(@charon_config)
%>
----
I've never tried using procs inside an ERB before, but I think it will
work, and I haven't come up with another means to handle recursion inside a
template. Do note, however, that the template is almost all Ruby. That's
a good sign that you would be better off writing it as a custom function (
http://docs.puppetlabs.com/guides/custom_functions.html) to generate the
output.
Note, too, that the above ERB, if it works, leaves indentation as an
exercise for the reader. :-)
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/4eb8c7de-b342-40aa-af06-85c52c4879ec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
