[Puppet Users] Help pulling data from hiera hash

Mon, 23 Jul 2018 18:57:02 -0700 

I am required to configure FreeRADIUS with a white list of authorized MACs
that are allowed on my network. I currently have a module that uses a file
resource to drop the authorized_macs file selected by hostname of the
server from my modules file directory. For example, currently server1 gets
freeradius/files/server1_authorized_macs dropped into the proper location.

I am also using ghoneycutt/hosts to manage /etc/hosts on my servers. Every
devices that is required to be listed in the authorized MACs file has an
/etc/hosts entry managed via this module and defined in the server's yaml
file.

I would like to modify my freeradius module to dynamically build the
authorized_macs file based based on data in hiera instead of managing a
file per server in my module. I plan to add a key to the existing
hosts::host_entries hash already in place for the ghoneycutt/hosts module
that contains the MAC of the host and use that to generate my
authorized_macs file.

Is the sample code below on the right path for this? This is the first time
I've done anything more complicated than a simple variable lookup in hiera.
I haven't tested any of the code below, just trying to get an idea if I'm
heading down the right path first.

sample hiera node file:
hosts::host_entries::
  'fqdn-1':
    ip: '192.168.1.1'
    host_aliases:
      - 'host-1'
    mac: '00-00-00-00-00-11'
  'fqdn-2':
    ip: '192.168.1.2'
    host_aliases:
      - 'host-2'
    mac: '00-00-00-00-00-22'

freeradius/manifests/config.pp
class config (
  $host_entries = $hosts::host_entries
) {
  validate_hash($host_entries)
  $host_entries.each |$host_entry| {
    validate_hash($host_entry)
    $host_entry.each | $title, $attributes| {
      validate_hash($attributes)
      if has_key($attributes, 'mac') {
        #insert code here to add the $mac to the authorized_macs file on
this server
      }
    }
  }
}


Thanks,
Nick Hasser

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAmyyqoCr-Ni9%3DtKeFYH65vhPxoxKx6xJxO8PBbS0Xaa%2BfCPzw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to