On Saturday, May 4, 2019 at 5:29:53 PM UTC-5, Daniel Kinon wrote:
>
> Hey Stephen and all,
> You are correct in your assumptions, and this definitely solved my
> problem. I tried going down this path before but only met failure, looks
> like my declaration syntax might have been wrong and I might have also had
> issues with the define syntax itself but I'm unsure at this point. Most
> importantly, it works!
>
> So now that this is working, will it also work if I have multiple
> different manifests declaring the same resource?
>
No. Defined resource types are resource types like any other. You may not
declare duplicate resources of any type.
> I'm trying to use the concept of roles so that I can assign one to many
> roles to each host. So lets assume the username is *testing*. If I have
> role1.pp declare `base::systemusers { testing: }` and role2.pp also
> declares the same user, I'm assuming that will also create a resource
> duplication.
>
Yes, it will.
> If that assumption is incorrect then I'm good, otherwise I'm not sure
> how to solve that issue. I've read up on virtual resources and I think I
> understand how the declaration works however I'm unsure where to
> collect/realize that resource.
>
Virtual resources are one way to approach this problem. The setup could go
something like this:
- There is *one* class that declares all the virtual base::systemuser
resources that are used by any system under management, say
base::privileged_users.
- Each role class includes class base::privileged_users (remember that
classes may be declared as many times as desired with include-like
declarations)
- Each role class realizes the base::systemuser resources it requires.
But really, these days the emphasis and recommendation is to push
configuration details out of manifests into external data (which dovetails
nicely with automated data binding and include-like class declarations).
Going this way opens up a great expanse of possibilities to either avoid
duplication in the first place or to resolve it in Puppet code, prior to
declaring anything. For example, you could
- externalize the user details with which you would parameterize
base::systemuser resources
- externalize mappings between roles and sets of users
- externalize the set of roles each node has
- provide a class that determines which system users are required by
merging the user lists from all of the target node's roles, and declares
all the wanted base::systemuser resources based on the external data
One of the advantages of going this route is that when you want to change
user details or user - role mappings, you only need to modify your data,
not your manifests.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/0a42e905-8d56-43d3-a90d-4e11cedb7fac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
