Puppet: Referencing variables from a define in a template
Something like this in $template.erb:
<VirtualHost <%= ip %>:443>
Document Root <%= docroot %>
SSLCertificateFile <%= cert %>
# ...
</VirtualHost>
That is, any variable in puppet is available as a local variable in the ruby bits hiding in the .erb file.
Not sure why you have "$template" instead of a named .erb file (not seeing $template set anywhere, but willing to assume it's hiding somewhere)
And this seems wrong: cert => Openssl::Cert["rri"]
. I'd expect something more like:
openssl::cert { "rri": }
And then the .erb would be more like:
<VirtualHost <%= ip %>:443>
Document Root <%= docroot %>
SSLCertificateFile <%= certDirectory %>/<%= name %>
# ...
</VirtualHost>
Related videos on Youtube
gnarf
There are 10 types of people in the world. Those who understand binary, and those who don't. Programmer at Bocoup Open Source: Member of the jQuery Foundation Board, jQuery Core Team, jQuery UI Team, jQuery Infrastructure Lead Stackoverflow Careers Profile GitHub: @gnarf37 Twitter: @gnarf37
Updated on September 17, 2022Comments
-
gnarf over 1 year
I have the following class and definition in puppet:
$certDirectory = "/var/lib/ssl/certs" class openssl { package { "openssl": ensure => latest } file { "openssl": path => "/var/lib/ssl", ensure => directory, mode => 0644 } file { "openssl-certs": path => "/var/lib/ssl/certs", ensure => directory, mode => 0644 } define cert($ensure = present) { $certfile = "${certDirectory}/${name}.cert" $keyfile = "${certDirectory}/${name}.key" $pemfile = "${certDirectory}/${name}.pem" file { "${name}.cert": path => $certfile, source => "puppet:///openssl/${name}.cert", mode => 0640, ensure => $ensure, } file { "${name}.key": path => $keyfile, source => "puppet:///openssl/${name}.key", mode => 0640, ensure => $ensure, } } }
I'm later (in a node) using this openssl::cert define to pass a cert to an apache vhost config:
openssl::cert { "rri": ensure=>present } apache2::site-config { "default": ip => "*", order => "000", docroot => '/home/support/public_html', cert => Openssl::Cert["rri"] }
And inside of the apache2::site-config define:
file { "site-config-$name": path => "/etc/apache2/sites-available/$name", owner => root, group => root, mode => 0644, content => template($template), notify => Exec["reload-apache2"], }
The question I'm having - how can I reference the
$certfile
/$keyfile
from the cert variable in the .erb file located at $template?I'd also be very interested to know if I'm approaching this the wrong way too - its my first time trying to get anything setup using puppet and just trying to play around with what I can do.
UPDATED - Semi Working Now Based on freiheit's answer - I made a few changes to my apache2::site-config
define site-config ( $ensure = 'present', $template = 'apache2/vhost.erb', $docroot, $ip='*', $order='000', $logs = "", $cert = false) { if $cert { File["site-config-$name"] { require=>Openssl::Cert[$cert] } $certfile = "${openssl::certDirectory}/${cert}.cert" $keyfile = "${openssl::certDirectory}/${cert}.key" } file { "site-config-$name": path => "/etc/apache2/sites-available/$name", owner => root, group => root, mode => 0644, content => template($template), notify => Exec["reload-apache2"], }
Then in the .erb
SSLCertificateFile <%= certfile %> SSLCertificateKeyFile <%= keyfile %>
This seems to be working fairly well - I was just hoping that in the event of me changing the cert naming conventions around at some point that I would be able to access the actual filenames from the reference to the Openssl::Cert resource. Still curious to know if there is a way to do that.
-
gnarf over 14 years
$template="apache2/vhost.erb"
in the define forapache2::site-config
- Currently if I print the cert variable from the erb I just getOpenssl::Cert[rri]
, but I think your post showed me my answer I needed anyway - will update in a minute