[PATCH/RFC] func: Simplify minion.conf creation

Todd Zullinger tmz at pobox.com
Sun Aug 29 16:23:50 UTC 2010


Puppet conveniently makes most variables from Puppet.settings available
via Puppet[:variable].  Use this to generate minion.conf via a standard
ERB template.
---

This change is the sort of thing that really begs for a second set of
eyes, as it would cause too much trouble if it didn't work as
intended.

A quick way to test that the template does the right thing is to grab
http://fedorapeople.org/~tmz/tmp/func-minion-template-test.pp and run
it through puppet, e.g. sudo puppet /tmp/func-minion-template-test.pp.

I noticed this while poking the func setup to see what settings were
needed to make func use puppet's certificates with the new code from
Seth in func's git tree.  (I also noticed that the overlord.conf isn't
puppet managed, and that's the one I was more curious to see, easily
found on puppet01. ;)

 modules/func/files/make-minion-conf.sh |   24 ------------------------
 modules/func/manifests/init.pp         |   24 ++++++++++++------------
 modules/func/templates/minion.conf.erb |   13 +++++++++++++
 3 files changed, 25 insertions(+), 36 deletions(-)
 delete mode 100755 modules/func/files/make-minion-conf.sh
 create mode 100644 modules/func/templates/minion.conf.erb

diff --git a/modules/func/files/make-minion-conf.sh b/modules/func/files/make-minion-conf.sh
deleted file mode 100755
index ea50c95..0000000
--- a/modules/func/files/make-minion-conf.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/bash
-   
-
-certfile=`ruby -e "require 'puppet'; Puppet.parse_config; puts Puppet.settings['hostcert']"`
-keyfile=`ruby -e "require 'puppet'; Puppet.parse_config; puts Puppet.settings['hostprivkey']"`
-cacert=`ruby -e "require 'puppet'; Puppet.parse_config; puts Puppet.settings['localcacert']"`
-
-
-cat <<EOM>/etc/func/minion.conf
-# configuration for minions
-
-[main]
-log_level = DEBUG
-acl_dir = /etc/func/minion-acl.d
-
-listen_addr =
-listen_port = 51234
-use_certmaster = 0
-   
-cert_file = $certfile
-key_file = $keyfile
-ca_file = $cacert
-
-EOM
diff --git a/modules/func/manifests/init.pp b/modules/func/manifests/init.pp
index 50d6ed8..b9d39fe 100644
--- a/modules/func/manifests/init.pp
+++ b/modules/func/manifests/init.pp
@@ -23,23 +23,23 @@ class func::funcd {
         }
     }
 
+    File {
+        require => Package['func'],
+    }
+
     file { '/etc/logrotate.d/func_rotate':
         source => 'puppet:///func/func_rotate',
-        require => Package['func']
-    }
-    file { '/usr/local/bin/make-minion-conf.sh':
-         source => 'puppet:///func/make-minion-conf.sh',
-         require => Package['func'],
-         mode => 0750,
-         notify => Exec['makeminionconf']
     }
-    exec { 'makeminionconf':
-        require => File['/usr/local/bin/make-minion-conf.sh'],
-        command => '/bin/bash /usr/local/bin/make-minion-conf.sh',
-        refreshonly => true,
-        notify => Service['funcd']
+
+    file { '/etc/func/minion.conf':
+        content => template('func/minion.conf.erb'),
+        notify  => Service['funcd'],
     }
 
+    # This can be removed once all systems are updated
+    file { '/usr/local/bin/make-minion-conf.sh':
+         ensure => absent,
+    }
 }
 
 class func::certmaster {
diff --git a/modules/func/templates/minion.conf.erb b/modules/func/templates/minion.conf.erb
new file mode 100644
index 0000000..33395ca
--- /dev/null
+++ b/modules/func/templates/minion.conf.erb
@@ -0,0 +1,13 @@
+# configuration for minions
+
+[main]
+log_level = DEBUG
+acl_dir = /etc/func/minion-acl.d
+
+listen_addr =
+listen_port = 51234
+use_certmaster = 0
+
+cert_file = <%= Puppet[:hostcert] %>
+key_file = <%= Puppet[:hostprivkey] %>
+ca_file = <%= Puppet[:localcacert] %>
-- 
1.7.2.2

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
History teaches that grave threats to liberty often come in times of
urgency, when constitutional rights seem too extravagant to endure.
    -- Justice Thurgood Marshall, 1989



More information about the infrastructure mailing list