Resource collectors can be used to override already existing resources in Puppet catalog.

 

In this lab, we will create “easy::welcome_message” class, which creates :

  • “/etc/issue” file, which contains the welcome message before login
  • “/etc/motd” file,¬†which contains the welcome message after logon
  • “/etc/nologin” file, which stops no root user login attemps

 

[root@puppetserver ~]# cat $(puppet module list | grep examples)/easy/manifests/welcome_message.pp
class easy::welcome_message {

# common values :
  File {
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => 'u=rw,go=r',
  }

  file { '/etc/issue':
    content => "Welcome to my server\n",
  }

  file { '/etc/motd':
    content => "You are connected to an \"${::os['name']} ${::os['release']['full']}\" server\n",
  }

  file { '/etc/nologin':
    content => "System under maintenance, no login permitted\n",
  }

}

Execute this manifest (here : on Puppet server) :

[root@puppetserver ~]# puppet apply -e 'class { "easy::welcome_message": }'
Notice: Compiled catalog for puppetserver.argonay.wou in environment production in 0.14 seconds
Notice: /Stage[main]/Easy::Welcome_message/File[/etc/issue]/ensure: defined content as '{md5}d485401bc9768962769e8ff668c42f8f'
Notice: /Stage[main]/Easy::Welcome_message/File[/etc/motd]/ensure: defined content as '{md5}ff6efc41121398ea07d28ffbeca7ee10'
Notice: /Stage[main]/Easy::Welcome_message/File[/etc/nologin]/ensure: defined content as '{md5}13df0217bbcc23a95f0490b378bfdbf7'
Notice: Applied catalog in 0.26 seconds

Here are files content :

  • “/etc/issue” :
[root@puppetserver ~]# cat /etc/issue
Welcome to my server
  • “/etc/motd” :
[root@puppetserver ~]# cat /etc/motd
You are connected to an "OracleLinux 7.3" server
  • “/etc/nologin” :
[root@puppetserver ~]# cat /etc/nologin
System under maintenance, no login permitted

OK, but for some servers, I would like to authorize login for non root user, so to do that “/etc/nologin” must not exist !

Resource collector

We shall use a resource collector to override “/etc/nologin” Puppet file resource.

Create another class :

[root@puppetserver ~]# cat $(puppet module list | grep examples)/easy/manifests/authorize_login.pp
class easy::authorize_login {

# include "easy::welcome_message" class _
  class { "easy::welcome_message": }

# override "easy::welcome_message" class to remove "/etc/nologin" file if it exists :
  File <| title == '/etc/nologin' |> { ensure => absent }

}

Execute this class (here : on Puppet server) :

[root@puppetserver ~]# puppet apply -e 'class { "easy::authorize_login": }'
Notice: Compiled catalog for puppetserver.argonay.wou in environment production in 0.15 seconds
Notice: /Stage[main]/Easy::Welcome_message/File[/etc/nologin]/ensure: removed
Notice: Applied catalog in 0.14 seconds

You haven’t any “duplicate” error …

Of course, you can execute this manifest many times, once again for example :

[root@puppetserver ~]# puppet apply -e 'class { "easy::authorize_login": }'
Notice: Compiled catalog for puppetserver.argonay.wou in environment production in 0.17 seconds
Notice: Applied catalog in 0.12 seconds
  • “/etc/issue” is still there :
[root@puppetserver ~]# cat /etc/issue
Welcome to my server
  • “/etc/motd” as well :
[root@puppetserver ~]# cat /etc/motd
You are connected to an "OracleLinux 7.3" server
  • “/etc/nologin” has been removed as expected :
[root@puppetserver ~]# ls /etc/nologin
ls: cannot access /etc/nologin: No such file or directory

 

en.pdf24.org    Send article as PDF   

Leave a Reply

Your email address will not be published. Required fields are marked *


*