[openstack-dev] [puppet][keystone] Choose domain names with 'composite namevar' or 'meaningless name'?
Rich Megginson
rmeggins at redhat.com
Fri Sep 18 17:29:14 UTC 2015
On 09/16/2015 02:58 PM, Cody Herriges wrote:
> I wrote my first composite namevar type a few years and ago and all the
> magic is basically a single block of code inside the type...
>
> https://github.com/puppetlabs/puppetlabs-java_ks/blob/master/lib/puppet/type/java_ks.rb#L145-L169
>
> It basically boils down to these three things:
>
> * Pick your namevars
> (https://github.com/puppetlabs/puppetlabs-java_ks/blob/master/lib/puppet/type/java_ks.rb#L49-L64)
> * Pick a delimiter
> - Personally I'd use @ here since we are talking about domains
Unfortunately, not only is "domains" an overloaded term, but "@" is
already in use as a delimiter for keystone_user_role, and "@" is a legal
character in usernames.
> * Build your self.title_patterns method, accounting for delimited names
> and arbitrary names.
>
> While it looks like the README never got updated, the java_ks example
> supports both meaningful titles and arbitrary ones.
>
> java_ks { 'activemq_puppetca_keystore':
> ensure => latest,
> name => 'puppetca',
> certificate => '/etc/puppet/ssl/certs/ca.pem',
> target => '/etc/activemq/broker.ks',
> password => 'puppet',
> trustcacerts => true,
> }
>
> java_ks { 'broker.example.com:/etc/activemq/broker.ks':
> ensure => latest,
> certificate =>
> '/etc/puppet/ssl/certs/broker.example.com.pe-internal-broker.pem',
> private_key =>
> '/etc/puppet/ssl/private_keys/broker.example.com.pe-internal-broker.pem',
> password => 'puppet',
> }
>
> You'll notice the first being an arbitrary title and the second
> utilizing a ":" as a delimiter and omitting the name and target parameters.
>
> Another code example can be found in the package type.
>
> https://github.com/puppetlabs/puppet/blob/master/lib/puppet/type/package.rb#L268-L291.
Ok. I've hacked a lib/puppet/type/keystone_tenant.rb to use name and
domain with "isnamevar" and added a title_patterns like this:
def self.title_patterns
identity = lambda {|x| x}
[
[
/^(.+)::(.+)$/,
[
[ :name, identity ],
[ :domain, identity ]
]
],
[
/^(.+)$/,
[
[ :name, identity ]
]
]
]
end
Then I hacked one of the simple rspec-puppet files to do this:
let :pre_condition do
[
'keystone_tenant { "tenant1": name => "tenant", domain =>
"domain1" }',
'keystone_tenant { "tenant2": name => "tenant", domain => "domain2" }'
]
end
because what I'm trying to do is not rely on the title of the resource,
but to make the combination of 'name' + 'domain' the actual "name" of
the resource. This doesn't work. This is the error I get running spec:
Failure/Error: it { is_expected.to
contain_package('python-keystone').with_ensure("present") }
Puppet::Error:
Puppet::Parser::AST::Resource failed with error ArgumentError:
Cannot alias Keystone_tenant[tenant2] to ["tenant"]; resource
["Keystone_tenant", "tenant"] already declared at line 3 on node
unused.redhat.com
# ./vendor/gems/puppet-3.8.2/lib/puppet/resource/catalog.rb:137:in
`alias'
# ./vendor/gems/puppet-3.8.2/lib/puppet/resource/catalog.rb:111:in
`create_resource_aliases'
# ./vendor/gems/puppet-3.8.2/lib/puppet/resource/catalog.rb:90:in
`add_one_resource'
Is there any way to accomplish the above? If not, please tell me now
and put me out of my misery, and we can go back to the original plan of
forcing everyone to use "::" in the resource titles and names.
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150918/cdf7b730/attachment.html>
More information about the OpenStack-dev
mailing list