循环,如果否则在erb模板中的hiera哈希

时间:2017-05-12 18:19:58

标签: puppet erb freeradius hiera

我差不多完成了我的freeradius木偶模块。我现在面临的问题是如何在ERB模板中循环哈希键。我使用radius for 802.1x来验证用户身份。如果用户是特定LDAP组的成员,则radius将为其分配与该组关联的vlan,依此类推。这是我目前的配置:

/etc/freeradius/sites-available/inner-tunnel 

....
....
....
ldap
if (LDAP-Group == vlan_101) {
    update reply {
        Tunnel-Type = VLAN
        Tunnel-Medium-Type = IEEE-802
        Tunnel-Private-Group-ID = 101
    }
}
elsif (LDAP-Group == vlan_102) {
    update reply {
        Tunnel-Type = VLAN
        Tunnel-Medium-Type = IEEE-802
        Tunnel-Private-Group-ID = 102
    }
}
elsif (LDAP-Group == vlan_103) {
    update reply {
        Tunnel-Type = VLAN
        Tunnel-Medium-Type = IEEE-802
        Tunnel-Private-Group-ID = 103
    }
}
else {
    update reply {
        Tunnel-Type = VLAN
        Tunnel-Medium-Type = IEEE-802
        Tunnel-Private-Group-ID = 110
    }
}
  ....
  ....
  ....

我想通过ERB模板创建此文件。

common.yaml 

test_freeradius::tunnel:
    'vlan_101':
        vlan: '101'
    'vlan_102':
        vlan: '102'
    'vlan_103':
        vlan: '103'
    'vlan_110':
        vlan: '110'

我正在使用以下定义。

定义test_freeradius :: tunnel 

define test_freeradius::tunnel (

  $vlan,

){

  include test_freeradius::service

  file { '/etc/freeradius/sites-available/inner-tunnel' :
    ensure  => 'file',
    owner   => 'root',
    group   => 'freerad',
    mode    => '0644',
    content => template("${module_name}/tunnel.erb"),
    require => Class['test_freeradius::install'],
    notify  => Service['freeradius'],
  } 
}

现在在init.pp中调用它

init.pp 

....
....
$groups = hiera('test_freeradius::tunnel')
create_resources(test_freeradius::tunnel, $groups)
....
....

是否可以使用ERB模板创建内部隧道文件,我该怎么办?或者我应该将它用作没有hiera的简单文件并在文件中进行更改?

1 个答案:

答案 0 :(得分:1)

我可以解决它,因此我不知道它是否是一个干净的红宝石代码。由于file资源的重复声明,我不得不重新安排我的定义。

定义test_freeradius :: tunnel 

define test_freeradius::tunnel (

  $vlan,

){

  include test_freeradius::service

  ensure_resource('file', '/etc/freeradius/sites-available/inner-tunnel', { 
      ensure  => 'file',
      owner   => 'root',
      group   => 'freerad',
      mode    => '0644',
      content => template("${module_name}/tunnel.erb"),
      require => Class['test_freeradius::install'],
      notify  => Service['freeradius'],
    }
  )

  ensure_resource('file', '/etc/freeradius/sites-enabled/inner-tunnel', {
      ensure => 'link',
      target => '/etc/freeradius/sites-available/inner-tunnel',
    }
  )
}

这是tunnel.erb的相关部分:

<强> tunnel.erb 

  .....
  .....
  .....
  ldap
  <% @groups.each do |key,value| -%>
  <% if key == 'vlan_10' %>
  if (LDAP-Group == vlan_10) {
      update reply {
          Tunnel-Type = VLAN
          Tunnel-Medium-Type = IEEE-802
          Tunnel-Private-Group-ID = 10
      }
  }
  <% else %>
  elsif (LDAP-Group == <%= key %>) {
    update reply {
        Tunnel-Type = VLAN
        Tunnel-Medium-Type = IEEE-802
        Tunnel-Private-Group-ID = <%= value['vlan'] %>
    }
  }  
  <% end -%>
  <% end -%>
.....
.....
.....

我删除了最后一个else语句,因为我将使用LDAP组来访问LAN和WLAN。

我很高兴有任何建议让代码更清洁。

谢谢!

相关问题
最新问题