我正在编写一个伪造的Ceph部署模块,需要在管理节点上生成密钥并将其分发给监视节点。我已经编写了服务器端函数以在密钥生成后检索它们,但只希望在它们存在后才分发它们。
n.b。这些示例来自Puppet3,因此没有Ruby派发:(
什么是收集和分配密钥的纯哲学方法?
示例代码: 清单/admin_node.pp:
exec { "make_${cluster[name]}_${name}_keyring":
command => "/usr/bin/ceph-authtool --create-keyring ${ring[file]} --gen-key -n ${ring[name]} ${ring[auth]}",
require => [ File[$confdir, $bootdir], Package['ceph-common'], ],
creates => $ring[file],
}
lib / puppet / parser / functions / get_remote_file.rb:
module Puppet::Parser::Functions
newfunction(:get_remote_file, :type => :rvalue) do |args|
return "Error 3: " + args.length.to_s + " arguments were provided to get_remote_file.rb. Required is 3 to 5." if args.length < 3 or args.length > 5
remote_host = args[0]
remote_path = args[1]
local_path = args[2]
local_user = (args.length > 3) ? 'runuser -l ' + args[3] + ' ' : ''
remote_user = (args.length > 4) ? args[4] + '@' : ''
# Is the file already down?
return 0 if File.exist?(local_path)
`"#{local_user}bash -c 'scp #{remote_user}#{remote_host}:#{remote_path} #{local_path} 2> /dev/null'"`
return $?.exitstatus
end
end
清单/monitor_node.pp:
unless file_exists($master_key) {
get_remote_file($adm_node, $monitor_keyring, $master_key)
}
exec { "check_${cluster[name]}.mon.keyring":
command => '/bin/yes',
onlyif => "/usr/bin/test -e $master_key",
}
file { "$libdir/${cluster[name]}.mon.keyring":
ensure => $f_action,
source => "puppet:///modules/ceph$libdir/${cluster[name]}.mon.keyring",
require => Exec["check_${cluster[name]}.mon.keyring"],
}
感谢您提供有关如何解决此问题的任何想法。我了解这在Puppet中没有激励。什么是好的方法?