2

Puppet template files are erb rails files.

I want the line:

Include modsecurity.d/*.conf

To be included in the final file if the class mod_security is included.

From the puppet docs: http://docs.puppetlabs.com/guides/templating.html -

And this snippet will print all the defined class in the catalog:

<% classes.each do |klass| -%>
The class <%= klass %> is defined
<% end -%>

Conditional:

<% if broadcast != "NONE" %>        broadcast <%= broadcast %> <% end %>

I am new to the syntax. Does defined mean the same as included? For the conditional how would I check a particular class i.e. if isdefined(mod_security)...?

Joshua Enfield
  • 3,454
  • 8
  • 42
  • 59

2 Answers2

3

Defined classes does mean that the class is included. Just to be clear, the <% if broadcast ... bit is not the way to check the inclusion of the broadcast class, but rather to syntax of a conditional using the value of the broadcast variable, the classes array contains the names of all the defined classes.

This would be how you would check for the mod_security class for instance:

<% if classes.include?("mod_security") %>
conditional text
<% end %>

Edit:

Whoops...the method is called include? not includes?. Fixed above.

mark
  • 2,365
  • 14
  • 11
  • I tried this and had no luck. It doesn't want to use the includes method. If I do `classes.inspect` it does appear to list the involved classes. Is there anyway I can check the list for a specific entry? – Joshua Enfield Oct 14 '10 at 20:37
  • Josh -- I've updated my answer (added an "s" where it didn't belong), let me know it's still not working for you. – mark Oct 18 '10 at 01:49
3

Be careful doing this because whether the class is included in the 'classes' variable depends on when in the puppet run this particular template is evaluated, and that might be non-deterministic. It's quite possible that your template will be evaluated and then later on during the run your mod_security class gets included and evaluated.

Two ways around this:

  1. if you can guarantee it'll be added by an external node classifier, it's safe

  2. better still, make a custom fact that ascertains the presence of mod_security and use that factname as your conditional variable.

    Facter.add("mod_security_version") do setcode do version = %{rpm -qa | grep mod_security} if version.empty? version = 0 end version end end

Then in your template:

<% if ! mod_security_version.eql?("0") %>
Include modsecurity.d/*.conf
<% end %>

Note this needs to be a string comparison (not mod_security_version != 0) because all facter facts are strings once they hit ERB.

eric sorenson
  • 971
  • 8
  • 10