How to write Puppet modules for packages such as tigervnc or openvpn that require the user to set passwords or default settings?

Question

I am learning puppet and am trying to write modules to install services such as tigervnc and openvpn.

The problem is that for tigervnc requires the initial password setting by the user. I have tried using: "exec {'/usr/bin/echo password | /usr/bin/vncpasswd > ~/.vnc/passwd" This works if I run it on the command line if I'm logged in as the user but does not work when run via puppet.

The problem with openvnc is that it requires a lot of user interaction for the default settings for certificate generation/certificate authority and key generation. I have tried using execs with the "pkitool" methods which work to a point but not very well or stable. I am also wary of using many execs if there is a better way to do it.

So to sum up my main question is how to deal with these user interactions when trying to automate installations with puppet, and is there a better way than running lots of execs which to me seem like a last resort ?

Thanks

Answer 1

If setting up a piece of software requires user interaction, I don't really see a way around exec. Keeping its use to a minimum is indeed a sensible design goal.

An economic approach is to

1. create a script that does all the necessary lifting that Puppet resources cannot perform
2. make Puppet deploy that script to the agent
3. run it at appropriate times via exec (along with good creates or onlyif queries)

Scripts that run installation wizards that rely on interactive input should probably rely on expect and friends.