etc.
Even better, if my sniptits take parameters, usually the "lock down
and configuration" difference are only 644 vs 640 perms or what my
password complexity requirments are for pam login or what the defualt
file upload size for apache should be, etc. These "actions" aren't
different - just what we put for the params of the action.
Minor correction --- Snippets can already take parameters. The built
in cobbler variables are already passed to them. In addition, others
can also be passed along IIRC -- the cheetah syntax for this is "#set
global foo" in the master template (see http://cheetahtemplate.org/) and
then variables set there can be passed to templates.
Although it looks like from the other thread that this is going the
directory way, again, is this a mistake given that I don't really want
do some things until the end and some right at the beginning or I
really do want x to follow y to follow z. If we do it all by directory
I would have to name all my snipits 1_... 2_... which would really
make things not so elegant.
I'm not sure that directory system was proposed. What /was/ proposed
was a way to be able to indicate templates for systems in a way that
they could be overriden.
So, if you had a snippet named "driveconfig", it would first look for:
/var/lib/cobbler/snippets/driveconfig/system/$system_name if it exists
And would use that snippet if it existed, if not, failing back to:
/var/lib/cobbler/snippets/driveconfig/profile/$profile_name if it exists
And using it unless it didn't exist and failing back to:
/var/lib/cobbler/snippets/driveconfig
This would allow using the same "webserver" template for 500 servers,
and still allowing for the 1 server that for some reason required a
special exemption to get the configuration it needed, without having to
create a new profile for "webserver-this-one-is-special".
snipit_groups/group1
set_bootloader_password
set_password_retries
set_passwd_min_uppper
set_passwd_min_lower
set_motd
setup_aide
setup_logrotate
This way I can call either a set of actions or a single one in the
cobbler kickstart template.
==== Kickstart Template ====
SNIPIT::_GROUP_
SNIPIT::small_thing
SNIPIT::smaller_thing
Another thing I find useful in this type of setup is that I can also
make a mapping file :
REG1:set_passwd_retries,set_passwd_min_upper,set_passwd_min_lower
REG2:setup_aide
REG3:set_motd
This is getting into config management territory. Have you looked at
running a config management tool locally in post to execute some sort of
policy? Or are there reasons for not doing this? I know there are ways
to execute puppet without requiring a server, and it is probably easier
to express those sort of requirements there as opposed to in Anaconda
scripts with bash/sed/awk.
--Michael
_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/et-mgmt-tools
