[Fedora-livecd-list] Support for custom configuration using python templates
David Lutterkort
dlutter at redhat.com
Wed May 16 17:37:33 UTC 2007
On Wed, 2007-05-16 at 17:56 +0100, Mark McLoughlin wrote:
> - I don't want to have to require setting up a puppet server in order
> to build images
Absolutely; for livecd, you want to use the standalone command line
clinet for puppet (as you did)
> - Having to package the manifest in an RPM sucks, we should probably
> have support for copying the manifest into the chroot e.g.
>
> $> livecd-creator -t raw -c ./test-image.ks -p iptables.pp --p myiptables.pp
To integrate more tightly, you want to do two things for puppet; (1)
copy a number of puppet modules [1] into the chroot and (2) have a
toplevel manifest that uses those modules and changes the config in the
chroot. It's pretty much what you have, mostly some small changes to
make the setup a little more flexible.
> - One reason why I include the iptables config inline in the puppet
> manifest is that I don't like having stuff scattered over many
> different files
>
> - The main reason, though, is that I wanted the derived iptables
> config to just add some rules rather than completely override the
> entire config. Can we do something similar with templating?
>
> - This is all fairly clunky, is there a better way?
One thing that makes that clunky is that AFAIK no good way to ask
whether the current iptables has a certain rule installed, and if not
install it. If something like that existed, it would be fairly easy to
write a puppet type that made this a little less clunky.
The underlying wrangling with iptables and /etc/sysconfig/iptables
doesn't really belong into a config mgmt tool like puppet, but into
tools that make iptables more manageable. This is similar to how
useradd/usermod/userdel make dealing with /etc/passwd pretty
straightforward, and puppet exposes that with the user type.
[1] http://reductivelabs.com/trac/puppet/wiki/ModuleOrganisation
More information about the Fedora-livecd-list
mailing list