[Fedora-livecd-list] Support for custom configuration using python templates

[David Lutterkort]

On Wed, 2007-05-16 at 17:56 +0100, Mark McLoughlin wrote:
>   - I don't want to have to require setting up a puppet server in order 
>     to build images

Absolutely; for livecd, you want to use the standalone command line
clinet for puppet (as you did)

>   - Having to package the manifest in an RPM sucks, we should probably 
>     have support for copying the manifest into the chroot e.g.
> 
>       $> livecd-creator -t raw -c ./test-image.ks -p iptables.pp --p myiptables.pp

To integrate more tightly, you want to do two things for puppet; (1)
copy a number of puppet modules [1] into the chroot and (2) have a
toplevel manifest that uses those modules and changes the config in the
chroot. It's pretty much what you have, mostly some small changes to
make the setup a little more flexible.

>   - One reason why I include the iptables config inline in the puppet 
>     manifest is that I don't like having stuff scattered over many 
>     different files
> 
>   - The main reason, though, is that I wanted the derived iptables 
>     config to just add some rules rather than completely override the 
>     entire config. Can we do something similar with templating?
> 
>   - This is all fairly clunky, is there a better way?

One thing that makes that clunky is that AFAIK no good way to ask
whether the current iptables has a certain rule installed, and if not
install it. If something like that existed, it would be fairly easy to
write a puppet type that made this a little less clunky. 

The underlying wrangling with iptables and /etc/sysconfig/iptables
doesn't really belong into a config mgmt tool like puppet, but into
tools that make iptables more manageable. This is similar to how
useradd/usermod/userdel make dealing with /etc/passwd pretty
straightforward, and puppet exposes that with the user type.

[1] http://reductivelabs.com/trac/puppet/wiki/ModuleOrganisation