resource value
Overview
The type allows you to specify individual properties of native Puppet types as resources in a Puppet catalog.
This can be usefull when you need to add specific properties to an exsiting resource, but need to do it somewhere else in your puppet code. Here is an contrived example:
file {'/etc/a.a':
ensure => 'present',
group => 'root',
}
and in some other manifest:
resource_value{ "File[/etc/a.a]owner":
value => 'vagrant'
}
here you add the owner
property to the resource File[/etc/a.a]
. When you run this manifest, you will only see that the File[/etc/a.a]
beeing managed once and all properties beeing set to the correct value.
By default the resource_value
doesn’t allow you to override the existing value. So this means when the value is already set somewhere in the catalog. So when we try this example:
file {'/etc/a.a':
ensure => 'present',
group => 'root',
owner => 'root'
}
resource_value{ "File[/etc/a.a]owner":
value => 'vagrant'
}
This happens:
Error: /Stage[main]/Main/Resource_value[File[/etc/a.a]owner]: Resource_value[File[/etc/a.a]owner]: Property owner value already defined on File[/etc/a.a] in catalog.
Error: Failed to apply catalog: Some pre-run checks failed
When you want to override this behavior check the ` allow_redefine` parameter.
By default the resource_value
type uses an existing resource in the catalog. When you try to use resource_value
without existing resource this happens:
Error: /Stage[main]/Main/Resource_value[File[/etc/a.a]owner]: Resource_value[File[/etc/a.a]owner]: resource 'File[/etc/a.a]' not found in catalog
Error: Failed to apply catalog: Some pre-run checks failed
When you want resource_value
to create the resource, you have to set the allow_create
property to true.
WARNING
The resource_value
is a type that can be useful in specific cases. We have build it to support CIS benchmarks in Puppet. Our use case was to allow the manifest writer to “just do his thing” and us to add the extra security layer. Without knowing to much about each other. That said. Don’t over use this type. Specially the add_value
and the remove_value
override existing values without warning and searching for (logical) errors in your manifest becomes very difficult.
Attributes
Attribute Name | Short Description |
---|---|
add_value | The value you want to add to the array resource property. |
allow_create | Allow creation of the resource if it is not yet in the catalog. |
allow_redefine | Allow redefinition of the property value. |
creation_values | The defaults to use when creating a resource, |
disable_corrective_change | Disable the modification of a resource when Puppet decides it is a corrective change. |
disable_corrective_ensure | Disable the creation or removal of a resource when Puppet decides is a corrective change. |
ensure_value | The value to use for ensuring presence. |
input_array_separator | The separator of a string to divide it into an array, when reading the data. |
name | The full qualified name of the resource value you want to set. |
output_array_separator | The separator of a string to divide it into an array when writing the data. |
property_name | The property of the resource you want to manage. |
provider | resource. |
remove_value | The value you want to remove an entry from the array resource property. |
resource_title | The title of the resource you want to manage. |
resource_type | The name of the type you want to manage. |
unique | The unique maker of the resource you want to manage. |
value | The actual value you want the resource property to be set to. |
warnings | Do emmit warnings when catalog items are changed. |
add_value
The value you want to add to the array resource property.
Here is an example on how to use this:
ora_user { 'USER@test':
ensure => 'present',
default_tablespace => 'USERS',
grants => ['ALTER SYSTEM', 'ALTER DATABASE'],
}
Somewhere else in your manifest, you want to add an extra grant. You can do this like this:
resource_value{'Ora_user[USER@test]grants/1':
add_value => 'SELECT ANY DICTIONARY',
}
The add_value
property also supports an array value:
resource_value{'Ora_user[USER@test]grants/more_grants':
add_value => ['ALTER SESSION', 'CONNECT'],
}
Back to overview of resource_value
allow_create
Allow creation of the resource if it is not yet in the catalog.
By default the resource_value
requires an existing entry in the catalog. When you set allow_create
to true
, when the catalog doesn’t contain the resource, resource_value
wil create it.
To allow this, the resource must allow a creation with just the specfied parameter name.
Back to overview of resource_value
allow_redefine
Allow redefinition of the property value.
By default the resource_value
doesn’t allow you to override the value of a property. It just allows the aditional definition of a property not yet defined.
When you set allow_redefine
to true
, this is allowed.
WARNING This must be used with great care. It might unkowningly redefine a property value.
Back to overview of resource_value
creation_values
The defaults to use when creating a resource,
Back to overview of resource_value
disable_corrective_change
Disable the modification of a resource when Puppet decides it is a corrective change.
(requires easy_type V2.11.0 or higher)
When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.
Using the disable_corrective_change
parameter, you can disable corrective changes on the current resource.
Here is an example of this:
crucial_resource {'be_carefull':
...
disable_corrective_change => true,
...
}
When a corrective ensure does happen on the resource Puppet will not modify the resource and signal an error:
Error: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change
Error: /Stage[main]/Main/Crucial_resource[be_carefull]/parameter: change from '10' to '20' failed: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change. (corrective)
Back to overview of resource_value
disable_corrective_ensure
Disable the creation or removal of a resource when Puppet decides is a corrective change.
(requires easy_type V2.11.0 or higher)
When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.
Using the disable_corrective_ensure
parameter, you can disable corrective ensure present or ensure absent actions on the current resource.
Here is an example of this:
crucial_resource {'be_carefull':
ensure => 'present',
...
disable_corrective_ensure => true,
...
}
When a corrective ensure does happen on the resource Puppet will not create or remove the resource and signal an error:
Error: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure.
Error: /Stage[main]/Main/Crucial_resource[be_carefull]/ensure: change from 'absent' to 'present' failed: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure. (corrective)
Back to overview of resource_value
ensure_value
The value to use for ensuring presence.
Back to overview of resource_value
input_array_separator
The separator of a string to divide it into an array, when reading the data.
The add_value
and remove_value
only work on arrays. But what if it is not a Puppet regular array, but a string with a spearator. In that case specify the sperator here.
Back to overview of resource_value
name
The full qualified name of the resource value you want to set. The full qualified name contains:
- The type name (e.g. Host)
- The resource title (e.g. ‘myhost.example.com’)
- The property name (e.g. ‘host_aliases’)
When you want to work with array values, you can use the serial number
- The serial number (e.g. 1,2…etc)
Here is an example of a full qualified name:
propery_value { 'Host[myhost.example.com]host_aliases/1':
...
}
Back to overview of resource_value
output_array_separator
The separator of a string to divide it into an array when writing the data.
The add_value
and remove_value
only work on arrays. But what if it is not a Puppet regular array, but a string with a spearator. In that case specify the sperator here.
Back to overview of resource_value
property_name
The property of the resource you want to manage. It is the part after the ]
. In the next example:
propery_value { 'File[/tmp/a.a]owner':
...
}
owner
is the property name.
Back to overview of resource_value
provider
The specific backend to use for this resource_value
resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.Available providers are:
- simple
- Manage individual properties as a full resource
Back to overview of resource_value
remove_value
The value you want to remove an entry from the array resource property.
Here is an example on how to use this:
ora_user { 'USER@test':
ensure => 'present',
default_tablespace => 'USERS',
grants => ['ALTER SYSTEM', 'ALTER DATABASE', 'SELECT ANY DICTIONARY', 'CONNECT'],
}
Somewhere else in your manifest, you want to remove some of these grants. You can do this like this:
resource_value{'Ora_user[USER@test]grants/1':
remove_value => 'SELECT ANY DICTIONARY',
}
The remove_value
property also supports an array value:
resource_value{'Ora_user[USER@test]grants/more_grants':
remove_value => ['ALTER SESSION', 'CONNECT'],
}
Back to overview of resource_value
resource_title
The title of the resource you want to manage. It is the part between the [
and the ]
. In the next example:
propery_value { 'File[/tmp/a.a]owner':
...
}
/tmp/a.a
is the type name.
Back to overview of resource_value
resource_type
The name of the type you want to manage. It is the first part of the title. In the next example:
propery_value { 'File[/tmp/a.a]owner':
...
}
File
is the type name.
Back to overview of resource_value
unique
The unique maker of the resource you want to manage.
When using the add_value
or remove_value
use cases, you might want to create multiple resource_value
definitions on the same basic resource. Because Puppet mandates unique titles, we have added the possibility to add a unique maker to the end of the title. It has no other functional use than making the title unique. It is the last part of the title.
propery_array_value { 'Host[www.example.com]host_aliases/1':
...
}
In this example the number 1 is the number that makes the title unique. But it doesn’t have to be a number. It can also be a string.
propery_array_value { 'Host[www.example.com]host_aliases/add_extra':
...
}
Back to overview of resource_value
value
The actual value you want the resource property to be set to.
In the next example, you want to set the property owner
to the value root
for the file /tmp/a.a
.
propery_value { 'File[/tmp/a.a]owner':
value => 'root'
}
Back to overview of resource_value
warnings
Do emmit warnings when catalog items are changed.
When allow_redefine
is set to true
you may override a current value in the catalog. It will however emit an warning by default. When you don’t want the warning, you can suppress it by setting warning
to false
.
WARNING This must be used with great care. It might unkowningly redefine a property value, without you nowing about it.