0

我在 Puppet 中声明了以下资源define。有一些参数以auth_*该控制身份验证开头。我希望能够根据布尔变量 ie 的值传递该参数块,或者不传递它们$use_authentication

似乎一个if语句在这里不起作用,我认为“选择器”也不会这样做。Felix Frank 在非常密切相关的问题“在 puppet 中定义条件”中有一个非常有用的答案,但我认为该策略不会在这里起作用,因为需要省略的参数嵌套了两层深。

apache::vhost { "$name-non-ssl":
    servername => $vhost_name,
    docroot => $document_root,
    port => 80,

    access_log_file => 'access.log',
    access_log_format => 'vhost_common',
    error_log_file => 'error.log',

    directories => [
         {path => $document_root,
          auth_type => 'Basic',
          auth_name => "$name",
          auth_user_file => '/somefile.pwd',
          auth_require => 'valid-user',
          rewrites => [
              {
                  comment => "rule1",
                  rewrite_base => "/",
                  rewrite_rule => ['^index\.html$ - [L]']
              },
              {
                  comment => "rule2",
                  rewrite_cond => ['%{REQUEST_FILENAME} !-f', '%{REQUEST_FILENAME} !-d'],
                  rewrite_rule => ['. /index.html [L]']
              }
          ]}
    ],
}

以下给出了语法错误:Syntax error at 'if'; expected '}'

apache::vhost { "$name-non-ssl":
    ... same as previous ...
    directories => [
         {path => $document_root,

          if $use_authentication {
              auth_type => 'Basic',
              auth_name => "$name",
              auth_user_file => '/somefile.pwd',
              auth_require => 'valid-user',
          }

          rewrites => [
              ...same as before...
          ]}
    ],
}
4

1 回答 1

2

这很难处理,因为您希望在散列中动态填充一些键/值对,散列是作为参数值的数组的元素。

选项 1:在资源声明之外构建散列

$auth_settings = {
     auth_type => 'Basic',
     auth_name => "$name",
     auth_user_file => '/somefile.pwd',
     auth_require => 'valid-user',
}
$base_dir1 = {path => $document_root,
      rewrites => [
          {
              comment => "rule1",
              rewrite_base => "/",
              rewrite_rule => ['^index\.html$ - [L]']
          },
          {
              comment => "rule2",
              rewrite_cond => ['%{REQUEST_FILENAME} !-f', '%{REQUEST_FILENAME} !-d'],
              rewrite_rule => ['. /index.html [L]']
          }
      ]
}
if $use_authentication {
    $real_dir1 = merge($base_dir1, $auth_settings)
}
else {
    $real_dir1 = $base_dir1
}

apache::vhost { "$name-non-ssl":
    servername => $vhost_name,
    docroot => $document_root,
    port => 80,
    access_log_file => 'access.log',
    access_log_format => 'vhost_common',
    error_log_file => 'error.log',
    directories => [ $real_dir1 ],
}

当然,它对变量有点疯狂。

选项 2:创建自定义函数

编写一个函数,接受$base_dir1上面的内容和 的布尔值$use_authentication,并在适当的情况下返回合并的哈希。

apache::vhost { "$name-non-ssl":
    servername => $vhost_name,
    docroot => $document_root,
    port => 80,

    access_log_file => 'access.log',
    access_log_format => 'vhost_common',
    error_log_file => 'error.log',

    directories => [ add_auth($use_authentication, { ... }) ],
}

选项 3:内联

您可以在资源声明中漫不经心地进行合并。使用选择器来决定要合并的内容。可读性与这个无关。

apache::vhost { "$name-non-ssl":
    servername => $vhost_name,
    docroot => $document_root,
    port => 80,

    access_log_file => 'access.log',
    access_log_format => 'vhost_common',
    error_log_file => 'error.log',

    directories => [ merge({path => $document_root,
      rewrites => [
          {
              comment => "rule1",
              rewrite_base => "/",
              rewrite_rule => ['^index\.html$ - [L]']
          },
          {
              comment => "rule2",
              rewrite_cond => ['%{REQUEST_FILENAME} !-f', '%{REQUEST_FILENAME} !-d'],
              rewrite_rule => ['. /index.html [L]']
          }
      ]
    }, $use_authentication ? {
         true => {
             auth_type => 'Basic',
             auth_name => "$name",
             auth_user_file => '/somefile.pwd',
             auth_require => 'valid-user',
         },
         default => {}
       }
     )
   ],
}

我没有费心去测试这个怪物。甚至不确定牙套是否对齐。

您可能会在 (1) 和 (3) 之间做出妥协,但请倾向于前者。

于 2016-11-24T11:32:03.723 回答