Metaconfig
How to use ncm-metaconfig : complete example
The official documentation can be found here.
Here is an example ready to be included into a machine profile for test purposes :
# first, you need to deploy the tt file on the machine # (the standard way is to include tt files in the the ncm-metaconfig rpm....) variable CONTENTS = <<EOF; name = { [% FILTER indent -%] hosts = [% hosts.join(',') %] port = [% port %] master = [% master ? "TRUE" : "FALSE" %] description = "[% description %]" [% IF option.defined -%] option = "[% option %]" [% END -%] [% END -%] } EOF '/software/components/filecopy/services' = npush( escape('/usr/share/templates/quattor/metaconfig/example/main.tt'), nlist('config', CONTENTS, 'perms', '0644') ); # below, the real metaconfig work include 'components/metaconfig/config'; include 'metaconfig/example/config'; prefix '/software/components/metaconfig/services/{/etc/example/exampled.conf}/contents'; 'hosts' = list('server1', 'server3'); 'port' = 800; 'master' = false; 'description' = 'My example'; # the tt file must be created before ncm-metaconfig runs '/software/components/metaconfig/dependencies/pre' = push('filecopy');
For this example to work, you need a directory metaconfig/example in your site, with the following content :
- config.pan :
unique template metaconfig/example/config; include {'metaconfig/example/schema'}; bind "/software/components/metaconfig/services/{/etc/example/exampled.conf}/contents" = example_service; prefix "/software/components/metaconfig/services/{/etc/example/exampled.conf}"; "daemon" = list("exampled"); "module" = "example/main";
- schema.pan :
declaration template metaconfig/example/schema; include { 'pan/types' }; type example_service = { 'hosts' : type_hostname[] 'port' : type_port 'master' : boolean 'description' : string 'option' ? string };
Configure a INI-like file with metaconfig: example
A pan template like this (sites/iihe-production/config/fail2ban/ssh.pan)
include 'components/metaconfig/config'; prefix '/software/components/metaconfig/services/{/etc/fail2ban/jail.d/ssh.conf}'; 'mode' = 0644; 'owner' = 'root'; 'group' = 'root'; 'module' = 'tiny'; prefix '/software/components/metaconfig/services/{/etc/fail2ban/jail.d/ssh.conf}/contents'; 'ssh-iptables/enabled' = 'true'; 'ssh-iptables/filter' = 'sshd'; 'ssh-iptables/action' = 'iptables[name=SSH, port=ssh, protocol=tcp]'; 'ssh-iptables/logpath' = '/var/log/secure'; 'ssh-iptables/maxretry' = '5'; 'ssh-iptables/findtime' = '1800';
will give :
[ssh-iptables] action=iptables[name=SSH, port=ssh, protocol=tcp] enabled=true filter=sshd findtime=1800 logpath=/var/log/secure maxretry=5