Puppet Community

I'm very close with:

`foo:`  
  `'clear_cache':`
    `command: "epp('puppet_nfii/sssd_join.epp'), { admin_password: %{lookup('admin_password')}, admin_name: %{lookup('admin_name')} }"` 
    `timeout: 60`
    `tries: 2`
    `notify:`
      `- Exec[clear_cache]`
      `- Service[sssd]`

But I think I've just reproduced a string, not a resource.

if it 's in a module called sssd, and admin_name, admin_password, and computers_ou are parameters to sssd, then you can skip the lookup and just reference the variables

because hiera Automatic Parameter Lookup will take care of it

but I don't entirely make resources into hiera ever

I'm using sgnl05-sssd module; there aren't any admin/password parameters so I have to use lookup to populate my EPP file.

See the `sgnl05-sssd` module at <https://forge.puppet.com/sgnl05/sssd?src=slack&amp;channel=puppet>

this is exactly what profiles are for :slightly_smiling_face:

<https://www.puppet.com/docs/puppet/7/the_roles_and_profiles_method.html>

I've got hiera separated into RedHat and OraclLinux hierarchies so in my RedHat.yaml file, I wanted to create the exec resource rather than "if os = redhat then &lt;build this&gt;, else &lt;build that&gt;"

Perhaps I'm using roles and profiles wrong but I've got almost everything in hiera.

yea, you can still do that, but it will be much less complex if you can have a real exec resource and APL

profile::sssd could have all the variables you need in addition to the sssd standard ones

and then you can just have the exec using profile_sssd::admin_password etc

I'll see if I can make that happen.  Thanks for the help.

I have a strong opinion that putting resource definitions into Hiera is anti-pattern.. though I know there is a lot of ppl who uses it and they are happy with it.