Project

General

Profile

Actions

TemplateWriting » History » Revision 54

« Previous | Revision 54/110 (diff) | Next »
Stefan Lasiewski, 12/11/2013 11:44 PM
Normalize the remarks regarding safemode_render=false


Templates

The following functions and macros can be used within templates. These are guaranteed to work via the safemode rendering, to ensure a template can do nothing harmful. With safemode disabled other macros may work, but are not supported at this time.

To enable safemode, set "safemode_render" to "true" in Settings -> Foreman settings. Safemode rendering prevents templates from reading and writing files on the file system or modifying application data within foreman.

Accessing Templates

There are two ways to render a template, based on a single host, or based on a Hostgroup. The host or hostgroup provides all the details with which to render the template.

Host-based Rendering

Only a single template of each type may be rendered for a system. Foreman determines which template to use following these rules:

1. Only the templates of the appropriate kind and associated with the hosts operating system are considered
2. If a template has a hostgroup/environment combination that matches that of the host, use this template else
3. If a template is associated with the environment of the host, use this template, else
4. Use the first template found associated with the operating system associated with the host.

So essentially, the hostgroup/environment combination is used first, then just the environment, and finally just the operating system of the host.

To access a template of a certain type simply use this url:

/unattended/KIND_NAME

For example: /unattended/provision
would render the provisioning template. The host will be based on the IP Address it is accessed from. To spoof a template simply access the url in this manner:

/unattended/provision?spoof=192.168.0.1

where 192.168.0.1 is the ip address of the system you want to spoof. This allows you to view a template for a particular system from anywhere.

Hostgroup-based rendering

Allows any template to be rendered for any Hostgroup. When rendering using a hostgroup, @host is actually the hostgroup instead of a defined host. The default values for the hostgroup are used for templated values. This means if a value is not set in the hostgroup, you may get an error when rendering the template. To access a template using a Hostgroup to render, simply use this URL:

/unattended/template/Template Name/Hostgroup Name

For example, a hostgroup of name Finance, and a template named WebServerKickstart could be rendered using the url:

/unattended/template/WebServerKickstart/Finance

PXE Menus

Pxe Menus can be deployed to smart proxies from the Config Templates list page (/config_templates). All provision templates will be added with each of their hostgroup combinations(see above). For example if the template "WebServerKickstart" is associated to the Hostgroup1/Production, Hostgroup2/Production, and Hostgroup2/Testing combinations, the template would only be added twice. Once for WebServerKickstart-Hostgroup1 and WebServerKickstart-Hostgroup2.

Writing templates

Templates can be written using common ERB style templating. Here's an example on using a variable/function:

rootpw --iscrypted <%= root_pass %>

Using a simple conditional:

<%= "selinux --disabled\n" if @osver != 3 -%>
This would include a line to disable selinux if the operating system version is not 3 (since Selinux isn't supported on RHEL 3)

Another way to do conditional (with if/elsif/else):

<% if @osver == 5 -%>
 echo "uses yum" 
<% elsif @osver == 4 -%>
 echo "uses up2date
<% else -%>
 echo "I'm not sure" 
<% end -%>

Functions and macros:

Name Description Example
root_pass The root password configured for the system
ks_console A string assembled using the port and baud of the host which can be added to a kernel line ks_console => console=ttyS1,9600
snippet(name) Renders the specified snippet
foreman_url(kind) Provides the full URL to a host-rendered template of the given kind foreman_url("provision") => http://HOST/unattended/provision
@host.name The (full) name of the host
@host.shortname The (short) name of the host
@host.certname The SSL certificate name of the host
@host.domain The domain of the host
@host.ip The IP address of the host
@host.mac The HW address of the host
@host.diskLayout The disklayout of the host (could come from the operating system)
@host.puppetmaster The puppetmaster the host should use
@host.environment The environment the host should use
@host.architecture The arch of the host (i.e. x86_64)
@host.operatingsystem.name The operating system name
@host.operatingsystem.major The major version of the OS
@host.operatingsystem.minor The minor version of the OS
@host.operatingsystem.family The OS Family (I.e. redhat, debian, etc.)
@host.subnet.mask The subnet mask of the host
@host.subnet.gateway The gateway of the host
@host.subnet.dns_primary The primary DNS of the host
@host.subnet.dns_secondary The secondary DNS of the host
@host.url_for_boot(:kernel) Full url to the kernel associated with this host.
@host.url_for_boot(:initrd) Full url to the initrd image associated with this host
@host.sp_name The name of the BMC interface
@host.sp_ip The IP address of the BMC interface
@host.sp_mac The HW address of the BMC interface
@host.sp_subnet Subnet of the BMC network
@host.interfaces Contains an array of all available interfaces except primary (only works if safemode_render=false)
@host.interfaces.size Number of additional interfaces (either type interface or bmc) (only works if safemode_render=false) size=1 means a host has two interfaces
@host.interfaces.empty If true host has only one interface (only works if safemode_render=false) use in test to do something only if host has two or more interfaces

NOTE: For PXELinux templates in 0.4 or older only leave off the '@host.' from the above as it is currently generated slightly different from everything else.

NOTE: The interface array can be parse this way:

<% @host.interfaces.each do |i| %> key is <%= i.ip %> <% end %>

NOTE: Some variables can't be accessed while safemode is enabled. Disable via safemode_render in More > Settings, though be aware this enables arbitrary code to be added to templates. Some are being whitelisted via #2948.

Kickstart only variables (Only available for provision templates and "RedHat" Family operating systems):

Name Description Example
@osver The OS Major Version (Same as @host.operatingsystem.major)
@arch The architecture (same as @host.architecture.name)
@mediapath The full kickstart line to provide the url command. @mediapath => http://file.example.com/RHEL-5-Server/U5/x86_64/os/
@epel A command which will automatically install the correct version of the epel-release rpm. Use full in a %post script. @epel => "su -c 'rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm'"
@dynamic true if the parition table being used is a %pre script (has #Dynamic as the first line of the table) <% if @dynamic -%>

Preseed attributes (Only available for provision templates and "Debian" Family operating systems)::

Name Description Example
@preseed_path
@preseed_server

Host- or Hostgroup parameters

@host.params['parameter_name']

Hint: For Foreman older than 1.0 you have to disable Safemode-Rendering in More->Settings.

Compute Resource Specific functions

see Compute Resources

Settings

Setting.setting_name

You will need to disable Safemode-Rendering in More->Settings.

Updated by Stefan Lasiewski about 11 years ago · 110 revisions