TemplateWriting » History » Revision 54
« Previous |
Revision 54/110
(diff)
| Next »
Stefan Lasiewski, 12/11/2013 11:44 PM
Normalize the remarks regarding safemode_render=false
- Table of contents
- Templates
Templates¶
The following functions and macros can be used within templates. These are guaranteed to work via the safemode rendering, to ensure a template can do nothing harmful. With safemode disabled other macros may work, but are not supported at this time.
To enable safemode, set "safemode_render" to "true" in Settings -> Foreman settings. Safemode rendering prevents templates from reading and writing files on the file system or modifying application data within foreman.
Accessing Templates¶
There are two ways to render a template, based on a single host, or based on a Hostgroup. The host or hostgroup provides all the details with which to render the template.
Host-based Rendering¶
Only a single template of each type may be rendered for a system. Foreman determines which template to use following these rules:
1. Only the templates of the appropriate kind and associated with the hosts operating system are considered
2. If a template has a hostgroup/environment combination that matches that of the host, use this template else
3. If a template is associated with the environment of the host, use this template, else
4. Use the first template found associated with the operating system associated with the host.
So essentially, the hostgroup/environment combination is used first, then just the environment, and finally just the operating system of the host.
To access a template of a certain type simply use this url:
/unattended/KIND_NAME
For example: /unattended/provision
would render the provisioning template. The host will be based on the IP Address it is accessed from. To spoof a template simply access the url in this manner:
/unattended/provision?spoof=192.168.0.1
where 192.168.0.1 is the ip address of the system you want to spoof. This allows you to view a template for a particular system from anywhere.
Hostgroup-based rendering¶
Allows any template to be rendered for any Hostgroup. When rendering using a hostgroup, @host is actually the hostgroup instead of a defined host. The default values for the hostgroup are used for templated values. This means if a value is not set in the hostgroup, you may get an error when rendering the template. To access a template using a Hostgroup to render, simply use this URL:
/unattended/template/Template Name/Hostgroup Name
For example, a hostgroup of name Finance, and a template named WebServerKickstart could be rendered using the url:
/unattended/template/WebServerKickstart/Finance
PXE Menus¶
Pxe Menus can be deployed to smart proxies from the Config Templates list page (/config_templates). All provision templates will be added with each of their hostgroup combinations(see above). For example if the template "WebServerKickstart" is associated to the Hostgroup1/Production, Hostgroup2/Production, and Hostgroup2/Testing combinations, the template would only be added twice. Once for WebServerKickstart-Hostgroup1 and WebServerKickstart-Hostgroup2.
Writing templates¶
Templates can be written using common ERB style templating. Here's an example on using a variable/function:
rootpw --iscrypted <%= root_pass %>
Using a simple conditional:
<%= "selinux --disabled\n" if @osver != 3 -%>
This would include a line to disable selinux if the operating system version is not 3 (since Selinux isn't supported on RHEL 3)
Another way to do conditional (with if/elsif/else):
<% if @osver == 5 -%> echo "uses yum" <% elsif @osver == 4 -%> echo "uses up2date <% else -%> echo "I'm not sure" <% end -%>
Functions and macros:¶
Name | Description | Example |
---|---|---|
root_pass | The root password configured for the system | |
ks_console | A string assembled using the port and baud of the host which can be added to a kernel line | ks_console => console=ttyS1,9600 |
snippet(name) | Renders the specified snippet | |
foreman_url(kind) | Provides the full URL to a host-rendered template of the given kind | foreman_url("provision") => http://HOST/unattended/provision |
@host.name | The (full) name of the host | |
@host.shortname | The (short) name of the host | |
@host.certname | The SSL certificate name of the host | |
@host.domain | The domain of the host | |
@host.ip | The IP address of the host | |
@host.mac | The HW address of the host | |
@host.diskLayout | The disklayout of the host (could come from the operating system) | |
@host.puppetmaster | The puppetmaster the host should use | |
@host.environment | The environment the host should use | |
@host.architecture | The arch of the host (i.e. x86_64) | |
@host.operatingsystem.name | The operating system name | |
@host.operatingsystem.major | The major version of the OS | |
@host.operatingsystem.minor | The minor version of the OS | |
@host.operatingsystem.family | The OS Family (I.e. redhat, debian, etc.) | |
@host.subnet.mask | The subnet mask of the host | |
@host.subnet.gateway | The gateway of the host | |
@host.subnet.dns_primary | The primary DNS of the host | |
@host.subnet.dns_secondary | The secondary DNS of the host | |
@host.url_for_boot(:kernel) | Full url to the kernel associated with this host. | |
@host.url_for_boot(:initrd) | Full url to the initrd image associated with this host | |
@host.sp_name | The name of the BMC interface | |
@host.sp_ip | The IP address of the BMC interface | |
@host.sp_mac | The HW address of the BMC interface | |
@host.sp_subnet | Subnet of the BMC network | |
@host.interfaces | Contains an array of all available interfaces except primary (only works if safemode_render=false) | |
@host.interfaces.size | Number of additional interfaces (either type interface or bmc) (only works if safemode_render=false) | size=1 means a host has two interfaces |
@host.interfaces.empty | If true host has only one interface (only works if safemode_render=false) | use !@host.interfaces.empty in test to do something only if host has two or more interfaces |
NOTE: For PXELinux templates in 0.4 or older only leave off the '@host.' from the above as it is currently generated slightly different from everything else.
NOTE: The interface array can be parse this way:
<% @host.interfaces.each do |i| %> key is <%= i.ip %> <% end %>
NOTE: Some variables can't be accessed while safemode is enabled. Disable via safemode_render in More > Settings, though be aware this enables arbitrary code to be added to templates. Some are being whitelisted via #2948.
Kickstart only variables (Only available for provision templates and "RedHat" Family operating systems):¶
Name | Description | Example |
---|---|---|
@osver | The OS Major Version (Same as @host.operatingsystem.major) | |
@arch | The architecture (same as @host.architecture.name) | |
@mediapath | The full kickstart line to provide the url command. | @mediapath => http://file.example.com/RHEL-5-Server/U5/x86_64/os/ |
@epel | A command which will automatically install the correct version of the epel-release rpm. Use full in a %post script. | @epel => "su -c 'rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm'" |
@dynamic | true if the parition table being used is a %pre script (has #Dynamic as the first line of the table) | <% if @dynamic -%> |
Preseed attributes (Only available for provision templates and "Debian" Family operating systems)::¶
Name | Description | Example |
---|---|---|
@preseed_path | ||
@preseed_server |
Host- or Hostgroup parameters¶
@host.params['parameter_name']
Hint: For Foreman older than 1.0 you have to disable Safemode-Rendering in More->Settings.
Compute Resource Specific functions¶
Settings¶
Setting.setting_name
You will need to disable Safemode-Rendering in More->Settings.
Updated by Stefan Lasiewski about 11 years ago · 110 revisions