Project

General

Profile

Actions

TemplateWriting » History » Revision 61

« Previous | Revision 61/110 (diff) | Next »
Dominic Cleal, 01/23/2014 11:09 PM
safemode


Templates

The following functions and macros can be used within templates. These are guaranteed to work via the safemode rendering, to ensure a template can do nothing harmful. With safemode disabled other macros may work, but are not supported at this time.

To enable safemode, set "safemode_render" to "true" in Settings -> Foreman settings. Safemode rendering prevents templates from reading and writing files on the file system or modifying application data within foreman.

Accessing Templates

There are two ways to render a template, based on a single host, or based on a Hostgroup. The host or hostgroup provides all the details with which to render the template.

Host-based Rendering

Only a single template of each type may be rendered for a system. Foreman determines which template to use following these rules:

1. Only the templates of the appropriate kind and associated with the hosts operating system are considered
2. If a template has a hostgroup/environment combination that matches that of the host, use this template else
3. If a template is associated with the environment of the host, use this template, else
4. Use the first template found associated with the operating system associated with the host.

So essentially, the hostgroup/environment combination is used first, then just the environment, and finally just the operating system of the host.

To access a template of a certain type simply use this url:

/unattended/KIND_NAME

For example: /unattended/provision
would render the provisioning template. The host will be based on the IP Address it is accessed from. To spoof a template simply access the url in this manner:

/unattended/provision?spoof=192.168.0.1

where 192.168.0.1 is the ip address of the system you want to spoof. This allows you to view a template for a particular system from anywhere.

Hostgroup-based rendering

Allows any template to be rendered for any Hostgroup. When rendering using a hostgroup, @host is actually the hostgroup instead of a defined host. The default values for the hostgroup are used for templated values. This means if a value is not set in the hostgroup, you may get an error when rendering the template. To access a template using a Hostgroup to render, simply use this URL:

/unattended/template/Template Name/Hostgroup Name

For example, a hostgroup of name Finance, and a template named WebServerKickstart could be rendered using the url:

/unattended/template/WebServerKickstart/Finance

PXE Menus

Pxe Menus can be deployed to smart proxies from the Config Templates list page (/config_templates). All provision templates will be added with each of their hostgroup combinations(see above). For example if the template "WebServerKickstart" is associated to the Hostgroup1/Production, Hostgroup2/Production, and Hostgroup2/Testing combinations, the template would only be added twice. Once for WebServerKickstart-Hostgroup1 and WebServerKickstart-Hostgroup2.

Writing templates

Templates can be written using common ERB style templating. Here's an example on using a variable/function:

rootpw --iscrypted <%= root_pass %>

Using a simple conditional:

<%= "selinux --disabled\n" if @osver != 3 -%>
This would include a line to disable selinux if the operating system version is not 3 (since Selinux isn't supported on RHEL 3)

Another way to do conditional (with if/elsif/else):

<% if @osver == 5 -%>
 echo "uses yum" 
<% elsif @osver == 4 -%>
 echo "uses up2date
<% else -%>
 echo "I'm not sure" 
<% end -%>

Functions and macros:

Name Description Example
root_pass The root password configured for the system
ks_console A string assembled using the port and baud of the host which can be added to a kernel line ks_console => console=ttyS1,9600
snippet(name) Renders the specified snippet
foreman_url(kind) Provides the full URL to a host-rendered template of the given kind foreman_url("provision") => http://HOST/unattended/provision
@host.name The (full) name of the host
@host.shortname The (short) name of the host
@host.certname The SSL certificate name of the host
@host.domain The domain of the host
@host.ip The IP address of the host
@host.mac The HW address of the host
@host.diskLayout The disklayout of the host (could come from the operating system)
@host.puppetmaster The puppetmaster the host should use
@host.environment The environment the host should use
@host.location The location of the host
@host.architecture The arch of the host (i.e. x86_64)
@host.operatingsystem.name The operating system name
@host.operatingsystem.major The major version of the OS
@host.operatingsystem.minor The minor version of the OS
@host.operatingsystem.family The OS Family (I.e. redhat, debian, etc.)
@host.subnet.mask The subnet mask of the host
@host.subnet.gateway The gateway of the host
@host.subnet.dns_primary The primary DNS of the host
@host.subnet.dns_secondary The secondary DNS of the host
@host.subnet.dhcp Boolean that render true if a dhcp proxy is configured for this host <% if @host.subnet.dhcp >...< else >...< end %>
@host.url_for_boot(:kernel) Full url to the kernel associated with this host.
@host.url_for_boot(:initrd) Full url to the initrd image associated with this host
@host.sp_name The name of the BMC interface
@host.sp_ip The IP address of the BMC interface
@host.sp_mac The HW address of the BMC interface
@host.sp_subnet Subnet of the BMC network
@host.interfaces Contains an array of all available secondary and BMC interfaces except primary (only works if safemode_render=false)
@host.interfaces.managed Limit the array to managed (non-BMC) interfaces only (only works if safemode_render=false)
@host.interfaces.bmc Limit the array to BMC (non-managed) interfaces only (only works if safemode_render=false)
@host.interfaces.size Number of additional interfaces (either type interface or bmc) (only works if safemode_render=false) size=1 means a host has two interfaces
@host.interfaces.empty If true host has only one interface (only works if safemode_render=false) use in test to do something only if host has two or more interfaces
@host.facts_hash Contains a hash of facts from Facter/Ohai etc. (only works if safemode_render=false)
@host.facts_hash['ipaddress'] Accessing the 'ipaddress' fact for the host (only works if safemode_render=false)
@static Boolean value to determine if the network configuration is static or dynamic Use <%= @static ? "static" : "dynamic" %> in templates

NOTE: For PXELinux templates in 0.4 or older only leave off the '@host.' from the above as it is currently generated slightly different from everything else.

NOTE: The interface array can be parsed this way:

<% @host.interfaces.each do |i| %> key is <%= i.ip %> <% end %>
. To print information for the first interface in the array, try something like:
<% myinterface = @host.interfaces.first %> IP: <%= myinterface.ip %> Netmask: <%= myinterface.subnet.mask %> Gateway: <%= myinterface.subnet.gateway %>

NOTE: Some variables can't be accessed while safemode is enabled. Disable via safemode_render in More > Settings, though be aware this enables arbitrary code to be added to templates. Some are being whitelisted via #2948.

NOTE: You may need to add "?static=yes" to the foreman_url to use the @static parameter in templates.

Kickstart only variables (Only available for provision templates and "RedHat" Family operating systems):

Name Description Example
@osver The OS Major Version (Same as @host.operatingsystem.major)
@arch The architecture (same as @host.architecture.name)
@mediapath The full kickstart line to provide the url command. @mediapath => http://file.example.com/RHEL-5-Server/U5/x86_64/os/
@epel A command which will automatically install the correct version of the epel-release rpm. Use full in a %post script. @epel => "su -c 'rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm'"
@dynamic true if the parition table being used is a %pre script (has #Dynamic as the first line of the table) <% if @dynamic -%>

Preseed attributes (Only available for provision templates and "Debian" Family operating systems)::

Name Description Example
@preseed_path
@preseed_server

Host- or Hostgroup parameters

@host.params['parameter_name']

Hint: For Foreman older than 1.0 you have to disable Safemode-Rendering in More->Settings.

Compute Resource Specific functions

see Compute Resources

Settings

Setting.setting_name

You will need to disable Safemode-Rendering in More->Settings.

Updated by Dominic Cleal almost 11 years ago · 110 revisions