Automating Shibboleth-Idp Builds: Using Stages

| 0 Comments | 0 TrackBacks

I’m very new to Puppet and learn something new about it every day. The most handy thing I’ve learned lately is how to use stages. 


Stages are a meta parameter in Puppet that allows you to encapsulate a set of resources together to be run against a host in a particular order. This is critical when building a Shibboleth IDP since the software needs to be prepared and built in a very particular way. 


class shibboleth-idp-build {
        stage { "pre": before => Stage["main"]}
        stage { "prep": require => Stage["pre"]}
        stage { "deploy": require => Stage["prep"]}
        stage { "install": require => Stage["deploy"]}
        stage { "configure": require => Stage["install"]}
}

In this example I define five stages that I use to separate chunks of puppet code which describe how to build a Shibboleth Identity Provider. By themselves, these mean nothing.


To use them, I create five classes and place all of my resources in them. When it’s time to assign a node to the Shibboleth IDP classes, I specify the class/stage relationships in my node file like this:


node "example.machine.com" {
include shibboleth-idp-build
# place classes in their stages
        class { "shibboleth-idp-pre": stage => pre }
        class { "shibboleth-idp-prep": stage => prep }
        class { "shibboleth-idp-deploy": stage => deploy }
        class { "shibboleth-idp-install": stage => install }
        class { "shibboleth-idp-configure": stage => configure }
}

To define the node, I include the build class which defines my stages, and explain which class belongs to which stage. When puppet builds the machine, it will run the catalog for each class in order of the stages I’ve outlined in the shibboleth-idp-build class.

No TrackBacks

TrackBack URL: https://blogs.psu.edu/mt4/mt-tb.cgi/189517

Leave a comment

Click here to subscribe to this post.
We are processing your request. If you don't see any confirmation within 30 seconds, please reload your page.

Search This Blog

Full Text  Tag

Recent Entries

(Trying to) Use MCX with Active Directory
I'm working with an Active Directory that has been extended for MCX and utilizes an external Kerberos realm for authentication…
Automating Shibboleth-Idp Builds: Using Stages
I’m very new to Puppet and learn something new about it every day. The most handy thing I’ve learned lately…
Automating Shibboleth-Idp Builds
Penn State runs software called Shibboleth as part of the InCommon Federation to enable federated identity management for a number…