Puppet get content from symlink file

Question

Is it possible to get content of symlink on file?

I can create the file with content in case if fullchain.pem isn't the symlink.

My configuration for fileserver

[shared_files]
    path /etc/puppetlabs/shared_files
    allow *

Then I try to pass content to another server

file { '/etc/ssl/fullchain.pem':
    ensure => file,
    mode => '0664',
    owner => 'root',
    group => 'root',
    links => follow,
    source_permissions => ignore,
    source => "puppet:///shared_files/fullchain.pem",
  }

Thank in advance

Answer 1

I think you're asking about what effect the given file resource has if /etc/puppetlabs/shared_files/fullchain.pem is a symbolic link on the master. The basic answer is that Puppet's built-in fileserver follows symbolic links. This is not clearly documented in the places you might be likely to look, but the documentation for the fileserver configuration file says so clearly in the following warning:

CAUTION: Always restrict write access to mounted directories. The file server follows any symlinks in a file server mount, including links to files that agent nodes should not access (like SSL keys). When following symlinks, the file server can access any files readable by Puppet Server’s user account.

Note that this has nothing to do with the links parameter of the File resource. That affects what Puppet does when the specified path on the target node identifies a symbolic link. Specifically, if links is set to follow, as in your example, and the local path identifies a symlink, then Puppet will manage the file to which the link points. Otherwise (if links is set to manage, the default) the specified path itself is always the one managed. In that case, if the path initially identified a symlink, then Puppet would replace it with a regular file (supposing the example is otherwise unmodified).