You've got require lines in all four of these files; try removing all of those and letting Puppet's autoloading system try to load them.
If that doesn't work, then try doing it all manually in irb: irb > require 'puppet' > Puppet::Type.type(:firewall) # should return something etc. On Oct 4, 2009, at 10:43 PM, Matt Delves wrote: > >>>> On 5/10/2009 at 4:33 pm, in message > <[email protected]>, Luke Kanies > <[email protected]> wrote: > >> ruby -rpuppet <path/to/file.rb> >> > > Tried removing the require line and still no luck. I also ran it > with the line above and that produced no syntax errors. > >> If that doesn't work, can you resend the patch inline, rather than as >> an attachment? > > Here you go. > > diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/ > provider/firewall/iptables.rb > new file mode 100644 > index 0000000..d8e8ddb > --- /dev/null > +++ b/lib/puppet/provider/firewall/iptables.rb > @@ -0,0 +1,142 @@ > +require 'puppet/type/firewall' > + > +Puppet::Type.type(:firewall).provide(:iptables) do > + desc "Iptables firewall provider" > + commands :iptables => "iptables" > + commands :iptables_save => "iptables-save" > + > + # Set this provider to be the default for the following operating > systems > +# defaultfor :operatingsystem => [:redhat, :sles, :ubuntu] > + > + @@rulens = Array.new > + > + def create > + > + puts "create has been called" > + > + ipts = `which iptables`.strip > + if ipts.nil then > + `which /sbin/iptables`.strip > + end > + > + raise "iptables command not found" if ipts.nil > + > + `#{ipts} -A #{command_string}` > + > + end > + > + def destroy > + > + puts "destroy has been called" > + > + strme = command_string > + > + ipts = `which iptables`.strip > + if ipts.nil then > + `which /sbin/iptables`.strip > + end > + > + raise "iptables command not found" if ipts.nil > + > + `#{ipts} -D #{strme}` > + > + # remove from list of rules > + end > + > + def command_string(rule = @resource) > + strme = "" > + strme += rule[:chain].to_s > + strme += " -i " + rule[:i].to_s if rule[:i] > + strme += " -o " + rule[:o].to_s if rule[:o] > + strme += " -p " + rule[:p].to_s if rule[:p] > + strme += " -m state" if rule[:mstate] > + strme += " --state " + rule[:state].to_s if rule[:state] > + strme += " -m icmp" if rule[:micmp] > + strme += " --icmp-type " + rule[:icmp_type].to_s if > rule[:icmp_type] > + strme += " -m limit" if rule[:mlimit] > + strme += " --limit " + rule[:limit].to_s if rule[:limit] > + strme += " -j " + rule[:j].to_s if rule[:j] > + strme += " --log-prefix " + rule[:log_prefix].to_s if > rule[:log_prefix] > + strme += " --log-tcp-options " + rule[:log_tcp_options].to_s if > rule[:log_tcp_options] > + strme += " --log-ip-options " + rule[:log_ip_options].to_s if > rule[:log_ip_options] > + strme += " --reject-with " + rule[:reject_with].to_s if > rule[:reject_with] > + > + rule[:cmd] = strme.to_s > + puts "Generated command of " + strme.to_s > + strme.to_s > + end > + > + def exists? > + > + puts "Checking if a rule exists" > + > + populate if @@rulens.empty? > + command_string if @resource[:cmd].empty? > + > + @@rulens.each do |rule| > + # Check if the rule exists > + puts "Checking rule " + rule[:name].to_s + " against " + > @resource[:name].to_s > + return true if rule[:cmd].equal? @resource[:cmd] > + end > + > + return false > + > + end > + > + def populate > + ipts = `which iptables-save`.strip > + > + puts "Populating iptables from iptables-save" > + > + if ipts.empty? then > + ipts = `which /sbin/iptables-save`.strip > + end > + > + raise "iptables-save not found" unless !ipts.empty? > + > + `#{ipts}`.each do |rule| > + unless rule.index('#').eql? 0 or rule.index(':').eql? 0 or > rule.index('*').eql? 0 then > + # Use regex to obtain the chain and other rules > + exp = /(\-[A-Za-z\-]+\s)([\w\-\"\/]+\s?\"?)/ > + matches = rule.strip.scan(exp) > + > + if matches then > + > + # return create a new hash > + rulen = Puppet::Type.type(:firewall).new(:name => > rule.to_s) > + > + matches.each do |component| > + key = "" > + value = "" > + strme = component.to_s > + > + while strme.index(/\-/).eql? 0 do > + strme = strme[1,strme.length - 1] > + end > + > + # Split the string based upon the first occurance of /\s/ > + splitloc = strme.index(/\s/) > + > + key = strme[0, splitloc].strip > + value = strme[splitloc + 1, strme.length - 1] > + # Check if key is 'm' and change to key + value > + key = key + value.strip if key.to_s.eql? "m" > + key.gsub! "-", "_" > + key = "chain" if key.to_s.eql? "A" > + > + # Insert the value for the specific key > + rulen[key] = value.strip unless key.empty? or > value.empty? > + > + end > + > + # Store the rule in an array > + @@rulens << rulen > + end > + > + end > + > + end > + > + end > + > +end > diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb > new file mode 100644 > index 0000000..2f8d0b0 > --- /dev/null > +++ b/lib/puppet/type/firewall.rb > @@ -0,0 +1,159 @@ > +module Puppet > + > + newtype(:firewall) do > + @doc = "Define, manipulate, add and remove iptables rules" > + > + ensurable > + > + newparam(:name) do > + desc "The name of the resource" > + isnamevar > + end > + > + newparam(:chain) do > + desc "holds value of iptables -A parameter. > + Possible values are: 'INPUT', 'FORWARD', > 'OUTPUT', 'PREROUTING', 'POSTROUTING'. > + Default value is 'INPUT'" > + defaultto "" > + end > + > + newparam(:t) do > + desc "one of the following tables: 'nat', 'mangle', > + 'filter' and 'raw'. Default one is 'filter'" > + newvalues(:nat, :mangle, :filter, :raw) > + defaultto "filter" > + end > + > + newparam(:p) do > + desc "holds value of iptables --protocol parameter. > + Possible values are: 'tcp', 'udp', 'icmp', 'esp', > 'ah', 'vrrp', 'igmp', 'all'. > + Default value is 'all'" > + newvalues(:tcp, :udp, :icmp, :esp, :ah, :vrrp, :igmp, :all) > + defaultto :all > + end > + > + newparam(:j) do > + desc "holds value of iptables --jump target > + Possible values are: 'ACCEPT', 'DROP', 'REJECT', > 'DNAT', 'LOG'." > + defaultto "" > + end > + > + newparam(:source) do > + desc "value for iptables --source parameter" > + end > + > + newparam(:destination) do > + desc "value for iptables --destination parameter" > + end > + > + newparam(:sport) do > + desc "holds value of iptables [..] --source-port parameter. > + If array is specified, values will be passed to > multiport module. > + Only applies to tcp/udp." > + defaultto "" > + end > + > + newparam(:dport) do > + desc "holds value of iptables [..] --destination-port > parameter. > + If array is specified, values will be passed to > multiport module. > + Only applies to tcp/udp." > + defaultto "" > + end > + > + newparam(:i) do > + desc "value for iptables --in-interface parameter" > + end > + > + newparam(:o) do > + desc "value for iptables --out-interface parameter" > + end > + > + newparam(:to_dest) do > + desc "value for iptables '-j DNAT --to-destination' parameter" > + defaultto "" > + end > + > + newparam(:log_level) do > + desc "value for iptables '--log-level' parameter" > + defaultto "" > + end > + > + newparam(:log_prefix) do > + desc "value for iptables '--log-prefix' parameter" > + defaultto "" > + end > + > + newparam(:log_tcp_options) do > + desc "value for iptables '--log-tcp-options' parameter" > + defaultto "" > + end > + > + newparam(:log_ip_options) do > + desc "value for iptables '--log-ip-options' parameter" > + defaultto "" > + end > + > + newparam(:icmp_type) do > + desc "value for iptables '--icmp-type' parameter" > + defaultto "" > + end > + > + newparam(:mstate) do > + desc "value for iptables '-m state' parameter" > + defaultto "" > + end > + > + newparam(:micmp) do > + desc "value for iptables '-m icmp' parameter" > + defaultto "" > + end > + > + newparam(:mlimit) do > + desc "value for iptables '-m limit' parameter" > + defaultto "" > + end > + > + newparam(:mpkttype) do > + desc "value for iptables '-m pkttype' parameter" > + defaultto "" > + end > + > + newparam(:pkt_type) do > + desc "value for iptables '-m pkttype --pkt-type' parameter" > + defaultto "" > + end > + > + newparam(:mtcp) do > + desc "value for iptables '-m tcp' parameter" > + defaultto "" > + end > + > + newparam(:tcp_flags) do > + desc "value for iptables '-m tcp --tcp-flags' parameter" > + defaultto "" > + end > + > + newparam(:state) do > + desc "value for iptables '--state' parameter. > + Possible values are: 'INVALID', 'ESTABLISHED', > 'NEW', 'RELATED'." > + newvalues(:INVALID, :ESTABLISHED, :NEW, :RELATED) > + end > + > + newparam(:reject_with) do > + desc "value for iptables '--reject-with' parameter" > + defaultto "" > + end > + > + newparam(:limit) do > + desc "value for iptables '--limit' parameter" > + defaultto "" > + end > + > + newparam(:cmd) do > + desc "The command line value for the iptables parameter" > + defaultto "" > + end > + > + end > + > +end > diff --git a/spec/unit/provider/firewall/iptables.rb b/spec/unit/ > provider/firewall/iptables.rb > new file mode 100755 > index 0000000..57fd98b > --- /dev/null > +++ b/spec/unit/provider/firewall/iptables.rb > @@ -0,0 +1,34 @@ > +#!/usr/bin/env ruby > + > +require File.dirname(__FILE__) + '/../../../spec_helper' > + > +require 'puppet/provider/firewall/iptables' > + > +provider = Puppet::Type.type(:firewall).provide(:iptables) > + > +describe provider do > + > + before :each do > + @prov = provider.new > + end > + > + it "should have the puppet provider class as its baseclass" do > + provider.superclass.should equal Puppet::Provider > + end > + > + it 'should know how to populate known rules' do > + @prov.should respond_to :populate > + end > + > + it 'should ensure the absense of a specified simple rule' do > + rule = Puppet::Type.type(:firewall).new( > + :name => "INPUT -m state --sate ESTABLISHED -j ACCEPT", > + :ensure => "absent", > + :chain => "INPUT", > + :mstate => "sate", > + :state => "ESTABLISHED", > + :j => "ACCEPT", > + :provider => "iptables") > + end > + > +end > diff --git a/spec/unit/type/firewall.rb b/spec/unit/type/firewall.rb > new file mode 100755 > index 0000000..ce708f2 > --- /dev/null > +++ b/spec/unit/type/firewall.rb > @@ -0,0 +1,24 @@ > +#!/usr/bin/env ruby > + > +require File.dirname(__FILE__) + '/../../spec_helper' > +require 'puppet/type/firewall' > +require 'puppet/provider/firewall/iptables' > + > +describe Puppet::Type.type(:firewall) do > + > + it "should ensure presense of specified simple route" do > + rule = Puppet::Type.type(:firewall).new( > + :name => "INPUT -m state --sate ESTABLISHED -j ACCEPT", > + :ensure => "present", > + :chain => "INPUT", > + :mstate => "sate", > + :state => "ESTABLISHED", > + :j => "ACCEPT", > + :provider => "iptables") > + end > + > + it "should ensure absense of specified simple route" do > + > + end > + > +end > > > > > -- My favorite was a professor at a University I Used To Be Associated With who claimed that our requirement of a non-alphabetic character in our passwords was an abridgement of his freedom of speech. -- Jacob Haller --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
