On Fri, Jun 17, 2011 at 06:18:16PM +0100, Ken Barber wrote:
> So:
>
> name: unxslet01.ucop.edu
> parameters:
> fw_tcp_ports: 22 9080 3000
> classes:
> - firewall_wrapper
> - common::suse
> - firewall
>
> Is including both 'firewall' and 'firewall_wrapper'. But I think you
> are hitting non-deterministic ordering here ... you only really want
> to include 'firewall_wrapper' and have that pull in 'firewall'.
> Otherwise, you may pull in 'firewall' too early, which would apply its
> default settings.
Hi Ken,
I got it to work! Whew. But not by removing 'firewall'. I
actually need to include this class in my testing, because it gets
included by default on all nodes as part of my 'common::suse' class.
The problem was that puppet agent was not even using the correct
class list for some mysterious and buggy reason. My external_node
command returns the correct class list as you have above, but when I
looked carefully at the puppet output (sleep helped here) I saw that
the agent was not even hitting class 'firewall_wrapper' but a
different testing class called 'firewall_extras':
unxslet01:/var/lib/puppet # puppet agent -t
info: Retrieving plugin
info: Loading facts in adinfo
info: Loading facts in adinfo
info: Caching catalog for unxslet01.ucop.edu
info: Applying configuration version '1308273896'
notice: 22 9080 3000
notice: /Stage[main]/Firewall_extras/Notify[msg]/message: defined 'message' as
'22 9080 3000'
notice: 22
notice:
/Stage[main]/Firewall/Firewall::Firewall_conf[default]/Notify[msg1]/message:
defined 'message' as '22'
notice: Finished catalog run in 8.59 seconds
I could not figure out why. I tried removing the cached catalog and
restating puppet agent, but still the wrong class was used. Only
after I deleted the 'firewall_extras' class from my manifest entirly
did agent use the configured class:
unxslet01:/var/lib/puppet # puppet agent -t
info: Retrieving plugin
info: Loading facts in adinfo
info: Loading facts in adinfo
info: Caching catalog for unxslet01.ucop.edu
info: Applying configuration version '1308331369'
notice: 22 9080 3000
notice:
/Stage[main]/Firewall/Firewall::Firewall_conf[default]/Notify[msg1]/message:
defined 'message' as '22 9080 3000'
notice: 22 9080 3000
notice: /Stage[main]/Firewall_override/Notify[msg0]/message: defined 'message'
as '22 9080 3000'
notice: Finished catalog run in 6.80 seconds
I was not able to reproduce this bug.
>
> So drop 'firewall' from your classes in dashboard and you may find it
> does the correct thing ...
>
> FYI, this works for me:
>
> kbarber:tmp ken$ puppet --version
> 2.6.8
> kbarber:tmp ken$ cat inherits.pp
> class firewall {
> define firewall_conf ($fw_services_ext_tcp = "22") {
> notify { "msg1": message => $fw_services_ext_tcp, }
> }
> firewall_conf {"default": }
> }
>
> class firewall_override ( $tcp_ports ) inherits firewall {
> Firewall::Firewall_conf["default"] {
> fw_services_ext_tcp => $tcp_ports,
> }
> notify { "msg0": message => $tcp_ports, }
> }
>
> class firewall_wrapper {
> class { "firewall_override": tcp_ports => $::fw_tcp_ports, }
> }
>
> $fw_tcp_ports = "22 100 2323"
> include firewall_wrapper
> kbarber:tmp ken$ puppet apply -v inherits.pp
> info: Applying configuration version '1308330991'
> notice: 22 100 2323
> notice:
> /Stage[main]/Firewall/Firewall::Firewall_conf[default]/Notify[msg1]/message:
> defined 'message' as '22 100 2323'
> notice: 22 100 2323
> notice: /Stage[main]/Firewall_override/Notify[msg0]/message: defined
> 'message' as '22 100 2323'
> notice: Finished catalog run in 0.01 seconds
> kbarber:tmp ken$
>
> ken.
>
> On Fri, Jun 17, 2011 at 2:56 AM, Ashley Gould <ago...@ucop.edu> wrote:
> > On Wed, Jun 15, 2011 at 07:48:50PM -0700, Ashley Gould wrote:
> >>
> >> On Wed, Jun 15, 2011 at 06:13:52PM +0100, Ken Barber wrote:
> >> > Certainly works for me in a simplified example ... can you simplify
> >> > your example so it just does a notify?
> >> >
> >> > class firewall_extras (
> >> > $services = undef,
> >> > ) {
> >> > notify { "msg": message => $services }
> >> > }
> >> >
> >> > class myfirewall {
> >> > class { "firewall_extras": services => $::firewall_services }
> >> > }
> >> >
> >
> >
> > Ok, I did finally get a basic parameterized class to work from
> > dashboard ENC:
> >
> > class firewall_extras($tcp_ports) {
> > notify { "msg": message => $tcp_ports, }
> > }
> >
> > class firewall_wrapper {
> > class { "firewall_extras": tcp_ports => $::fw_tcp_ports, }
> > }
> >
> > ---
> >
> > agould@pmlab02-vhost:/data/puppet/production>
> > /usr/share/puppet-dashboard/bin/external_node unxslet01.ucop.edu
> > ---
> > name: unxslet01.ucop.edu
> > parameters:
> > fw_tcp_ports: 22 9080 3000
> > classes:
> > - firewall_wrapper
> > - common::suse
> >
> > unxslet01:~ # puppet agent -t
> > info: Retrieving plugin
> > info: Loading facts in adinfo
> > info: Loading facts in adinfo
> > info: Caching catalog for unxslet01.ucop.edu
> > info: Applying configuration version '1308273566'
> > notice: 22 9080 3000
> > notice: /Stage[main]/Firewall_extras/Notify[msg]/message: defined 'message'
> > as '22 9080 3000'
> > notice: Finished catalog run in 7.64 seconds
> >
> >
> > But what I really want is to use a param class to override variables in
> > a base class. Below is a stripped version. the value for the param
> > I set in dashboard shows up in the override class but never makes it
> > to the base class.
> >
> > # Base class
> > #
> > class firewall {
> >
> > define firewall_conf (
> > $fw_services_ext_tcp = "22"
> > ) {
> > file { "/etc/sysconfig/SuSEfirewall2":
> > content => template("firewall/SuSEfirewall2.erb"),
> > }
> > notify { "msg1": message => $fw_services_ext_tcp, }
> > }
> >
> > # Implement default firewall setup
> > firewall_conf {"default": }
> >
> > }
> >
> > # Override class
> > #
> > class firewall_override ( $tcp_ports ) inherits firewall {
> >
> > # modify default firewall setup
> > Firewall::Firewall_conf["default"] {
> > fw_services_ext_tcp => $tcp_ports,
> > }
> > notify { "msg0": message => $tcp_ports, }
> > }
> >
> > # Wrapper class for Dashboard
> > #
> > class firewall_wrapper {
> > class { "firewall_override": tcp_ports => $::fw_tcp_ports, }
> > }
> >
> >
> > agould@pmlab02-vhost:/data/puppet/production>
> > /usr/share/puppet-dashboard/bin/external_node unxslet01.ucop.edu
> > ---
> > name: unxslet01.ucop.edu
> > parameters:
> > fw_tcp_ports: 22 9080 3000
> > classes:
> > - firewall_wrapper
> > - common::suse
> > - firewall
> >
> >
> >
> > unxslet01:~ # puppet agent -t
> > info: Retrieving plugin
> > info: Loading facts in adinfo
> > info: Loading facts in adinfo
> > info: Caching catalog for unxslet01.ucop.edu
> > info: Applying configuration version '1308273896'
> > notice: 22 9080 3000
> > notice: /Stage[main]/Firewall_extras/Notify[msg]/message: defined 'message'
> > as '22 9080 3000'
> > notice: 22
> > notice:
> > /Stage[main]/Firewall/Firewall::Firewall_conf[default]/Notify[msg1]/message:
> > defined 'message' as '22'
> > notice: Finished catalog run in 6.76 seconds
> >
> >
> >
--
-ashley
Did you try poking at it with a stick?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
