All-
We're using puppet 2.7.11.
Our custom firewall module currently builds the RHEL
/etc/sysconfig/iptables (and ip6tables) from multiple fragments using
concat::fragment.
The base part of the firewall is constructed like this:
class firewall {
include concat::setup
$firewall_config = '/etc/sysconfig/iptables'
concat::fragment { "firewall-base":
target => "$firewall_config",
source => [
"puppet:///modules/firewall/firewall-base.$fqdn",
"puppet:///modules/firewall/firewall-base"
],
order => '01',
}
concat::fragment {"firewall-end":
target => "$firewall_config",
content => "COMMIT\n",
order => '99',
}
}
As you can see, we use source to look for a per-box custom firewall base
first, and then fall back to a stock firewall-base file fragment.
I want to modify this config so that the fall-back fragment comes from
a template, rather than a file fragment. The problem is that it appears
I can't do this:
concat::fragment { "firewall-base":
target => "$firewall_config",
source => [
"puppet:///modules/firewall/firewall-base.$fqdn",
template('firewall/firewall-base.erb'),
],
order => '01',
}
When I try that, I get:
$sudo puppet agent --test --noop
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/ipmi_product.rb
info: Loading facts in /var/lib/puppet/lib/facter/biosversion.rb
info: Loading facts in /var/lib/puppet/lib/facter/net_info.rb
info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
info: Loading facts in /var/lib/puppet/lib/facter/net_location.rb
info: Loading facts in /var/lib/puppet/lib/facter/pacemaker.rb
info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
info: Caching catalog for host.nodak.edu
err: Failed to apply catalog: Parameter source failed: Could not understand
source #
and then it spits out the file template.
Is there an easy way to mix, in one fragment, a source and a template,
as I'm trying to do?
It occurs to me that I could just "pretend" that all of our per-host
firewall-base.$fqdn files are instead templates, even if there's no
actual templating going on, and use something like:
concat::fragment { "firewall-base":
target => "$firewall_config",
content => [
template("firewall/firewall-base.$fqdn.erb"),
template('firewall/firewall-base.erb'),
],
order => '01',
}
But that seems kind of hackish. Can anyone suggest a more elegant method,
or some syntax that I'm missing?
Thanks,
Tim
--
Tim Mooney [email protected]
Enterprise Computing & Infrastructure 701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
