Nothing wrong with that. It's a very common practice. One thing I would recommend is setting your array to a variable and passing that variable to the define. It just makes your code cleaner and easier to read:
node 'mynode' { include firewall $sources = ['node1', 'node2'] myfirewall::accept { $sources : proto => 'tcp', port => '80' } On Tuesday, November 20, 2012 2:30:45 PM UTC-7, Dusty Doris wrote: > > > > On Tuesday, November 20, 2012 3:51:07 PM UTC-5, Dusty Doris wrote: >> >> Lets say I wanted to make a declared type for adding custom firewall >> rules on a per-node basis. >> >> >> define myfirewall::accept($proto, $port, $sources=[]) { >> include defaultfirewall >> >> $sources.each do |source| >> >> firewall { "100 allow $proto $port for $source": >> proto => $proto, >> dport => $dport, >> source => $source, >> action => 'accept', >> } >> >> end >> } >> >> I could use it something like this: >> >> node "mynode" { >> myfirewall:: accept { "http": >> proto => 'tcp', >> port => '80', >> sources => ['1.1.1.1','2.2.2.2'] >> } >> } >> >> >> Is there any way to do something like this with puppet? I'm new to this >> and quite confused. >> >> >> > aha. I found I can do it using the $name parameter. > > Is there anything inherently wrong with this type of usage? > > > define myfirewall::accept($proto, $port) { > > firewall { "100 $name $proto $port": > proto => $proto, > dport => $port, > source => $name, > action => 'accept' > } > > } > > node 'mynode' { > include firewall > myfirewall::accept { ['node1', 'node2'] : > proto => 'tcp', > port => '80' > } > } > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/acxmlDAEJoUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.