Nothing wrong with that. It's a very common practice.
One thing I would recommend is setting your array to a variable and passing
that variable to the define. It just makes your code cleaner and easier to
read:
node 'mynode' {
include firewall
$sources = ['node1', 'node2']
myfirewall::accept { $sources :
proto => 'tcp',
port => '80'
}
On Tuesday, November 20, 2012 2:30:45 PM UTC-7, Dusty Doris wrote:
>
>
>
> On Tuesday, November 20, 2012 3:51:07 PM UTC-5, Dusty Doris wrote:
>>
>> Lets say I wanted to make a declared type for adding custom firewall
>> rules on a per-node basis.
>>
>>
>> define myfirewall::accept($proto, $port, $sources=[]) {
>> include defaultfirewall
>>
>> $sources.each do |source|
>>
>> firewall { "100 allow $proto $port for $source":
>> proto => $proto,
>> dport => $dport,
>> source => $source,
>> action => 'accept',
>> }
>>
>> end
>> }
>>
>> I could use it something like this:
>>
>> node "mynode" {
>> myfirewall:: accept { "http":
>> proto => 'tcp',
>> port => '80',
>> sources => ['1.1.1.1','2.2.2.2']
>> }
>> }
>>
>>
>> Is there any way to do something like this with puppet? I'm new to this
>> and quite confused.
>>
>>
>>
> aha. I found I can do it using the $name parameter.
>
> Is there anything inherently wrong with this type of usage?
>
>
> define myfirewall::accept($proto, $port) {
>
> firewall { "100 $name $proto $port":
> proto => $proto,
> dport => $port,
> source => $name,
> action => 'accept'
> }
>
> }
>
> node 'mynode' {
> include firewall
> myfirewall::accept { ['node1', 'node2'] :
> proto => 'tcp',
> port => '80'
> }
> }
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/acxmlDAEJoUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
