Thanks for the reply, I did run into one problem with duplicate declarations. Say I wanted to include node1 and node2 in a group of servers for a particular rule. Then wanted to just have node1 in a second rule.
eg: node 'mynode' { include firewall $apps = ['node1', 'node2'] $ssl = 'node1' myfirewall::accept { $apps : proto => 'tcp', ports => ['80','8080'] } myfirewall::accept { 'node1' : proto => 'tcp', ports => '443' } } When I run that I get a duplicate declaration error such as Myfirewall::Accept[node1]. How does one get around something like that? I can't think of a way to do that without assigning a unique name and then iterating on a source variable that is passed in. BTW - I am using the puppetlabs-firewall module and unfortunately it doesn't work correctly with an array for the source variable, so that's why I'm stuck here. On Tuesday, November 20, 2012 5:15:12 PM UTC-5, joe wrote: > > Nothing wrong with that. It's a very common practice. > > One thing I would recommend is setting your array to a variable and > passing that variable to the define. It just makes your code cleaner and > easier to read: > > node 'mynode' { > include firewall > $sources = ['node1', 'node2'] > myfirewall::accept { $sources : > proto => 'tcp', > port => '80' > } > > > On Tuesday, November 20, 2012 2:30:45 PM UTC-7, Dusty Doris wrote: >> >> >> >> On Tuesday, November 20, 2012 3:51:07 PM UTC-5, Dusty Doris wrote: >>> >>> Lets say I wanted to make a declared type for adding custom firewall >>> rules on a per-node basis. >>> >>> >>> define myfirewall::accept($proto, $port, $sources=[]) { >>> include defaultfirewall >>> >>> $sources.each do |source| >>> >>> firewall { "100 allow $proto $port for $source": >>> proto => $proto, >>> dport => $dport, >>> source => $source, >>> action => 'accept', >>> } >>> >>> end >>> } >>> >>> I could use it something like this: >>> >>> node "mynode" { >>> myfirewall:: accept { "http": >>> proto => 'tcp', >>> port => '80', >>> sources => ['1.1.1.1','2.2.2.2'] >>> } >>> } >>> >>> >>> Is there any way to do something like this with puppet? I'm new to this >>> and quite confused. >>> >>> >>> >> aha. I found I can do it using the $name parameter. >> >> Is there anything inherently wrong with this type of usage? >> >> >> define myfirewall::accept($proto, $port) { >> >> firewall { "100 $name $proto $port": >> proto => $proto, >> dport => $port, >> source => $name, >> action => 'accept' >> } >> >> } >> >> node 'mynode' { >> include firewall >> myfirewall::accept { ['node1', 'node2'] : >> proto => 'tcp', >> port => '80' >> } >> } >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ZpskRkRDbZoJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.