Thanks for the reply, I did run into one problem with duplicate
declarations. Say I wanted to include node1 and node2 in a group of
servers for a particular rule. Then wanted to just have node1 in a second
rule.
eg:
node 'mynode' {
include firewall
$apps = ['node1', 'node2']
$ssl = 'node1'
myfirewall::accept { $apps :
proto => 'tcp',
ports => ['80','8080']
}
myfirewall::accept { 'node1' :
proto => 'tcp',
ports => '443'
}
}
When I run that I get a duplicate declaration error such as
Myfirewall::Accept[node1]. How does one get around something like that? I
can't think of a way to do that without assigning a unique name and then
iterating on a source variable that is passed in.
BTW - I am using the puppetlabs-firewall module and unfortunately it
doesn't work correctly with an array for the source variable, so that's why
I'm stuck here.
On Tuesday, November 20, 2012 5:15:12 PM UTC-5, joe wrote:
>
> Nothing wrong with that. It's a very common practice.
>
> One thing I would recommend is setting your array to a variable and
> passing that variable to the define. It just makes your code cleaner and
> easier to read:
>
> node 'mynode' {
> include firewall
> $sources = ['node1', 'node2']
> myfirewall::accept { $sources :
> proto => 'tcp',
> port => '80'
> }
>
>
> On Tuesday, November 20, 2012 2:30:45 PM UTC-7, Dusty Doris wrote:
>>
>>
>>
>> On Tuesday, November 20, 2012 3:51:07 PM UTC-5, Dusty Doris wrote:
>>>
>>> Lets say I wanted to make a declared type for adding custom firewall
>>> rules on a per-node basis.
>>>
>>>
>>> define myfirewall::accept($proto, $port, $sources=[]) {
>>> include defaultfirewall
>>>
>>> $sources.each do |source|
>>>
>>> firewall { "100 allow $proto $port for $source":
>>> proto => $proto,
>>> dport => $dport,
>>> source => $source,
>>> action => 'accept',
>>> }
>>>
>>> end
>>> }
>>>
>>> I could use it something like this:
>>>
>>> node "mynode" {
>>> myfirewall:: accept { "http":
>>> proto => 'tcp',
>>> port => '80',
>>> sources => ['1.1.1.1','2.2.2.2']
>>> }
>>> }
>>>
>>>
>>> Is there any way to do something like this with puppet? I'm new to this
>>> and quite confused.
>>>
>>>
>>>
>> aha. I found I can do it using the $name parameter.
>>
>> Is there anything inherently wrong with this type of usage?
>>
>>
>> define myfirewall::accept($proto, $port) {
>>
>> firewall { "100 $name $proto $port":
>> proto => $proto,
>> dport => $port,
>> source => $name,
>> action => 'accept'
>> }
>>
>> }
>>
>> node 'mynode' {
>> include firewall
>> myfirewall::accept { ['node1', 'node2'] :
>> proto => 'tcp',
>> port => '80'
>> }
>> }
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/ZpskRkRDbZoJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
