Hi.
You try this:
node 'mynode' {
include firewall
myfirewall::accept { 'node2':
proto => 'tcp',
ports => ['80','8080']
}
myfirewall::accept { 'node1' :
proto => 'tcp',
ports => ['80','8080','443']
}
}
It is more simple and so you don't duplicate a declaration.
Sorry for my english
El 20/11/2012 23:32, "Dusty Doris" <[email protected]> escribió:
> Thanks for the reply, I did run into one problem with duplicate
> declarations. Say I wanted to include node1 and node2 in a group of
> servers for a particular rule. Then wanted to just have node1 in a second
> rule.
>
> eg:
>
> node 'mynode' {
> include firewall
>
> $apps = ['node1', 'node2']
> $ssl = 'node1'
>
> myfirewall::accept { $apps :
> proto => 'tcp',
> ports => ['80','8080']
> }
>
> myfirewall::accept { 'node1' :
> proto => 'tcp',
> ports => '443'
> }
> }
>
> When I run that I get a duplicate declaration error such as
> Myfirewall::Accept[node1]. How does one get around something like that? I
> can't think of a way to do that without assigning a unique name and then
> iterating on a source variable that is passed in.
>
> BTW - I am using the puppetlabs-firewall module and unfortunately it
> doesn't work correctly with an array for the source variable, so that's why
> I'm stuck here.
>
>
>
> On Tuesday, November 20, 2012 5:15:12 PM UTC-5, joe wrote:
>>
>> Nothing wrong with that. It's a very common practice.
>>
>> One thing I would recommend is setting your array to a variable and
>> passing that variable to the define. It just makes your code cleaner and
>> easier to read:
>>
>> node 'mynode' {
>> include firewall
>> $sources = ['node1', 'node2']
>> myfirewall::accept { $sources :
>> proto => 'tcp',
>> port => '80'
>> }
>>
>>
>> On Tuesday, November 20, 2012 2:30:45 PM UTC-7, Dusty Doris wrote:
>>>
>>>
>>>
>>> On Tuesday, November 20, 2012 3:51:07 PM UTC-5, Dusty Doris wrote:
>>>>
>>>> Lets say I wanted to make a declared type for adding custom firewall
>>>> rules on a per-node basis.
>>>>
>>>>
>>>> define myfirewall::accept($proto, $port, $sources=[]) {
>>>> include defaultfirewall
>>>>
>>>> $sources.each do |source|
>>>>
>>>> firewall { "100 allow $proto $port for $source":
>>>> proto => $proto,
>>>> dport => $dport,
>>>> source => $source,
>>>> action => 'accept',
>>>> }
>>>>
>>>> end
>>>> }
>>>>
>>>> I could use it something like this:
>>>>
>>>> node "mynode" {
>>>> myfirewall:: accept { "http":
>>>> proto => 'tcp',
>>>> port => '80',
>>>> sources => ['1.1.1.1','2.2.2.2']
>>>> }
>>>> }
>>>>
>>>>
>>>> Is there any way to do something like this with puppet? I'm new to
>>>> this and quite confused.
>>>>
>>>>
>>>>
>>> aha. I found I can do it using the $name parameter.
>>>
>>> Is there anything inherently wrong with this type of usage?
>>>
>>>
>>> define myfirewall::accept($proto, $port) {
>>>
>>> firewall { "100 $name $proto $port":
>>> proto => $proto,
>>> dport => $port,
>>> source => $name,
>>> action => 'accept'
>>> }
>>>
>>> }
>>>
>>> node 'mynode' {
>>> include firewall
>>> myfirewall::accept { ['node1', 'node2'] :
>>> proto => 'tcp',
>>> port => '80'
>>> }
>>> }
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/ZpskRkRDbZoJ.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
