[Puppet Users] Re: How to collect hostnames or host ips

[Jared Curtis]

On Monday, January 28, 2013 6:30:14 PM UTC-8, Dusty Doris wrote:
>
> I'd like to be able to collect all the hostnames (fqdn) or ips of certain 
> hosts to be used in setting up firewall rules.  I'd like to search for 
> hosts that have included a particular class, perhaps by simply setting a 
> tag when that resource is included.
>
> eg:
>
> node 'node1' {
>   include 'somewebclass'
> }
>
> class somewebclass {
>   tag 'web'
>   # other stuff
> }
>
>
> Then in another class, I'd like to find all my 'web' hosts and allow them 
> access in a firewall rule.
> eg:
>
> class somedbclass {
>   tag 'db'
>   iptables { "allow db access":
>     proto => 'tcp',
>     dport => '3306'
>     source => Node <| tag == 'web' |>,
>     jump => 'ACCEPT'
>   } 
> }
>
> So, ultimately, I'd need that Node <| tag == 'web' |> to be an array of 
> hostnames or ipaddresses.
>
> This is just an example to try to explain what I am doing.  Does anyone 
> know how to do this?  Can I do this in puppet?  Do I need to write my own 
> function to handle this?  Or, can I use something like hiera or puppetdb to 
> do this?
>
> Thanks for any tips.
>
>
>
>
> This should work for you. I didn't test it but it should be close to what 
you need. The basic idea is have the node who already knows it's IP address 
to export a iptables resource, then have the server collect the resources. 
I like to break these sorts of things into a class that I can just include 
into all my web nodes.

class db::client {
  @@iptables { "Allow db access to ${::hostname}":
    proto => 'tcp',
    dport => '3306'
    source => $::ipaddress,
    jump => 'ACCEPT',
    tag
  } 
}

class db::server {
  Iptables <<| tag == 'db::client' |>>

node webclient {
  include db::client
  # web stuff
}

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.