Howdy folks, well after successfully rebuilding my hosed puppet environment (puppet was removing /var/lib/yum and /var/lib/rpm), I finally have a sane and mostly functioning puppet environment. However, I'm having a strange issue with applying modules via roles. In some instances it works, and in others it doesn't.
To begin with, I'm using the puppetlabs firewall module ( http://forge.puppetlabs.com/puppetlabs/firewall) to drive iptables on a number of my servers. Right now it's only attempting to drive two of them: A file server and the puppet master itself, and I'm doing this using a roles module. However, it seems quite happy to apply the defined module to the file server, but not to the puppetmaster. Config below: ## ../puppet/manifests/site.pp ## node 'JUMPBOX' { include role::fs_server } node 'PUPPETMASTER' { include role::puppet_master } ## ../puppet/modules/role/init.pp ## class role { include profile::base } class role::fs_server inherits role { include profile::fs_server } class role::puppet_master inherits role { include profile::puppet_master } ## ../puppet/modules/profile/init.pp ## class profile::base { notify {"Applying profile::base":} include ntp include ssh_server include my_fw } class profile::fs_server { notify {"Applying profile::fs_server":} include ssh_server::jump_box } class profile::puppet_master { notify {"Applying profile::puppet_master":} include puppet_master } As you can see it's a very very basic, skeletal config that is handling role-based module application. In the case of the 'ssh_server::jump_box' and 'puppet_master' modules, these are both firewall application rules: ## ../puppet/modules/ssh_server/manifests/init.pp ## class ssh_server::jump_box { # Firewall logic (allow forwarding) firewall { '098 allow forwarding': chain => 'FORWARD', proto => 'tcp', action => 'accept', } # Firewall logic (allow ssh from all) firewall { '099 accept ssh from anywhere': chain => 'INPUT', state => ['NEW'], dport => '22', proto => 'tcp', action => 'accept', } } ## ../puppet/modules/puppet_master/manifests/init.pp ## class puppet_master { # Firewall Logic: Allow TCP/8140 firewall { '200 allow puppetmaster port': chain => 'INPUT', state => ['NEW'], dport => '8140', proto => 'tcp', source => '<REDACTED>', action => 'accept', } } The JUMPBOX gets its 'ssh_server::jump_box' module just fine, but the 'puppet_master' module never gets applied to the PUPPETMASTER node. The notify code in the 'profile' module is logging the "Applying profile::fs_server" and "Applying profile::puppet_master" messages in both cases, but for some reason is skipping the 'puppet_master' module. If I perform a: puppet apply -e "include puppet_master" on the PUPPETMASTER node, it runs the module just fine and modifies the firewall accordingly. Is there something completely simple that I'm just missing above? I feel like I may just have a syntax error or something wrong with the include that I'm completely ignoring :/ TIA, C -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAFOrgqcS0SQncyuhF2YAkX3AbHZRfYmzYyNhX%3Dceq%3D22mYE_Kg%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
