On Tuesday, August 12, 2014 12:49:27 PM UTC-5, treydock wrote: > > I have noticed a very strange problem on CentOS 7 nodes where they are > collecting and/or applying their exported resources. I have a class called > "brazos::firewall" that's used internally to export a firewall rule that is > then collected by "brazos::gw" to allow specific systems through the > gateway server's NAT. Below are the actual classes. I've found that on > CentOS 6 systems, the resource is correctly exported (NOT applied by > exporting host) and collected by the gw server. On CentOS 7 systems the > resource is exported, and also applied by the exporting host when it's not > supposed to be. >
Are you applying you using agent and master, or are you just running 'puppet apply'? The former makes much more sense to me for exporting and collecting resources (though I *think* the latter can work, too). On the other hand, only if you are running 'puppet apply' does catalog compilation happen in different environments for different machines. If you are running in master/agent mode, then the problem must be in your manifests and/or data. Are you certain that the exported firewall rules are in fact being collected on the wrong nodes? Is it possible that those rules were added previously, and just not cleaned out? You can check by cleaning them out manually and then rerunning Puppet, or by looking for them in the nodes' catalogs. Alternatively, are you certain that there is no other Firewall<<| |>> collector somewhere in your manifests that might be picking up the rules at issue? John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2880f45a-ae80-4ee2-99a2-a24a551961cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.