Hi,
On 12/16/2014 06:14 PM, Matt Wise wrote:
> We're using Puppet to build up a few docker containers, and we find
> that the puppetlabs-firewall module throws some errors during initial
> compilation. These errors are ignorable ... but they're obnoxious. Is
> there a way to explicitly disable a module from being parsed for a
> particular node type?
>
> Debug: Puppet::Type::Firewall::ProviderIptables: [instances]
> Error: /Stage[main]/Main/Resources[firewall]: Failed to generate
> additional resources using 'generate': Command iptables_save is
> missing
>
>
> (obviously this is more than just not saying 'include firewall' ...
> because the provider/types get parsed regardless of whether or not we
> 'include firewall').
the providers should not generate error output on their own accord.
Debugging messages - sure. Don't collect those during provisioning ;-)
I believe that you do something along the lines of `resources {
'firewall': purge => true }` on the global scope. Move this to a
site-specific firewall wrapper module. Create a special environment that
mirrors production, but replaces this wrapper module with a stub. This
way, nodes can effectively ignore firewalling during provisioning. You
can even remove the puppetlabs-firewall module from this environment, I
believe.
Failing that, you can always fall back to a custom fact that is false
during the initial run, and true afterwards. Wrap any firewalling
resources in queries for this fact value.
HTH,
Felix
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/549DC02E.9060903%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.
