A little difficult but I'll try ;)
manifests\default.pp
include iptables
iptables::ssh { 'd.vader' :
source => '1.2.3.4',
desc => 'Vader\'s Desktop'
}
iptables::ssh { 'd.maul' :
source => '1.2.3.3',
desc => 'Maul\'s Desktop'
}
modules\iptables\manifests\init.pp
class iptables {
stage { 'iptables-post':
require => Stage["main"],
}
stage { 'iptables-pre':
before => Stage["main"],
}
class { 'iptables::pre':
stage => 'iptables-pre'
}
class { 'iptables::post':
stage => 'iptables-post'
}
}
modules\iptables\manifests\pre.pp
class iptables::pre {
file { "/etc/sysconfig/iptables" :
ensure => directory,
}->
file { "/etc/sysconfig/iptables/conf" :
ensure => directory,
}
}
modules\iptables\manifests\post.pp
class iptables::post {
exec { 'wait_for_my_file' :
before => File["/etc/sysconfig/iptables/iptables-rules"],
command => "sleep 30",
path => "/usr/bin:/bin",
}
file { "/etc/sysconfig/iptables/iptables-rules" :
content => template("iptables/load.erb"),
}
}
modules\iptables\manifests\ssh.pp
define iptables::ssh(
$username = $title,
$source,
$desc = ''
) {
iptables::rule { "$username" :
source => $source,
port => 22,
desc => $desc,
section => "001-User-SSH"
}
}
define iptables::rule(
$chain = "INPUT",
$source = '',
$protocol = "tcp",
$port = '',
$jump = "ACCEPT",
$desc = '',
$section = 'General',
$priority = "999",
) {
exec { "Write $section-$priority-$name Header" :
command => "echo '# ${section}' >
/etc/sysconfig/iptables/conf/$section-000.conf",
path => "/usr/bin:/usr/sbin:/bin",
}->file { "/etc/sysconfig/iptables/conf/$section-$priority-$name.conf" :
content => template("iptables/rule.erb"),
}
}
Vagrant Provision Output
==> default: Notice: Compiled catalog for localhost in environment
production in 2.19 seconds
==> default: Notice:
/Stage[iptables-pre]/Iptables::Pre/File[/etc/sysconfig/iptables]/ensure:
ensure changed 'file' to 'directory'
==> default: Notice:
/Stage[iptables-pre]/Iptables::Pre/File[/etc/sysconfig/iptables/conf]/ensure:
created
==> default: Notice:
/Stage[main]/Main/Node[localhost]/File[/etc/iptables-rules]/ensure: defined
content as '{md5}5445180d0b6a46fa77a92d9e7cca2862'
==> default: Notice:
/Stage[main]/Main/Node[localhost]/Iptables::Ssh[d.vader]/Iptables::Rule[d.vader]/Exec[Write
001-User-SSH-999-d.vader Header]/returns: executed successfully
==> default: Notice:
/Stage[main]/Main/Node[localhost]/Iptables::Ssh[d.vader]/Iptables::Rule[d.vader]/File[/etc/sysconfig/iptables/conf/001-User-SSH-999-d.vader.conf]/ensure:
defined content as '{md5}c6cd7681784e67f683da937578257147'
==> default: Notice:
/Stage[main]/Main/Node[localhost]/Iptables::Ssh[d.maul]/Iptables::Rule[d.maul]/Exec[Write
001-User-SSH-999-d.maul Header]/returns: executed successfully
==> default: Notice:
/Stage[main]/Main/Node[localhost]/Iptables::Ssh[d.maul]/Iptables::Rule[d.maul]/File[/etc/sysconfig/iptables/conf/001-User-SSH-999-d.maul.conf]/ensure:
defined content as '{md5}a9111e707dc5615e8cfb32eb3a18349e'
==> default: Notice:
/Stage[iptables-post]/Iptables::Post/Exec[wait_for_my_file]/returns:
executed successfully
==> default: Notice:
/Stage[iptables-post]/Iptables::Post/File[/etc/sysconfig/iptables/iptables-rules]/ensure:
defined content as '{md5}b0286436497fd0b6320dce09af6a71b2'
==> default: Notice: Finished catalog run in 30.25 seconds
On Monday, 26 January 2015 15:51:00 UTC, Sebastian Otaegui wrote:
>
> Can you gist your entire puppet manifest?
>
>
>
> On Mon, Jan 26, 2015 at 8:30 AM, Luke O'Sullivan <datavoy...@gmail.com
> <javascript:>> wrote:
>
>> Hi Sebastian,
>>
>> Thanks for the reply.
>>
>> *What happens if you do "vagrant destroy -f && vagrant up &&
>> vagrant provision"?*
>>
>> If I run that, the master file is built as expected - I assume because
>> the by the time the second puppet provision is called, the file structure
>> is in place.
>>
>> Could you elaborate on what the timing issue is? Is it a puppet or
>> vagrant issue? I added the following to my puppet setup to make puppet wait
>> 2 seconds before building the master configuration file but it still fails:
>>
>> exec { 'wait_for_files' :
>> before => File["/etc/sysconfig/iptables/iptables-rules"],
>> command => "sleep 2",
>> path => "/usr/bin:/bin",
>> }
>>
>> file { "/etc/sysconfig/iptables/iptables-rules" :
>> content => template("iptables/load.erb"),
>> }
>>
>> Thanks,
>>
>> Luke
>>
>>
>>
>>
>> On Monday, 26 January 2015 14:07:17 UTC, Sebastian Otaegui wrote:
>>>
>>> This sounds like an ordering problem.
>>>
>>> What happens if you do "vagrant destroy -f && vagrant up &&
>>> vagrant provision"?
>>>
>>> If that works it may mean that you need to run puppet apply multiple
>>> times and that can point to an order issue.
>>>
>>> Regards
>>>
>>> On Monday, January 26, 2015, Luke O'Sullivan <datavoy...@gmail.com>
>>> wrote:
>>>
>>>>
>>>> <http://stackoverflow.com/questions/28150477/file-traverse-and-read-failure-in-vagrant-puppet-setup#>
>>>>
>>>>
>>>> I have a Vagrant / Puppet set up in which I am attempting to generate a
>>>> bunch of configuration files and then concatenate them into a master file.
>>>>
>>>> The individual files are generated and written to a conf directory and
>>>> the last action is to create the master file which uses an erb template to
>>>> read the files in the conf directory.
>>>>
>>>> <% files = Dir["/etc/sysconfig/iptables/conf/*.conf"] -%>
>>>> <% files.each do |name| -%>
>>>> <% file = File.open(name) -%>
>>>> <% contents = file.read -%>
>>>> <%= contents %>
>>>> <% end -%>
>>>>
>>>> When I run "vagrant up", everything appears to run correctly but the
>>>> master configuration file is empty. I have checked the timestamps on the
>>>> conf directory and the master configuration file and they are correct (the
>>>> master config file is created after all the individual config files).
>>>>
>>>> If I ssh into vagrant and run "puppet apply" manually, the master
>>>> config file is created as expected. I have tried using a bash script
>>>> instead of the erb method but encountered the same problems.
>>>>
>>>> Does anyone have any ideas what might cause this?
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Puppet Users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>>> To view this discussion on the web visit https://groups.google.com/d/
>>>> msgid/puppet-users/ee7bea64-eb74-42be-b724-2e95d08ae4c6%
>>>> 40googlegroups.com
>>>> <https://groups.google.com/d/msgid/puppet-users/ee7bea64-eb74-42be-b724-2e95d08ae4c6%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>>
>>> --
>>> Those who do not understand Unix are condemned to reinvent it, poorly.
>>> Any sufficiently recent Microsoft OS contains an ad hoc,
>>> informally-specified, bug-ridden, slow implementation of half of Unix.
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users...@googlegroups.com <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/c483df41-feb1-4e79-b8f8-830da148f763%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/puppet-users/c483df41-feb1-4e79-b8f8-830da148f763%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Those who do not understand Unix are condemned to reinvent it, poorly.
> Any sufficiently recent Microsoft OS contains an ad hoc,
> informally-specified, bug-ridden, slow implementation of half of Unix.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ad76aa76-dfb4-4c28-becf-5ca3e26c4f38%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
