So I'm working with puppet 5.5.1 and I have encountered what I think is a
bug.
So on my site.pp i have the following line for ordering my firewall rules:
site.pp
---------
if $::kernel == 'Linux' {
# Make sure every firewall rule not pre or post is created in the middle
Firewall <| tag != 'pre' and tag != 'post' |> {
before +> Class['profiles::fw_rules::post'],
require +> Class['profiles::fw_rules::pre'],
}
}
Then on another class I'm doing the following (This is a class for a
postgresql client):
@@firewall { "222 tcp:5432 pgpool from ${::ipaddress}/32" :
action => 'accept',
source => "${::ipaddress}/32",
dport => '5432',
proto => 'tcp',
tag => [ $tag, 'postgresql_client' ],
}
On the postgresql servers I do:
# Grab all firewall rules created for this cluster
Firewall <<| tag == $tag and tag == 'postgresql_client' |>>
I would expect that the rule to only appear on the postgresql server, but
what ends up happening is that the rule is realized on both the server and
the client.
On the documentation for resource collector
(https://puppet.com/docs/puppet/5.5/lang_collectors.html#exported-resource-collectors):
Collectors realize virtual resources, are used in chaining statements, and
override resource attributes.
on that very same page we have the following for exported resource
collectors:
An exported resource collector uses a modified syntax that realizes exported
resources <https://puppet.com/docs/puppet/5.5/lang_exported.html> and
imports resources published by other nodes.
Have anybody else found a similar issue?
Thanks
Julio Guevara
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/9b9118cd-81be-4452-a77a-732098d61c6a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
