Hi all, new to puppet so excuse my noobiness :)
I''ve got a puppet type to manage iptables rules (https://github.com/
camptocamp/puppet-iptables) running in my development environment.
The module works great for the most part; rules are calculated and
applied in the right order. The problem is, it never seems to trigger
a "save".
I''ve got this in my iptables class manifest, per the documents:
Iptables {
before => Exec["save iptables rules"],
notify => Exec["save iptables rules"],
}
exec { "save iptables rules":
command => "/etc/init.d/iptables save",
refreshonly => true,
}
and the notifies seem to get created correctly:
# puppetd --environment=development --debug --test --server=puppet |
grep subscribes
debug: /Iptables[03 icmp -- time-exceeded]/notify: subscribes to
Exec[save iptables rules]
debug: /Iptables[02 ssh -- colo]/notify: subscribes to Exec[save
iptables rules]
debug: //rhel/Service[ntpd]/subscribe: subscribes to File[/etc/
ntp.conf]
debug: /Iptables[01 safe -- loopback]/notify: subscribes to Exec[save
iptables rules]
debug: //rhel/Service[sshd]/subscribe: subscribes to File[/etc/ssh/
sshd_config]
debug: /File[/etc/my.cnf]/notify: subscribes to Service[mysql]
debug: /Iptables[03 icmp -- source-quench]/notify: subscribes to
Exec[save iptables rules]
debug: /Iptables[03 icmp -- echo-request]/notify: subscribes to
Exec[save iptables rules]
debug: //rhel/Service[snmpd]/subscribe: subscribes to File[/etc/snmp]
debug: /Iptables[01 safe -- output]/notify: subscribes to Exec[save
iptables rules]
debug: /Iptables[02 ssh -- internal]/notify: subscribes to Exec[save
iptables rules]
debug: /Iptables[04 test]/notify: subscribes to Exec[save iptables
rules]
debug: /Iptables[00 related -- input]/notify: subscribes to Exec[save
iptables rules]
debug: /Iptables[00 related -- output]/notify: subscribes to Exec[save
iptables rules]
but no matter what rules I change, the exec never gets triggered. I
tested the notify for Service[mysql] by deleting the /etc/my.cnf file
and it gets triggered and executed just fine.
Any ideas? Thanks in advance for any help!
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
On 11/17/2010 02:00 AM, elliott wrote:> Hi all, new to puppet so excuse my noobiness :) > > I''ve got a puppet type to manage iptables rules (https://github.com/ > camptocamp/puppet-iptables) running in my development environment. > The module works great for the most part; rules are calculated and > applied in the right order. The problem is, it never seems to trigger > a "save". > > I''ve got this in my iptables class manifest, per the documents: > > Iptables { > before => Exec["save iptables rules"], > notify => Exec["save iptables rules"], > } > exec { "save iptables rules": > command => "/etc/init.d/iptables save", > refreshonly => true, > } > > and the notifies seem to get created correctly: > > # puppetd --environment=development --debug --test --server=puppet | > grep subscribes > debug: /Iptables[03 icmp -- time-exceeded]/notify: subscribes to > Exec[save iptables rules]Err, what? Iptables[] subscribes to Exec[]? That doesn''t sound right.> debug: //rhel/Service[ntpd]/subscribe: subscribes to File[/etc/ > ntp.conf]Service[] describes to File[] - that''s more intuitive. But then, this is probably just awkward because both notify and subscribe use the same log notation. Other than that, I remember having issues with notify and/or subscribe where defines of my own where involved. I think notify didn''t work for my define that wrapped the file type. I''m not sure though, and in my case, subscribe was an option. Could there be a way to subscribe => Iptables["*"] or somesuch? Regards, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.