bel
2012-Jan-07 03:10 UTC
[Puppet Users] How can I have a defined resource depend on a resource that is not in the global scope?
I am working on this module: https://github.com/belminf/puppet-iptables I have this defined resource: define iptables::hole ($proto=''tcp'', $port, $source=undef) { firewall { "100 input: $name": chain => ''INPUT'', proto => $proto, dport => $port, source => $source, action => ''accept'', } } I want it to notify an `exec`. However, the only way I could make this work is if I make the `exec` in the global scope (i.e., importing in site.pp). Otherwise, if I define the `exec` resource and do `require => Exec[''persist-iptables'']`, when the `iptables::hole` resource is defined, it cannot find the `exec` resource. Can someone help me re-factor this so it doesn''t require an import? You are more than welcomed to modify the code on github. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/R1fA0KGT_m0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Felix Frank
2012-Jan-09 08:23 UTC
Re: [Puppet Users] How can I have a defined resource depend on a resource that is not in the global scope?
Hi, On 01/07/2012 04:10 AM, bel wrote:> I want it to notify an `exec`. However, the only way I could make this > work is if I make the `exec` in the global scope (i.e., importing in > site.pp). Otherwise, if I define the `exec` resource and do `require => > Exec[''persist-iptables'']`, when the `iptables::hole` resource is > defined, it cannot find the `exec` resource.Most surprising. I would have thought that worked, too. I don''t think it''s good practice anyway. Try putting the exec inside a class (e.g. iptables::persist), include this from your define iptables::hole and require the whole class. Side question: Are you sure this design is sound? Even if the class approach helps, this cannot work: Your ''firewall'' resources notify the exec, so they implicitly are before => Exec[...]. They cannot ever require it. As a matter of fact, there is no simple solution that I know of to make puppet run an exec *before* something but only if that something is modified. Still HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jcbollinger
2012-Jan-09 13:51 UTC
[Puppet Users] Re: How can I have a defined resource depend on a resource that is not in the global scope?
On Jan 6, 9:10 pm, bel <belm...@gmail.com> wrote:> I am working on this module: > > https://github.com/belminf/puppet-iptables > > I have this defined resource: > > define iptables::hole ($proto=''tcp'', $port, $source=undef) { > firewall { "100 input: $name": > chain => ''INPUT'', > proto => $proto, > dport => $port, > source => $source, > action => ''accept'', > } > > } > > I want it to notify an `exec`. However, the only way I could make this work > is if I make the `exec` in the global scope (i.e., importing in site.pp). > Otherwise, if I define the `exec` resource and do `require => > Exec[''persist-iptables'']`, when the `iptables::hole` resource is defined, > it cannot find the `exec` resource. > > Can someone help me re-factor this so it doesn''t require an import? You are > more than welcomed to modify the code on github.ALL Puppet resources have global scope. Very likely either your target exec is not in a class, or you do not ensure that its class is included before you try to reference it. Here is one way that will work: iptables/persist.pp: --------------------------- class iptables::persistance { exec { ''persist-iptables'': # ... } } iptables/hole.pp: ------------------------ define iptables::hole ($proto=''tcp'', $port, $source=undef) { include ''iptables::persistance'' firewall { "100 input: $name": # ... notify => Exec[''''persist-iptables''] } } John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
bel
2012-Jan-16 09:26 UTC
[Puppet Users] Re: How can I have a defined resource depend on a resource that is not in the global scope?
Thank you all. Updated the module and now works without the import: https://github.com/belminf/puppet-iptables On Jan 9, 8:51 am, jcbollinger <John.Bollin...@stJude.org> wrote:> On Jan 6, 9:10 pm, bel <belm...@gmail.com> wrote: > > > > > > > > > > > I am working on this module: > > >https://github.com/belminf/puppet-iptables > > > I have this defined resource: > > > define iptables::hole ($proto=''tcp'', $port, $source=undef) { > > firewall { "100 input: $name": > > chain => ''INPUT'', > > proto => $proto, > > dport => $port, > > source => $source, > > action => ''accept'', > > } > > > } > > > I want it to notify an `exec`. However, the only way I could make this work > > is if I make the `exec` in the global scope (i.e., importing in site.pp). > > Otherwise, if I define the `exec` resource and do `require => > > Exec[''persist-iptables'']`, when the `iptables::hole` resource is defined, > > it cannot find the `exec` resource. > > > Can someone help me re-factor this so it doesn''t require an import? You are > > more than welcomed to modify the code on github. > > ALL Puppet resources have global scope. Very likely either your > target exec is not in a class, or you do not ensure that its class is > included before you try to reference it. Here is one way that will > work: > > iptables/persist.pp: > --------------------------- > class iptables::persistance { > exec { ''persist-iptables'': > # ... > } > > } > > iptables/hole.pp: > ------------------------ > define iptables::hole ($proto=''tcp'', $port, $source=undef) { > include ''iptables::persistance'' > firewall { "100 input: $name": > # ... > notify => Exec[''''persist-iptables''] > } > > } > > John-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Reasonably Related Threads
- Using firewall module, how do I clear iptables before rules are applied?
- How do I require a resource in a definition based on an array parameter?
- Dummy (factor) based on a pair of variables
- Compute correlation matrix for panel data with specific ordering
- [RHSA-1999:054-01] Security problems in bind (fwd)