Hello,
I am rather new to Puppet and am starting to test it out for use on a
client''s servers. I am running into difficulty with node behavior. I
want to specify a different firewall for every server. The default
"basenode" works (applies the various files/functions/etc to all the
servers just fine). However, when I specify the following (see
nodes.pp, specifically), it applies firewall/firewall_mail2.pp to mail2
as well as any other server configured as a puppetd client.
--- BEGIN templates.pp ---
# templates.pp
node basenode {
include virt_all_users,
my_users,
dns,
sudoers,
package_management,
base_packages
}
node default inherits basenode {}
--- END templates.pp ---
--- BEGIN nodes.pp ---
# nodes.pp
node ''mail2.clientdomain.com'' inherits basenode {
import "firewall/firewall_mail2"
}
--- END nodes.pp ---
Am I doing something wrong here? How can I only make this apply to that
particular server and not others? Is there any other background/files I
can provide to help troubleshoot? Thank you very much in advance,
--
John W. Yasaitis
Prolucid Technology
617-848-8250
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 11 September 2007, John W. Yasaitis wrote:> Hello, > > I am rather new to Puppet and am starting to test it out for use on a > client''s servers. I am running into difficulty with node behavior. I > want to specify a different firewall for every server. The default > "basenode" works (applies the various files/functions/etc to all the > servers just fine). However, when I specify the following (see > nodes.pp, specifically), it applies firewall/firewall_mail2.pp to mail2 > as well as any other server configured as a puppetd client. > > --- BEGIN templates.pp --- > # templates.pp > > node basenode { > include virt_all_users, > my_users, > dns, > sudoers, > package_management, > base_packages > } > > node default inherits basenode {} > --- END templates.pp --- > --- BEGIN nodes.pp --- > # nodes.pp > > node ''mail2.clientdomain.com'' inherits basenode { > import "firewall/firewall_mail2"You want to "include" a class here, not "import" a file.> } > --- END nodes.pp --- > > Am I doing something wrong here? How can I only make this apply to that > particular server and not others? Is there any other background/files I > can provide to help troubleshoot? Thank you very much in advance,Regards, David - -- The primary freedom of open source is not the freedom from cost, but the free- dom to shape software to do what you want. This freedom is /never/ exercised without cost, but is available /at all/ only by accepting the very different costs associated with open source, costs not in money, but in time and effort. - -- http://www.schierer.org/~luke/log/20070710-1129/on-forks-and-forking -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG5uQV/Pp1N6Uzh0URAv3EAJ95/vu595jcL0HcOi7pMfeEZoPUlQCgnCNS jK/3Pyz/npfaAmShzQIle1w=jkQl -----END PGP SIGNATURE-----
David Schmitt wrote:> You want to "include" a class here, not "import" a file. >Apologies, I did that already (just verified again) and it still runs "firewall/firewall_mail2" for servers other than mail2. I am declaring the "import" in my site.pp file. --- BEGIN site.pp --- # site.pp import "functions" import "virt_all_users" import "my_users" import "templates" import "nodes" import "dns" import "sudoers" import "package_management" import "base_packages" import "firewall/firewall_mail2" --- END site.pp --- Any ideas? Am I importing "firewall/firewall_mail2" incorrectly or in the wrong .pp file? Thanks!
On Sep 11, 2007, at 2:00 PM, John W. Yasaitis wrote:> Any ideas? Am I importing "firewall/firewall_mail2" incorrectly or in > the wrong .pp file? Thanks!You need to put the code in the firewall_mail2 file in a class. Puppet imports files at parse time, not compile time, so all files mentioned in an import are always imported. Any code not inside a ''class'' statement will get applied to all nodes. -- The whole secret of life is to be interested in one thing profoundly and in a thousand things well. -- Horace Walpole --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 11 September 2007, John W. Yasaitis wrote:> David Schmitt wrote: > > You want to "include" a class here, not "import" a file. > > Apologies, I did that already (just verified again) and it still runs > "firewall/firewall_mail2" for servers other than mail2. I am declaring > the "import" in my site.pp file. > > --- BEGIN site.pp --- > # site.pp > > import "functions" > import "virt_all_users" > import "my_users" > import "templates" > import "nodes" > import "dns" > import "sudoers" > import "package_management" > import "base_packages" > import "firewall/firewall_mail2" > --- END site.pp --- > > Any ideas? Am I importing "firewall/firewall_mail2" incorrectly or in > the wrong .pp file? Thanks!that''s syntactically corret, but how does firewall/firewall_mail2.pp look like? Does it define a class (good) or are the resources in the top-level scope (bad)? Regards, David - -- The primary freedom of open source is not the freedom from cost, but the free- dom to shape software to do what you want. This freedom is /never/ exercised without cost, but is available /at all/ only by accepting the very different costs associated with open source, costs not in money, but in time and effort. - -- http://www.schierer.org/~luke/log/20070710-1129/on-forks-and-forking -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG5vRC/Pp1N6Uzh0URAg3vAKCXGozNbNXkX6Aep0lmmUvPvKWrQACeOU5b T5878JoyOaEE5jghaGaa0oU=glB6 -----END PGP SIGNATURE-----
David Schmitt wrote:> that''s syntactically corret, but how does firewall/firewall_mail2.pp look > like? > > Does it define a class (good) or are the resources in the top-level scope > (bad)? > >Thank you Luke and David. I do not have the contents of firewall/firewall_mail2.pp defined as a class. I will do that and it sounds as if that should do the trick. Once I get everything working I will reply with the contents so it''s helpful for others if they stumble across this thread. Thanks!