Apparently I''m missing how information comes in from different places to one destination, or something. The current case is a simple one; I want to define everything about the firewall in one place, *except* the source of the /etc/sysconfig/ iptables file (which will be system-specific). Apparently I can''t just set that attribute of that file resource in the node statement, even if it hasn''t been set anywhere else. So how does on approach this? A define with the name as a parameter? That feels ugly since it makes it "not a class" unlike other things, but maybe it''s the best option. (Some day somebody needs to write the fancy full-blown firewall handler, so each service can tell the firewall what ports it needs passed through and so forth. But that''s not me, not this month.) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
dd-b <illegalname@gmail.com> writes:> (Some day somebody needs to write the fancy full-blown firewall handler, > so each service can tell the firewall what ports it needs passed through > and so forth. But that''s not me, not this month.)We do something like this, although not in a fully Puppet way yet. We install iptables fragments in a directory on the system and then notify an exec on any modifications to that directory which gathers together all the installed fragments, adds the header and footer, and reloads the iptables rules. This works extremely well for us and lets each module for a particular application open its own ports by installing an iptables fragment. The goal in the long run is to remove the script and the installed fragments with native Puppet management of the iptables rules. -- Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
The simple form of what I was looking for was the override syntax you can use in classes that inherited from a parent. In case anybody else finds this thread at my own early state of confusion. It seems weird that that requires a special syntax, but it does. Not that I wouldn''t like to go the full route some day. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---