thr3ads.net - Puppet users - [Puppet Users] Another iptables question [May 2009]

If this information is useful, please help other people find it:
Share via:

LenR

2009-May-12 19:27 UTC

[Puppet Users] Another iptables question

I changed a ipt_fragment to ensure absent, puppet removed the rule,
but didn''t run rebuild-iptables.

Does the define below need a notify on the absent side of the case? Is
that valid?  What about the ensure on the /etc/sysconfig/iptables.d
file (further below), when is it triggered?

Thanks again.

# Handles iptables concerns.  See also ipt_fragment definition
define ipt_fragment($ensure="present") {
    case $ensure {
        absent: {
            file { "/etc/sysconfig/iptables.d/$name":
                ensure => absent,
            }
        }
        present: {
            file {
               "/etc/sysconfig/iptables.d/$title":
                    source => "puppet:///files/iptables/fragments/
$name",
                    owner => root, group => root, mode => 640,
                    notify => Exec[rebuild_iptables],

<snip>
    file {
        "/etc/sysconfig/iptables.d":
            ensure => directory,
            purge => false,
            notify => Exec["rebuild_iptables"];
        "/usr/sbin/rebuild-iptables":
            source => "puppet:///files/iptables/rebuild-iptables";
    }

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Peter Meier

2009-May-12 20:13 UTC

head link

[Puppet Users] Re: Another iptables question

Hi
> I changed a ipt_fragment to ensure absent, puppet removed the rule,
> but didn''t run rebuild-iptables.
> 
> Does the define below need a notify on the absent side of the case? Is
> that valid?  What about the ensure on the /etc/sysconfig/iptables.d
> file (further below), when is it triggered?
yes it does and try to avoid mixing of $name and $title.

cheers pete

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Puppet users - May 2009 - Another iptables question

[Puppet Users] Another iptables question

[Puppet Users] Re: Another iptables question