Hello Everybody, We need to open some ports on the target machine, let''s say 694:udp and 3306:tcp I couldn''t find any documentation how can I do this with Puppet. What the best way of doing this? Thank you Dmytro -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Which target system is it? +-------------------------------------------------+ | Yushu Yao | Ph:1-510-486-4690 | | Lawrence Berkeley National Lab | Mailstop 50B-6222 | 1 Cyclotron Road | Berkeley CA 94720-8147 - USA +-------------------------------------------------+ On Mon, Dec 13, 2010 at 6:31 PM, Dmytro Bablinyuk <bablinyuk@gmail.com>wrote:> Hello Everybody, > > We need to open some ports on the target machine, let''s say > 694:udp and 3306:tcp > > I couldn''t find any documentation how can I do this with Puppet. What > the best way of doing this? > > Thank you > Dmytro > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Target systems vary from Solaris to Ubuntu. I was told that exists third party package as https://github.com/camptocamp/puppet-iptables I think it might work. On Dec 14, 4:09 pm, Yushu Yao <y...@lbl.gov> wrote:> Which target system is it? > > +-------------------------------------------------+ > | Yushu Yao > | Ph:1-510-486-4690 > | > | Lawrence Berkeley National Lab > | Mailstop 50B-6222 > | 1 Cyclotron Road > | Berkeley CA 94720-8147 - USA > +-------------------------------------------------+ > > On Mon, Dec 13, 2010 at 6:31 PM, Dmytro Bablinyuk <bablin...@gmail.com>wrote: > > > Hello Everybody, > > > We need to open some ports on the target machine, let''s say > > 694:udp and 3306:tcp > > > I couldn''t find any documentation how can I do this with Puppet. What > > the best way of doing this? > > > Thank you > > Dmytro > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > > . > > For more options, visit this group at > >http://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I have downloaded and deployed puppet-iptables (I have puppet 2.6.4) On both client and master config looks like this [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet libdir=/var/lib/puppet/lib factpath=$vardir/lib/facter pluginsync=true plugindest=/var/lib/puppet/lib templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post modulepath=/etc/puppet/modules I have deployed iptables.rb root@puppet-master:/var/lib/puppet/lib/type# ls -l total 28 -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb When I connect client to test a simple iptables action I have a error, obviously I have deployed iptables in the wrong place or failed to register somewhere. root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve information from source(s) puppet://puppet/plugins err: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on node puppet-client-ubuntu.harbour warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run I tried to move type folder around but still no luck Can anybody advise on this? Thank you very much! Dmytro -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi Dmytro, So looking at what you have posted .... I can see a couple of things that trouble me: .. info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve information from source(s) puppet://puppet/plugins .. Is this error always occurring? Are you able to synchronise Ruby plugins at all? You can check by looking at /var/lib/puppet/lib to see if anything else lives there. It just looks like generally your clients aren''t synchronising plugins at all - but I could be wrong :-). Also the sync location doesn''t look right to me on your puppetmaster ... you show: ... root@puppet-master:/var/lib/puppet/lib/type# ls -l total 28 -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb ... But it should have sync''d here: .. root@puppet-master:/var/lib/puppet/lib/type# ls -l total 28 -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb .. Did it actually synchronise on its own (ie. after running puppet) like this on your puppetmaster? Did you deploy the entire module into a path like /etc/puppet/modules/iptables? Oh btw. I''m not entirely sure the camptocamp revision is 2.6.x compatible. Try the revision here: https://github.com/bobsh/puppet-iptables/tree/1.2.0 <https://github.com/bobsh/puppet-iptables/tree/1.2.0>ken. On Tuesday, December 14, 2010 10:35:18 PM UTC, Dmytro Bablinyuk wrote:> > I have downloaded and deployed puppet-iptables (I have puppet 2.6.4) > > On both client and master config looks like this > > [main] > logdir=/var/log/puppet > vardir=/var/lib/puppet > ssldir=/var/lib/puppet/ssl > rundir=/var/run/puppet > libdir=/var/lib/puppet/lib > factpath=$vardir/lib/facter > pluginsync=true > plugindest=/var/lib/puppet/lib > templatedir=$confdir/templates > prerun_command=/etc/puppet/etckeeper-commit-pre > postrun_command=/etc/puppet/etckeeper-commit-post > modulepath=/etc/puppet/modules > > I have deployed iptables.rb > > root@puppet-master:/var/lib/puppet/lib/type# ls -l > total 28 > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > > When I connect client to test a simple iptables action I have a error, > obviously I have deployed iptables in the wrong place or failed to > register somewhere. > > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > info: Retrieving plugin > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not > retrieve information from source(s) puppet://puppet/plugins > err: Could not retrieve catalog from remote server: Error 400 on > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on > node puppet-client-ubuntu.harbour > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > I tried to move type folder around but still no luck > > Can anybody advise on this? > > Thank you very much! > Dmytro >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Thank you Ken, I have downloaded 1.2.0 iptables as you suggested. I copied ruby script root@puppet-master:/etc/puppet/modules/type# ls -l total 32 -rw-rw-r-- 1 root root 31539 2010-10-30 03:37 iptables.rb Looks like I don''t have other plugins, iptables is the only puppet plugin I have root@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib type root@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib/ type/ iptables.rb I have this error every time I try to access iptable type root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve information from source(s) puppet://puppet/plugins err: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on node puppet-client-ubuntu.harbour warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Thank you very much for your help Dmytro On Dec 15, 10:03 am, Ken Barber <k...@bob.sh> wrote:> Hi Dmytro, > > So looking at what you have posted .... I can see a couple of things that > trouble me: > > .. > info: Retrieving plugin > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve > information from source(s) puppet://puppet/plugins > .. > > Is this error always occurring? Are you able to synchronise Ruby plugins at > all? You can check by looking at /var/lib/puppet/lib to see if anything else > lives there. It just looks like generally your clients aren''t synchronising > plugins at all - but I could be wrong :-). > > Also the sync location doesn''t look right to me on your puppetmaster ... you > show: > > ... > root@puppet-master:/var/lib/puppet/lib/type# ls -l > total 28 > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > ... > > But it should have sync''d here: > > .. > root@puppet-master:/var/lib/puppet/lib/type# ls -l > total 28 > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > .. > > Did it actually synchronise on its own (ie. after running puppet) like this > on your puppetmaster? Did you deploy the entire module into a path like > /etc/puppet/modules/iptables? > > Oh btw. I''m not entirely sure the camptocamp revision is 2.6.x compatible. > > Try the revision here: > > https://github.com/bobsh/puppet-iptables/tree/1.2.0 > > <https://github.com/bobsh/puppet-iptables/tree/1.2.0>ken. > > On Tuesday, December 14, 2010 10:35:18 PM UTC, Dmytro Bablinyuk wrote: > > > I have downloaded and deployed puppet-iptables (I have puppet 2.6.4) > > > On both client and master config looks like this > > > [main] > > logdir=/var/log/puppet > > vardir=/var/lib/puppet > > ssldir=/var/lib/puppet/ssl > > rundir=/var/run/puppet > > libdir=/var/lib/puppet/lib > > factpath=$vardir/lib/facter > > pluginsync=true > > plugindest=/var/lib/puppet/lib > > templatedir=$confdir/templates > > prerun_command=/etc/puppet/etckeeper-commit-pre > > postrun_command=/etc/puppet/etckeeper-commit-post > > modulepath=/etc/puppet/modules > > > I have deployed iptables.rb > > > root@puppet-master:/var/lib/puppet/lib/type# ls -l > > total 28 > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > > > When I connect client to test a simple iptables action I have a error, > > obviously I have deployed iptables in the wrong place or failed to > > register somewhere. > > > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > > info: Retrieving plugin > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not > > retrieve information from source(s) puppet://puppet/plugins > > err: Could not retrieve catalog from remote server: Error 400 on > > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: > > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on > > node puppet-client-ubuntu.harbour > > warning: Not using cache on failed catalog > > err: Could not retrieve catalog; skipping run > > > I tried to move type folder around but still no luck > > > Can anybody advise on this? > > > Thank you very much! > > Dmytro-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi Dmytro, Your methodology for installing modules isn''t quite right :-). Instead of trying to extract the iptables.rb file yourself you want to do something like: cd /etc/puppet/modules git clone git://github.com/bobsh/puppet-iptables.git iptables Which will give you a layout something like: # find /etc/puppet/modules/iptables /etc/puppet/modules/iptables /etc/puppet/modules/iptables/Rakefile /etc/puppet/modules/iptables/COPYING /etc/puppet/modules/iptables/lib /etc/puppet/modules/iptables/lib/puppet /etc/puppet/modules/iptables/lib/puppet/test /etc/puppet/modules/iptables/lib/puppet/test/iptables.rb /etc/puppet/modules/iptables/lib/puppet/type /etc/puppet/modules/iptables/lib/puppet/type/iptables.rb /etc/puppet/modules/iptables/tests ... /etc/puppet/modules/iptables/Modulefile /etc/puppet/modules/iptables/README.rst # Correct this and try again. ken. On Tuesday, December 14, 2010 11:43:31 PM UTC, Dmytro Bablinyuk wrote:> > Thank you Ken, > > I have downloaded 1.2.0 iptables as you suggested. > > I copied ruby script > root@puppet-master:/etc/puppet/modules/type# ls -l > total 32 > -rw-rw-r-- 1 root root 31539 2010-10-30 03:37 iptables.rb > > Looks like I don''t have other plugins, iptables is the only puppet > plugin I have > > root@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib > type > root@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib/ > type/ > iptables.rb > > I have this error every time I try to access iptable type > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > info: Retrieving plugin > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not > retrieve information from source(s) puppet://puppet/plugins > err: Could not retrieve catalog from remote server: Error 400 on > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on > node puppet-client-ubuntu.harbour > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > Thank you very much for your help > Dmytro > > On Dec 15, 10:03 am, Ken Barber <k...@bob.sh> wrote: > > Hi Dmytro, > > > > So looking at what you have posted .... I can see a couple of things that > > > trouble me: > > > > .. > > info: Retrieving plugin > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve > > information from source(s) puppet://puppet/plugins > > .. > > > > Is this error always occurring? Are you able to synchronise Ruby plugins > at > > all? You can check by looking at /var/lib/puppet/lib to see if anything > else > > lives there. It just looks like generally your clients aren''t > synchronising > > plugins at all - but I could be wrong :-). > > > > Also the sync location doesn''t look right to me on your puppetmaster ... > you > > show: > > > > ... > > root@puppet-master:/var/lib/puppet/lib/type# ls -l > > total 28 > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > > ... > > > > But it should have sync''d here: > > > > .. > > root@puppet-master:/var/lib/puppet/lib/type# ls -l > > total 28 > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > > .. > > > > Did it actually synchronise on its own (ie. after running puppet) like > this > > on your puppetmaster? Did you deploy the entire module into a path like > > /etc/puppet/modules/iptables? > > > > Oh btw. I''m not entirely sure the camptocamp revision is 2.6.x > compatible. > > > > Try the revision here: > > > > https://github.com/bobsh/puppet-iptables/tree/1.2.0 > > > > <https://github.com/bobsh/puppet-iptables/tree/1.2.0>ken. > > > > On Tuesday, December 14, 2010 10:35:18 PM UTC, Dmytro Bablinyuk wrote: > > > > > I have downloaded and deployed puppet-iptables (I have puppet 2.6.4) > > > > > On both client and master config looks like this > > > > > [main] > > > logdir=/var/log/puppet > > > vardir=/var/lib/puppet > > > ssldir=/var/lib/puppet/ssl > > > rundir=/var/run/puppet > > > libdir=/var/lib/puppet/lib > > > factpath=$vardir/lib/facter > > > pluginsync=true > > > plugindest=/var/lib/puppet/lib > > > templatedir=$confdir/templates > > > prerun_command=/etc/puppet/etckeeper-commit-pre > > > postrun_command=/etc/puppet/etckeeper-commit-post > > > modulepath=/etc/puppet/modules > > > > > I have deployed iptables.rb > > > > > root@puppet-master:/var/lib/puppet/lib/type# ls -l > > > total 28 > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > > > > > When I connect client to test a simple iptables action I have a error, > > > obviously I have deployed iptables in the wrong place or failed to > > > register somewhere. > > > > > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > > > info: Retrieving plugin > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not > > > retrieve information from source(s) puppet://puppet/plugins > > > err: Could not retrieve catalog from remote server: Error 400 on > > > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: > > > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on > > > node puppet-client-ubuntu.harbour > > > warning: Not using cache on failed catalog > > > err: Could not retrieve catalog; skipping run > > > > > I tried to move type folder around but still no luck > > > > > Can anybody advise on this? > > > > > Thank you very much! > > > Dmytro-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
You are life saver Ken!
It''s working
root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
info: Retrieving plugin
notice: /File[/var/lib/puppet/lib/puppet]/ensure: created
notice: /File[/var/lib/puppet/lib/puppet/test]/ensure: created
notice: /File[/var/lib/puppet/lib/puppet/test/iptables.rb]/ensure:
defined content as ''{md5}b079e461bf96bd1194fb72abb8802515''
notice: /File[/var/lib/puppet/lib/puppet/type]/ensure: created
notice: /File[/var/lib/puppet/lib/puppet/type/iptables.rb]/ensure:
defined content as ''{md5}66481c7e3fb362d3448509e1e7f7fb35''
info: Loading downloaded plugin /var/lib/puppet/lib/puppet/test/
iptables.rb
err: Could not load downloaded file /var/lib/puppet/lib/puppet/test/
iptables.rb: no such file to load -- puppettest
info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/
iptables.rb
root@puppet-client-ubuntu:~# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m comment --comment "my iptables
rule" -j DROP
On Dec 15, 10:56 am, Ken Barber <k...@bob.sh>
wrote:> Hi Dmytro,
>
> Your methodology for installing modules isn''t quite right :-).
>
> Instead of trying to extract the iptables.rb file yourself you want to do
> something like:
>
> cd /etc/puppet/modules
> git clone git://github.com/bobsh/puppet-iptables.git iptables
>
> Which will give you a layout something like:
>
> # find /etc/puppet/modules/iptables
> /etc/puppet/modules/iptables
> /etc/puppet/modules/iptables/Rakefile
> /etc/puppet/modules/iptables/COPYING
> /etc/puppet/modules/iptables/lib
> /etc/puppet/modules/iptables/lib/puppet
> /etc/puppet/modules/iptables/lib/puppet/test
> /etc/puppet/modules/iptables/lib/puppet/test/iptables.rb
> /etc/puppet/modules/iptables/lib/puppet/type
> /etc/puppet/modules/iptables/lib/puppet/type/iptables.rb
> /etc/puppet/modules/iptables/tests
> ...
> /etc/puppet/modules/iptables/Modulefile
> /etc/puppet/modules/iptables/README.rst
> #
>
> Correct this and try again.
>
> ken.
>
> On Tuesday, December 14, 2010 11:43:31 PM UTC, Dmytro Bablinyuk wrote:
>
> > Thank you Ken,
>
> > I have downloaded 1.2.0 iptables as you suggested.
>
> > I copied ruby script
> > root@puppet-master:/etc/puppet/modules/type# ls -l
> > total 32
> > -rw-rw-r-- 1 root root 31539 2010-10-30 03:37 iptables.rb
>
> > Looks like I don''t have other plugins, iptables is the only
puppet
> > plugin I have
>
> > root@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib
> > type
> > root@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib/
> > type/
> > iptables.rb
>
> > I have this error every time I try to access iptable type
> > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> > info: Retrieving plugin
> > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not
> > retrieve information from source(s) puppet://puppet/plugins
> > err: Could not retrieve catalog from remote server: Error 400 on
> > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError:
> > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on
> > node puppet-client-ubuntu.harbour
> > warning: Not using cache on failed catalog
> > err: Could not retrieve catalog; skipping run
>
> > Thank you very much for your help
> > Dmytro
>
> > On Dec 15, 10:03 am, Ken Barber <k...@bob.sh> wrote:
> > > Hi Dmytro,
>
> > > So looking at what you have posted .... I can see a couple of
things that
>
> > > trouble me:
>
> > > ..
> > > info: Retrieving plugin
> > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not
retrieve
> > > information from source(s) puppet://puppet/plugins
> > > ..
>
> > > Is this error always occurring? Are you able to synchronise Ruby
plugins
> > at
> > > all? You can check by looking at /var/lib/puppet/lib to see if
anything
> > else
> > > lives there. It just looks like generally your clients
aren''t
> > synchronising
> > > plugins at all - but I could be wrong :-).
>
> > > Also the sync location doesn''t look right to me on your
puppetmaster ...
> > you
> > > show:
>
> > > ...
> > > root@puppet-master:/var/lib/puppet/lib/type# ls -l
> > > total 28
> > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb
> > > ...
>
> > > But it should have sync''d here:
>
> > > ..
> > > root@puppet-master:/var/lib/puppet/lib/type# ls -l
> > > total 28
> > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb
> > > ..
>
> > > Did it actually synchronise on its own (ie. after running puppet)
like
> > this
> > > on your puppetmaster? Did you deploy the entire module into a
path like
> > > /etc/puppet/modules/iptables?
>
> > > Oh btw. I''m not entirely sure the camptocamp revision is
2.6.x
> > compatible.
>
> > > Try the revision here:
>
> > >https://github.com/bobsh/puppet-iptables/tree/1.2.0
>
> > > <https://github.com/bobsh/puppet-iptables/tree/1.2.0>ken.
>
> > > On Tuesday, December 14, 2010 10:35:18 PM UTC, Dmytro Bablinyuk
wrote:
>
> > > > I have downloaded and deployed puppet-iptables (I have
puppet 2.6.4)
>
> > > > On both client and master config looks like this
>
> > > > [main]
> > > > logdir=/var/log/puppet
> > > > vardir=/var/lib/puppet
> > > > ssldir=/var/lib/puppet/ssl
> > > > rundir=/var/run/puppet
> > > > libdir=/var/lib/puppet/lib
> > > > factpath=$vardir/lib/facter
> > > > pluginsync=true
> > > > plugindest=/var/lib/puppet/lib
> > > > templatedir=$confdir/templates
> > > > prerun_command=/etc/puppet/etckeeper-commit-pre
> > > > postrun_command=/etc/puppet/etckeeper-commit-post
> > > > modulepath=/etc/puppet/modules
>
> > > > I have deployed iptables.rb
>
> > > > root@puppet-master:/var/lib/puppet/lib/type# ls -l
> > > > total 28
> > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb
>
> > > > When I connect client to test a simple iptables action I
have a error,
> > > > obviously I have deployed iptables in the wrong place or
failed to
> > > > register somewhere.
>
> > > > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> > > > info: Retrieving plugin
> > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could
not
> > > > retrieve information from source(s) puppet://puppet/plugins
> > > > err: Could not retrieve catalog from remote server: Error
400 on
> > > > SERVER: Puppet::Parser::AST::Resource failed with error
ArgumentError:
> > > > Invalid resource type iptables at
/etc/puppet/manifests/site.pp:10 on
> > > > node puppet-client-ubuntu.harbour
> > > > warning: Not using cache on failed catalog
> > > > err: Could not retrieve catalog; skipping run
>
> > > > I tried to move type folder around but still no luck
>
> > > > Can anybody advise on this?
>
> > > > Thank you very much!
> > > > Dmytro
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
A quick question, If I run puppet more than one time it seems does not do anything, even if I change manifest file. root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test info: Retrieving plugin info: Caching catalog for puppet-client-ubuntu info: Applying configuration version ''1292378428'' notice: Finished catalog run in 0.02 seconds It looks like it retrieves the catalog but does not apply it. How do I make puppet execute manifest? Thank you Dmytro On Dec 15, 11:18 am, Dmytro Bablinyuk <bablin...@gmail.com> wrote:> You are life saver Ken! > > It''s working > > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > info: Retrieving plugin > notice: /File[/var/lib/puppet/lib/puppet]/ensure: created > notice: /File[/var/lib/puppet/lib/puppet/test]/ensure: created > notice: /File[/var/lib/puppet/lib/puppet/test/iptables.rb]/ensure: > defined content as ''{md5}b079e461bf96bd1194fb72abb8802515'' > notice: /File[/var/lib/puppet/lib/puppet/type]/ensure: created > notice: /File[/var/lib/puppet/lib/puppet/type/iptables.rb]/ensure: > defined content as ''{md5}66481c7e3fb362d3448509e1e7f7fb35'' > info: Loading downloaded plugin /var/lib/puppet/lib/puppet/test/ > iptables.rb > err: Could not load downloaded file /var/lib/puppet/lib/puppet/test/ > iptables.rb: no such file to load -- puppettest > info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/ > iptables.rb > > root@puppet-client-ubuntu:~# iptables -S > -P INPUT ACCEPT > -P FORWARD ACCEPT > -P OUTPUT ACCEPT > -A INPUT -p tcp -m tcp --dport 80 -m comment --comment "my iptables > rule" -j DROP > > On Dec 15, 10:56 am, Ken Barber <k...@bob.sh> wrote: > > > Hi Dmytro, > > > Your methodology for installing modules isn''t quite right :-). > > > Instead of trying to extract the iptables.rb file yourself you want to do > > something like: > > > cd /etc/puppet/modules > > git clone git://github.com/bobsh/puppet-iptables.git iptables > > > Which will give you a layout something like: > > > # find /etc/puppet/modules/iptables > > /etc/puppet/modules/iptables > > /etc/puppet/modules/iptables/Rakefile > > /etc/puppet/modules/iptables/COPYING > > /etc/puppet/modules/iptables/lib > > /etc/puppet/modules/iptables/lib/puppet > > /etc/puppet/modules/iptables/lib/puppet/test > > /etc/puppet/modules/iptables/lib/puppet/test/iptables.rb > > /etc/puppet/modules/iptables/lib/puppet/type > > /etc/puppet/modules/iptables/lib/puppet/type/iptables.rb > > /etc/puppet/modules/iptables/tests > > ... > > /etc/puppet/modules/iptables/Modulefile > > /etc/puppet/modules/iptables/README.rst > > # > > > Correct this and try again. > > > ken. > > > On Tuesday, December 14, 2010 11:43:31 PM UTC, Dmytro Bablinyuk wrote: > > > > Thank you Ken, > > > > I have downloaded 1.2.0 iptables as you suggested. > > > > I copied ruby script > > > root@puppet-master:/etc/puppet/modules/type# ls -l > > > total 32 > > > -rw-rw-r-- 1 root root 31539 2010-10-30 03:37 iptables.rb > > > > Looks like I don''t have other plugins, iptables is the only puppet > > > plugin I have > > > > root@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib > > > type > > > root@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib/ > > > type/ > > > iptables.rb > > > > I have this error every time I try to access iptable type > > > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > > > info: Retrieving plugin > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not > > > retrieve information from source(s) puppet://puppet/plugins > > > err: Could not retrieve catalog from remote server: Error 400 on > > > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: > > > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on > > > node puppet-client-ubuntu.harbour > > > warning: Not using cache on failed catalog > > > err: Could not retrieve catalog; skipping run > > > > Thank you very much for your help > > > Dmytro > > > > On Dec 15, 10:03 am, Ken Barber <k...@bob.sh> wrote: > > > > Hi Dmytro, > > > > > So looking at what you have posted .... I can see a couple of things that > > > > > trouble me: > > > > > .. > > > > info: Retrieving plugin > > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve > > > > information from source(s) puppet://puppet/plugins > > > > .. > > > > > Is this error always occurring? Are you able to synchronise Ruby plugins > > > at > > > > all? You can check by looking at /var/lib/puppet/lib to see if anything > > > else > > > > lives there. It just looks like generally your clients aren''t > > > synchronising > > > > plugins at all - but I could be wrong :-). > > > > > Also the sync location doesn''t look right to me on your puppetmaster ... > > > you > > > > show: > > > > > ... > > > > root@puppet-master:/var/lib/puppet/lib/type# ls -l > > > > total 28 > > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > > > > ... > > > > > But it should have sync''d here: > > > > > .. > > > > root@puppet-master:/var/lib/puppet/lib/type# ls -l > > > > total 28 > > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > > > > .. > > > > > Did it actually synchronise on its own (ie. after running puppet) like > > > this > > > > on your puppetmaster? Did you deploy the entire module into a path like > > > > /etc/puppet/modules/iptables? > > > > > Oh btw. I''m not entirely sure the camptocamp revision is 2.6.x > > > compatible. > > > > > Try the revision here: > > > > >https://github.com/bobsh/puppet-iptables/tree/1.2.0 > > > > > <https://github.com/bobsh/puppet-iptables/tree/1.2.0>ken. > > > > > On Tuesday, December 14, 2010 10:35:18 PM UTC, Dmytro Bablinyuk wrote: > > > > > > I have downloaded and deployed puppet-iptables (I have puppet 2.6.4) > > > > > > On both client and master config looks like this > > > > > > [main] > > > > > logdir=/var/log/puppet > > > > > vardir=/var/lib/puppet > > > > > ssldir=/var/lib/puppet/ssl > > > > > rundir=/var/run/puppet > > > > > libdir=/var/lib/puppet/lib > > > > > factpath=$vardir/lib/facter > > > > > pluginsync=true > > > > > plugindest=/var/lib/puppet/lib > > > > > templatedir=$confdir/templates > > > > > prerun_command=/etc/puppet/etckeeper-commit-pre > > > > > postrun_command=/etc/puppet/etckeeper-commit-post > > > > > modulepath=/etc/puppet/modules > > > > > > I have deployed iptables.rb > > > > > > root@puppet-master:/var/lib/puppet/lib/type# ls -l > > > > > total 28 > > > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > > > > > > When I connect client to test a simple iptables action I have a error, > > > > > obviously I have deployed iptables in the wrong place or failed to > > > > > register somewhere. > > > > > > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > > > > > info: Retrieving plugin > > > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not > > > > > retrieve information from source(s) puppet://puppet/plugins > > > > > err: Could not retrieve catalog from remote server: Error 400 on > > > > > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: > > > > > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on > > > > > node puppet-client-ubuntu.harbour > > > > > warning: Not using cache on failed catalog > > > > > err: Could not retrieve catalog; skipping run > > > > > > I tried to move type folder around but still no luck > > > > > > Can anybody advise on this? > > > > > > Thank you very much! > > > > > Dmytro-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I have found what the problem was
I have now
iptables {"-2-":
table => "nat",
chain => "POSTROUTING",
proto => "udp",
destination => "172.17.7.118",
dport => "53",
jump => "MASQUERADE"
}
It was quietly doing nothing if I remove "" from destination IP
address.
On Dec 15, 1:12 pm, Dmytro Bablinyuk <bablin...@gmail.com>
wrote:> A quick question,
>
> If I run puppet more than one time it seems does not do anything, even
> if I change manifest file.
>
> root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> info: Retrieving plugin
> info: Caching catalog for puppet-client-ubuntu
> info: Applying configuration version ''1292378428''
> notice: Finished catalog run in 0.02 seconds
>
> It looks like it retrieves the catalog but does not apply it.
> How do I make puppet execute manifest?
>
> Thank you
> Dmytro
>
> On Dec 15, 11:18 am, Dmytro Bablinyuk <bablin...@gmail.com> wrote:
>
> > You are life saver Ken!
>
> > It''s working
>
> > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> > info: Retrieving plugin
> > notice: /File[/var/lib/puppet/lib/puppet]/ensure: created
> > notice: /File[/var/lib/puppet/lib/puppet/test]/ensure: created
> > notice: /File[/var/lib/puppet/lib/puppet/test/iptables.rb]/ensure:
> > defined content as
''{md5}b079e461bf96bd1194fb72abb8802515''
> > notice: /File[/var/lib/puppet/lib/puppet/type]/ensure: created
> > notice: /File[/var/lib/puppet/lib/puppet/type/iptables.rb]/ensure:
> > defined content as
''{md5}66481c7e3fb362d3448509e1e7f7fb35''
> > info: Loading downloaded plugin /var/lib/puppet/lib/puppet/test/
> > iptables.rb
> > err: Could not load downloaded file /var/lib/puppet/lib/puppet/test/
> > iptables.rb: no such file to load -- puppettest
> > info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/
> > iptables.rb
>
> > root@puppet-client-ubuntu:~# iptables -S
> > -P INPUT ACCEPT
> > -P FORWARD ACCEPT
> > -P OUTPUT ACCEPT
> > -A INPUT -p tcp -m tcp --dport 80 -m comment --comment "my
iptables
> > rule" -j DROP
>
> > On Dec 15, 10:56 am, Ken Barber <k...@bob.sh> wrote:
>
> > > Hi Dmytro,
>
> > > Your methodology for installing modules isn''t quite
right :-).
>
> > > Instead of trying to extract the iptables.rb file yourself you
want to do
> > > something like:
>
> > > cd /etc/puppet/modules
> > > git clone git://github.com/bobsh/puppet-iptables.git iptables
>
> > > Which will give you a layout something like:
>
> > > # find /etc/puppet/modules/iptables
> > > /etc/puppet/modules/iptables
> > > /etc/puppet/modules/iptables/Rakefile
> > > /etc/puppet/modules/iptables/COPYING
> > > /etc/puppet/modules/iptables/lib
> > > /etc/puppet/modules/iptables/lib/puppet
> > > /etc/puppet/modules/iptables/lib/puppet/test
> > > /etc/puppet/modules/iptables/lib/puppet/test/iptables.rb
> > > /etc/puppet/modules/iptables/lib/puppet/type
> > > /etc/puppet/modules/iptables/lib/puppet/type/iptables.rb
> > > /etc/puppet/modules/iptables/tests
> > > ...
> > > /etc/puppet/modules/iptables/Modulefile
> > > /etc/puppet/modules/iptables/README.rst
> > > #
>
> > > Correct this and try again.
>
> > > ken.
>
> > > On Tuesday, December 14, 2010 11:43:31 PM UTC, Dmytro Bablinyuk
wrote:
>
> > > > Thank you Ken,
>
> > > > I have downloaded 1.2.0 iptables as you suggested.
>
> > > > I copied ruby script
> > > > root@puppet-master:/etc/puppet/modules/type# ls -l
> > > > total 32
> > > > -rw-rw-r-- 1 root root 31539 2010-10-30 03:37 iptables.rb
>
> > > > Looks like I don''t have other plugins, iptables is
the only puppet
> > > > plugin I have
>
> > > > root@puppet-master:/etc/puppet/modules/type# ls
/var/lib/puppet/lib
> > > > type
> > > > root@puppet-master:/etc/puppet/modules/type# ls
/var/lib/puppet/lib/
> > > > type/
> > > > iptables.rb
>
> > > > I have this error every time I try to access iptable type
> > > > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> > > > info: Retrieving plugin
> > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could
not
> > > > retrieve information from source(s) puppet://puppet/plugins
> > > > err: Could not retrieve catalog from remote server: Error
400 on
> > > > SERVER: Puppet::Parser::AST::Resource failed with error
ArgumentError:
> > > > Invalid resource type iptables at
/etc/puppet/manifests/site.pp:10 on
> > > > node puppet-client-ubuntu.harbour
> > > > warning: Not using cache on failed catalog
> > > > err: Could not retrieve catalog; skipping run
>
> > > > Thank you very much for your help
> > > > Dmytro
>
> > > > On Dec 15, 10:03 am, Ken Barber <k...@bob.sh> wrote:
> > > > > Hi Dmytro,
>
> > > > > So looking at what you have posted .... I can see a
couple of things that
>
> > > > > trouble me:
>
> > > > > ..
> > > > > info: Retrieving plugin
> > > > > err: /File[/var/lib/puppet/lib]: Could not evaluate:
Could not retrieve
> > > > > information from source(s) puppet://puppet/plugins
> > > > > ..
>
> > > > > Is this error always occurring? Are you able to
synchronise Ruby plugins
> > > > at
> > > > > all? You can check by looking at /var/lib/puppet/lib to
see if anything
> > > > else
> > > > > lives there. It just looks like generally your clients
aren''t
> > > > synchronising
> > > > > plugins at all - but I could be wrong :-).
>
> > > > > Also the sync location doesn''t look right to
me on your puppetmaster ...
> > > > you
> > > > > show:
>
> > > > > ...
> > > > > root@puppet-master:/var/lib/puppet/lib/type# ls -l
> > > > > total 28
> > > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14
iptables.rb
> > > > > ...
>
> > > > > But it should have sync''d here:
>
> > > > > ..
> > > > > root@puppet-master:/var/lib/puppet/lib/type# ls -l
> > > > > total 28
> > > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14
iptables.rb
> > > > > ..
>
> > > > > Did it actually synchronise on its own (ie. after
running puppet) like
> > > > this
> > > > > on your puppetmaster? Did you deploy the entire module
into a path like
> > > > > /etc/puppet/modules/iptables?
>
> > > > > Oh btw. I''m not entirely sure the camptocamp
revision is 2.6.x
> > > > compatible.
>
> > > > > Try the revision here:
>
> > > > >https://github.com/bobsh/puppet-iptables/tree/1.2.0
>
> > > > >
<https://github.com/bobsh/puppet-iptables/tree/1.2.0>ken.
>
> > > > > On Tuesday, December 14, 2010 10:35:18 PM UTC, Dmytro
Bablinyuk wrote:
>
> > > > > > I have downloaded and deployed puppet-iptables (I
have puppet 2.6.4)
>
> > > > > > On both client and master config looks like this
>
> > > > > > [main]
> > > > > > logdir=/var/log/puppet
> > > > > > vardir=/var/lib/puppet
> > > > > > ssldir=/var/lib/puppet/ssl
> > > > > > rundir=/var/run/puppet
> > > > > > libdir=/var/lib/puppet/lib
> > > > > > factpath=$vardir/lib/facter
> > > > > > pluginsync=true
> > > > > > plugindest=/var/lib/puppet/lib
> > > > > > templatedir=$confdir/templates
> > > > > > prerun_command=/etc/puppet/etckeeper-commit-pre
> > > > > > postrun_command=/etc/puppet/etckeeper-commit-post
> > > > > > modulepath=/etc/puppet/modules
>
> > > > > > I have deployed iptables.rb
>
> > > > > > root@puppet-master:/var/lib/puppet/lib/type# ls -l
> > > > > > total 28
> > > > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14
iptables.rb
>
> > > > > > When I connect client to test a simple iptables
action I have a error,
> > > > > > obviously I have deployed iptables in the wrong
place or failed to
> > > > > > register somewhere.
>
> > > > > > root@puppet-client-ubuntu:~# puppetd --waitforcert
60 --test
> > > > > > info: Retrieving plugin
> > > > > > err: /File[/var/lib/puppet/lib]: Could not
evaluate: Could not
> > > > > > retrieve information from source(s)
puppet://puppet/plugins
> > > > > > err: Could not retrieve catalog from remote
server: Error 400 on
> > > > > > SERVER: Puppet::Parser::AST::Resource failed with
error ArgumentError:
> > > > > > Invalid resource type iptables at
/etc/puppet/manifests/site.pp:10 on
> > > > > > node puppet-client-ubuntu.harbour
> > > > > > warning: Not using cache on failed catalog
> > > > > > err: Could not retrieve catalog; skipping run
>
> > > > > > I tried to move type folder around but still no
luck
>
> > > > > > Can anybody advise on this?
>
> > > > > > Thank you very much!
> > > > > > Dmytro
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
A quick question, I have modified iptables.rb to include some custom "jump" values. I have restarted puppetmasterd, but client still sees old "jump" values How do I make iptables.rb to recompile? Thank you Dmytro On Dec 15, 3:31 pm, Dmytro Bablinyuk <bablin...@gmail.com> wrote:> I have found what the problem was > > I have now > > iptables {"-2-": > table => "nat", > chain => "POSTROUTING", > proto => "udp", > destination => "172.17.7.118", > dport => "53", > jump => "MASQUERADE" > > } > > It was quietly doing nothing if I remove "" from destination IP > address. > > On Dec 15, 1:12 pm, Dmytro Bablinyuk <bablin...@gmail.com> wrote: > > > A quick question, > > > If I run puppet more than one time it seems does not do anything, even > > if I change manifest file. > > > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > > info: Retrieving plugin > > info: Caching catalog for puppet-client-ubuntu > > info: Applying configuration version ''1292378428'' > > notice: Finished catalog run in 0.02 seconds > > > It looks like it retrieves the catalog but does not apply it. > > How do I make puppet execute manifest? > > > Thank you > > Dmytro > > > On Dec 15, 11:18 am, Dmytro Bablinyuk <bablin...@gmail.com> wrote: > > > > You are life saver Ken! > > > > It''s working > > > > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > > > info: Retrieving plugin > > > notice: /File[/var/lib/puppet/lib/puppet]/ensure: created > > > notice: /File[/var/lib/puppet/lib/puppet/test]/ensure: created > > > notice: /File[/var/lib/puppet/lib/puppet/test/iptables.rb]/ensure: > > > defined content as ''{md5}b079e461bf96bd1194fb72abb8802515'' > > > notice: /File[/var/lib/puppet/lib/puppet/type]/ensure: created > > > notice: /File[/var/lib/puppet/lib/puppet/type/iptables.rb]/ensure: > > > defined content as ''{md5}66481c7e3fb362d3448509e1e7f7fb35'' > > > info: Loading downloaded plugin /var/lib/puppet/lib/puppet/test/ > > > iptables.rb > > > err: Could not load downloaded file /var/lib/puppet/lib/puppet/test/ > > > iptables.rb: no such file to load -- puppettest > > > info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/ > > > iptables.rb > > > > root@puppet-client-ubuntu:~# iptables -S > > > -P INPUT ACCEPT > > > -P FORWARD ACCEPT > > > -P OUTPUT ACCEPT > > > -A INPUT -p tcp -m tcp --dport 80 -m comment --comment "my iptables > > > rule" -j DROP > > > > On Dec 15, 10:56 am, Ken Barber <k...@bob.sh> wrote: > > > > > Hi Dmytro, > > > > > Your methodology for installing modules isn''t quite right :-). > > > > > Instead of trying to extract the iptables.rb file yourself you want to do > > > > something like: > > > > > cd /etc/puppet/modules > > > > git clone git://github.com/bobsh/puppet-iptables.git iptables > > > > > Which will give you a layout something like: > > > > > # find /etc/puppet/modules/iptables > > > > /etc/puppet/modules/iptables > > > > /etc/puppet/modules/iptables/Rakefile > > > > /etc/puppet/modules/iptables/COPYING > > > > /etc/puppet/modules/iptables/lib > > > > /etc/puppet/modules/iptables/lib/puppet > > > > /etc/puppet/modules/iptables/lib/puppet/test > > > > /etc/puppet/modules/iptables/lib/puppet/test/iptables.rb > > > > /etc/puppet/modules/iptables/lib/puppet/type > > > > /etc/puppet/modules/iptables/lib/puppet/type/iptables.rb > > > > /etc/puppet/modules/iptables/tests > > > > ... > > > > /etc/puppet/modules/iptables/Modulefile > > > > /etc/puppet/modules/iptables/README.rst > > > > # > > > > > Correct this and try again. > > > > > ken. > > > > > On Tuesday, December 14, 2010 11:43:31 PM UTC, Dmytro Bablinyuk wrote: > > > > > > Thank you Ken, > > > > > > I have downloaded 1.2.0 iptables as you suggested. > > > > > > I copied ruby script > > > > > root@puppet-master:/etc/puppet/modules/type# ls -l > > > > > total 32 > > > > > -rw-rw-r-- 1 root root 31539 2010-10-30 03:37 iptables.rb > > > > > > Looks like I don''t have other plugins, iptables is the only puppet > > > > > plugin I have > > > > > > root@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib > > > > > type > > > > > root@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib/ > > > > > type/ > > > > > iptables.rb > > > > > > I have this error every time I try to access iptable type > > > > > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > > > > > info: Retrieving plugin > > > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not > > > > > retrieve information from source(s) puppet://puppet/plugins > > > > > err: Could not retrieve catalog from remote server: Error 400 on > > > > > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: > > > > > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on > > > > > node puppet-client-ubuntu.harbour > > > > > warning: Not using cache on failed catalog > > > > > err: Could not retrieve catalog; skipping run > > > > > > Thank you very much for your help > > > > > Dmytro > > > > > > On Dec 15, 10:03 am, Ken Barber <k...@bob.sh> wrote: > > > > > > Hi Dmytro, > > > > > > > So looking at what you have posted .... I can see a couple of things that > > > > > > > trouble me: > > > > > > > .. > > > > > > info: Retrieving plugin > > > > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve > > > > > > information from source(s) puppet://puppet/plugins > > > > > > .. > > > > > > > Is this error always occurring? Are you able to synchronise Ruby plugins > > > > > at > > > > > > all? You can check by looking at /var/lib/puppet/lib to see if anything > > > > > else > > > > > > lives there. It just looks like generally your clients aren''t > > > > > synchronising > > > > > > plugins at all - but I could be wrong :-). > > > > > > > Also the sync location doesn''t look right to me on your puppetmaster ... > > > > > you > > > > > > show: > > > > > > > ... > > > > > > root@puppet-master:/var/lib/puppet/lib/type# ls -l > > > > > > total 28 > > > > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > > > > > > ... > > > > > > > But it should have sync''d here: > > > > > > > .. > > > > > > root@puppet-master:/var/lib/puppet/lib/type# ls -l > > > > > > total 28 > > > > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > > > > > > .. > > > > > > > Did it actually synchronise on its own (ie. after running puppet) like > > > > > this > > > > > > on your puppetmaster? Did you deploy the entire module into a path like > > > > > > /etc/puppet/modules/iptables? > > > > > > > Oh btw. I''m not entirely sure the camptocamp revision is 2.6.x > > > > > compatible. > > > > > > > Try the revision here: > > > > > > >https://github.com/bobsh/puppet-iptables/tree/1.2.0 > > > > > > > <https://github.com/bobsh/puppet-iptables/tree/1.2.0>ken. > > > > > > > On Tuesday, December 14, 2010 10:35:18 PM UTC, Dmytro Bablinyuk wrote: > > > > > > > > I have downloaded and deployed puppet-iptables (I have puppet 2.6.4) > > > > > > > > On both client and master config looks like this > > > > > > > > [main] > > > > > > > logdir=/var/log/puppet > > > > > > > vardir=/var/lib/puppet > > > > > > > ssldir=/var/lib/puppet/ssl > > > > > > > rundir=/var/run/puppet > > > > > > > libdir=/var/lib/puppet/lib > > > > > > > factpath=$vardir/lib/facter > > > > > > > pluginsync=true > > > > > > > plugindest=/var/lib/puppet/lib > > > > > > > templatedir=$confdir/templates > > > > > > > prerun_command=/etc/puppet/etckeeper-commit-pre > > > > > > > postrun_command=/etc/puppet/etckeeper-commit-post > > > > > > > modulepath=/etc/puppet/modules > > > > > > > > I have deployed iptables.rb > > > > > > > > root@puppet-master:/var/lib/puppet/lib/type# ls -l > > > > > > > total 28 > > > > > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > > > > > > > > When I connect client to test a simple iptables action I have a error, > > > > > > > obviously I have deployed iptables in the wrong place or failed to > > > > > > > register somewhere. > > > > > > > > root@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > > > > > > > info: Retrieving plugin > > > > > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not > > > > > > > retrieve information from source(s) puppet://puppet/plugins > > > > > > > err: Could not retrieve catalog from remote server: Error 400 on > > > > > > > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: > > > > > > > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on > > > > > > > node puppet-client-ubuntu.harbour > > > > > > > warning: Not using cache on failed catalog > > > > > > > err: Could not retrieve catalog; skipping run > > > > > > > > I tried to move type folder around but still no luck > > > > > > > > Can anybody advise on this? > > > > > > > > Thank you very much! > > > > > > > Dmytro-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Stefan Schulte
2010-Dec-15 06:26 UTC
Re: [Puppet Users] Re: Configure firewall with Puppet
On Tue, Dec 14, 2010 at 09:19:36PM -0800, Dmytro Bablinyuk wrote:> A quick question, I have modified iptables.rb to include some custom > "jump" values. I have restarted puppetmasterd, but client still sees > old "jump" values > How do I make iptables.rb to recompile?iptabes.rb doesnt need a recompile because rubycode is interpreted. But when you change the file on your master you have to sync it to your clients /var/lib/puppet/lib/puppet/type/iptables.rb and that can be done with "pluginsync = true" in your [agent] section on your client in /etc/puppet/puppet.conf or if you specify --pluginsync on the commandline when you start the agent. -Stefan
Possibly Parallel Threads
- Hostname was not match with the server certificate
- Regarding the error Could not retrieve catalog from remote server:
- failed to retrieve certificate on Amazon EC2
- puppet bug in File selector ?
- 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca