Michael Smith
2012-Jun-11 19:49 UTC
[Puppet Users] Contributing pieces of a global value from multiple places
Hi,
I''m using Puppet to configure SuSEfirewall2. I have a class that lets
me
set a list of ports to open in a variable in
/etc/sysconfig/SuSEfirewall2. It''s just a wrapper around an Augeas
resource.
How can I make it so multiple classes can contribute a list of ports to
my firewall class? For example:
class class1 {
firewall::tcp { ''123'': }
}
class class2 {
firewall::tcp { ''456'': }
}
# this would result in ports 123 and 456 being open
# (FW_SERVICES_EXT_TCP="123 456" in the firewall config file)
include class1
include class2
I think I need a way to append 123 and 456 to some kind of global
variable so my firewall class can pass the variable to an Augeas
resource. Is something like this possible?
Thanks,
Mike
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Felix Frank
2012-Jun-12 10:31 UTC
Re: [Puppet Users] Contributing pieces of a global value from multiple places
Hi, On 06/11/2012 09:49 PM, Michael Smith wrote:> Hi, > > I''m using Puppet to configure SuSEfirewall2. I have a class that lets me > set a list of ports to open in a variable in > /etc/sysconfig/SuSEfirewall2. It''s just a wrapper around an Augeas > resource. > > How can I make it so multiple classes can contribute a list of ports to > my firewall class? For example: > > class class1 { > firewall::tcp { ''123'': } > } > > class class2 { > firewall::tcp { ''456'': } > } > > # this would result in ports 123 and 456 being open > # (FW_SERVICES_EXT_TCP="123 456" in the firewall config file) > include class1 > include class2 > > I think I need a way to append 123 and 456 to some kind of global > variable so my firewall class can pass the variable to an Augeas > resource. Is something like this possible?Yes, but I know of no way that doesn''t include resorting to some pretty evil hacks. The modern approach would be to use hiera (or extlookup if you''re more oldfashioned) and devise a model that can derive the full list of ports from the information you supply about the node in question. HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jcbollinger
2012-Jun-12 12:59 UTC
[Puppet Users] Re: Contributing pieces of a global value from multiple places
On Jun 11, 2:49 pm, Michael Smith <msm...@cbnco.com> wrote:> Hi, > > I''m using Puppet to configure SuSEfirewall2. I have a class that lets me > set a list of ports to open in a variable in > /etc/sysconfig/SuSEfirewall2. It''s just a wrapper around an Augeas resource. > > How can I make it so multiple classes can contribute a list of ports to > my firewall class? For example: > > class class1 { > firewall::tcp { ''123'': } > > } > > class class2 { > firewall::tcp { ''456'': } > > } > > # this would result in ports 123 and 456 being open > # (FW_SERVICES_EXT_TCP="123 456" in the firewall config file) > include class1 > include class2 > > I think I need a way to append 123 and 456 to some kind of global > variable so my firewall class can pass the variable to an Augeas > resource. Is something like this possible?What Felix said, especially about hiera. Moreover, if you use hiera''s Puppet backend (whose purpose is to load data from Puppet variables), you might be able to make it work very similarly to the way you described. On the other hand, I think Felix was going more for constructing your port list via the structure of the external data, and that might be the easiest way. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Michael Knox
2012-Jun-13 08:33 UTC
Re: [Puppet Users] Contributing pieces of a global value from multiple places
Hi,
I use an augeas resource that manages the FW_CONFIGURATIONS_$zone entry in
etc/sysconfig/SuSEfirewall2.
augeas {"fwservice_${svc}-$zone":
context => "/files/etc/sysconfig/SuSEfirewall2",
onlyif => "match
FW_CONFIGURATIONS_$zone/value[.=''$svc''] size == 0",
changes => [
"set
FW_CONFIGURATIONS_$zone/value[.=''$svc''] $svc",
],
load_path => "$augeas::params::lense_path",
require => Augeas::Lense[''shellvars_list.aug''],
notify => Service["firewall"],
}
Each service adds a config file to /etc/sysconfig/SuSEfirewall2.d/services/
For example, in svn (the svn pkg supplies it own services file) …
firewall::service{"svnserve":
allow => true,
require => Package["${svn::params::svn_apache_pkg}"],
}
Cheers
On 12/06/2012, at 5:49 AM, Michael Smith wrote:
> Hi,
>
> I''m using Puppet to configure SuSEfirewall2. I have a class that
lets me set a list of ports to open in a variable in
/etc/sysconfig/SuSEfirewall2. It''s just a wrapper around an Augeas
resource.
>
> How can I make it so multiple classes can contribute a list of ports to my
firewall class? For example:
>
> class class1 {
> firewall::tcp { ''123'': }
> }
>
> class class2 {
> firewall::tcp { ''456'': }
> }
>
> # this would result in ports 123 and 456 being open
> # (FW_SERVICES_EXT_TCP="123 456" in the firewall config file)
> include class1
> include class2
>
> I think I need a way to append 123 and 456 to some kind of global variable
so my firewall class can pass the variable to an Augeas resource. Is something
like this possible?
>
> Thanks,
> Mike
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Michael Smith
2012-Jun-14 00:43 UTC
Re: [Puppet Users] Contributing pieces of a global value from multiple places
On 6/13/2012 4:33 AM, Michael Knox wrote:> Hi, > I use an augeas resource that manages the FW_CONFIGURATIONS_$zone entry in etc/sysconfig/SuSEfirewall2. > > augeas {"fwservice_${svc}-$zone": > context => "/files/etc/sysconfig/SuSEfirewall2", > onlyif => "match FW_CONFIGURATIONS_$zone/value[.=''$svc''] size == 0", > changes => [ > "set FW_CONFIGURATIONS_$zone/value[.=''$svc''] $svc", > ], > load_path => "$augeas::params::lense_path", > require => Augeas::Lense[''shellvars_list.aug''], > notify => Service["firewall"], > }This is perfect. Thanks! Mike -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.