I''ve written a defined type for firewall rules, to abstract it out from
the OS, like so:
define firewall ($source, $port, $proto) {
case $operatingsystem {
/Centos|Fedora|Scientific|Debian/: {
iptables { $title:
proto => $proto,
dport => $port,
source => $source,
jump => "ACCEPT",
}
}
/Ubuntu/: {
ufw::allow { $title:
port => $port,
from => $source,
proto => $proto,
}
}
}
}
But when I try to call upon this resource, like this:
firewall { ''test-rule'':
source => ''123.123.123.123'',
port => ''12345'',
proto => ''udp'',
}
The puppet agent throws this error:
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError:
Invalid resource type firewallrule at /etc/puppet/manifests/nodes.pp:74
It seems that my "define" isn''t working, but the puppet
master log
doesn''t reveal any more detail than the agent.
Any ideas what''s up?
Thanks,
Jonathan
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
On 11/14/2012 9:30 AM, Jonathan Gazeley wrote:> I''ve written a defined type for firewall rules, to abstract it out from > the OS, like so: > > define firewall ($source, $port, $proto) { > case $operatingsystem { > /Centos|Fedora|Scientific|Debian/: { > iptables { $title: > proto => $proto, > dport => $port, > source => $source, > jump => "ACCEPT", > } > } > /Ubuntu/: { > ufw::allow { $title: > port => $port, > from => $source, > proto => $proto, > } > } > } > } > > > But when I try to call upon this resource, like this: > > firewall { ''test-rule'': > source => ''123.123.123.123'', > port => ''12345'', > proto => ''udp'', > } > > > The puppet agent throws this error: > > Error: Could not retrieve catalog from remote server: Error 400 on > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: > Invalid resource type firewallrule at /etc/puppet/manifests/nodes.pp:74 > > It seems that my "define" isn''t working, but the puppet master log > doesn''t reveal any more detail than the agent. > > Any ideas what''s up?Puppet can have problems showing you the error depending on where it is. "Invalid resource type firewallrule" makes me think it''s in one of the defines further along the chain. I''d try the iptable or ufw define your firewall define is creating directly on the node in question and make sure that works. Ramin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Where are you including the define from? Is it in it''s own file in a module? or it it in site.pp or somesuch global file? If it''s in it''s own module the file will need to be called the same as the define. From what the error is telling me it is trying to fine a define called firewallrule but your define is actually called firewall... My guess is you named the file is called firewallrule.pp. You will need to call the define and the file the same thing for the automagical including puppet does to actually work properly. On 15 November 2012 03:30, Jonathan Gazeley <jonathan.gazeley@bristol.ac.uk>wrote:> I''ve written a defined type for firewall rules, to abstract it out from > the OS, like so: > > define firewall ($source, $port, $proto) { > case $operatingsystem { > /Centos|Fedora|Scientific|**Debian/: { > iptables { $title: > proto => $proto, > dport => $port, > source => $source, > jump => "ACCEPT", > } > } > /Ubuntu/: { > ufw::allow { $title: > port => $port, > from => $source, > proto => $proto, > } > } > } > } > > > But when I try to call upon this resource, like this: > > firewall { ''test-rule'': > source => ''123.123.123.123'', > port => ''12345'', > proto => ''udp'', > } > > > The puppet agent throws this error: > > Error: Could not retrieve catalog from remote server: Error 400 on SERVER: > Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid > resource type firewallrule at /etc/puppet/manifests/nodes.**pp:74 > > It seems that my "define" isn''t working, but the puppet master log doesn''t > reveal any more detail than the agent. > > Any ideas what''s up? > > Thanks, > Jonathan > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@** > googlegroups.com <puppet-users%2Bunsubscribe@googlegroups.com>. > For more options, visit this group at http://groups.google.com/** > group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en> > . > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 14/11/12 20:44, Peter Brown wrote:> > From what the error is telling me it is trying to fine a define called > firewallrule but your define is actually called firewall...Sorry, my mistake. The file that contains the define is called firewall.pp, the define is called firewall and the way I am calling is called firewall. The error message I pasted was from an experiment renaming everything to firewallrule because I wondered if firewall was a reserved word. The issue stands - with no mention of firewallrule I still get the same problem. Jonathan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 15.11.2012 10:44, Jonathan Gazeley wrote:> On 14/11/12 20:44, Peter Brown wrote: >> >> From what the error is telling me it is trying to fine a define called >> firewallrule but your define is actually called firewall... > > Sorry, my mistake. The file that contains the define is called > firewall.pp, the define is called firewall and the way I am calling is > called firewall. The error message I pasted was from an experiment > renaming everything to firewallrule because I wondered if firewall was a > reserved word. > > The issue stands - with no mention of firewallrule I still get the same > problem.Please answer the other questions from Peter''s mail:> Where are you including the define from? > Is it in it''s own file in a module? or it it in site.pp or somesuch global file? > If it''s in it''s own module the file will need to be called the same as the define. >Especially if it is in a module, it will have to be called modulename::firewall. Or, if the module is called firewall, you might be able to put the firewall define into the init.pp and have it loaded from there. This works fine with classes, I''ve not tried that with defines yet. Best Regards, David -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 15/11/12 11:11, David Schmitt wrote:> On 15.11.2012 10:44, Jonathan Gazeley wrote: >> On 14/11/12 20:44, Peter Brown wrote: >>> >>> From what the error is telling me it is trying to fine a define called >>> firewallrule but your define is actually called firewall... >> >> Sorry, my mistake. The file that contains the define is called >> firewall.pp, the define is called firewall and the way I am calling is >> called firewall. The error message I pasted was from an experiment >> renaming everything to firewallrule because I wondered if firewall was a >> reserved word. >> >> The issue stands - with no mention of firewallrule I still get the same >> problem. > > Please answer the other questions from Peter''s mail: > > >> Where are you including the define from? >> Is it in it''s own file in a module? or it it in site.pp or somesuch >> global file? >> If it''s in it''s own module the file will need to be called the same as >> the define. >> > > > Especially if it is in a module, it will have to be called > modulename::firewall. > > > Or, if the module is called firewall, you might be able to put the > firewall define into the init.pp and have it loaded from there. This > works fine with classes, I''ve not tried that with defines yet.Thanks David. The module is called "firewall" and the class "firewall" appears in init.pp. The define "firewall" simply appears within the class "firewall". # init.pp class firewall { define firewall($source, $port, $proto) { case $operatingsystem { /Centos|Fedora|Scientific|Debian/: { iptables { $title: proto => $proto, dport => $port, source => $source, jump => "ACCEPT", } } /Ubuntu/: { ufw::allow { $title: port => $port, from => $source, proto => $proto, } } } } } I''m a little bit confused on how classes, modules defines and filenames fit together. Thanks, Jonathan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Nov 15, 2012 9:20 PM, "Jonathan Gazeley" <jonathan.gazeley@bristol.ac.uk> wrote:> > On 15/11/12 11:11, David Schmitt wrote: >> >> On 15.11.2012 10:44, Jonathan Gazeley wrote: >>> >>> On 14/11/12 20:44, Peter Brown wrote: >>>> >>>> >>>> From what the error is telling me it is trying to fine a define called >>>> firewallrule but your define is actually called firewall... >>> >>> >>> Sorry, my mistake. The file that contains the define is called >>> firewall.pp, the define is called firewall and the way I am calling is >>> called firewall. The error message I pasted was from an experiment >>> renaming everything to firewallrule because I wondered if firewall was a >>> reserved word. >>> >>> The issue stands - with no mention of firewallrule I still get the same >>> problem. >> >> >> Please answer the other questions from Peter''s mail: >> >> >>> Where are you including the define from? >>> Is it in it''s own file in a module? or it it in site.pp or somesuch >>> global file? >>> If it''s in it''s own module the file will need to be called the same as >>> the define. >>> >> >> >> Especially if it is in a module, it will have to be called >> modulename::firewall. >> >> >> Or, if the module is called firewall, you might be able to put the >> firewall define into the init.pp and have it loaded from there. This >> works fine with classes, I''ve not tried that with defines yet. > > > Thanks David. The module is called "firewall" and the class "firewall"appears in init.pp. The define "firewall" simply appears within the class "firewall".> > # init.pp > class firewall { > define firewall($source, $port, $proto) { > > case $operatingsystem { > /Centos|Fedora|Scientific|Debian/: { > iptables { $title: > proto => $proto, > dport => $port, > source => $source, > jump => "ACCEPT", > } > } > /Ubuntu/: { > ufw::allow { $title: > port => $port, > from => $source, > proto => $proto, > } > } > } > } > } > > I''m a little bit confused on how classes, modules defines and filenamesfit together. Yeah there is your problem. Like david mentioned if the define is in a module you will need to call it via firewall::firewall.> > Thanks, > Jonathan > > > -- > You received this message because you are subscribed to the Google Groups"Puppet Users" group.> To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email topuppet-users+unsubscribe@googlegroups.com.> For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.>-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
> > Thanks David. The module is called "firewall" and the class > "firewall" appears in init.pp. The define "firewall" simply appears > within the class "firewall". > > > > # init.pp > > class firewall { > > define firewall($source, $port, $proto) {> > I''m a little bit confused on how classes, modules defines and > filenames fit together. > > Yeah there is your problem. > Like david mentioned if the define is in a module you will need to call > it via firewall::firewall.... and you do not need to wrap it in a class. The basic rules are very simple: * X goes to init.pp in the X module * Everything within module X is called X::Y * Something called X::Y goes into Y.pp (X::Y::Z goes to Y/Z.pp) * Every file contains exactly one class or define There are some exceptions and other ways to do it, but usually this suffices. Best Regards, David -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.