Puppet users - Nov 2012 - new user - understanding arrays as variables in defined types

Lets say I wanted to make a declared type for adding custom firewall rules 
on a per-node basis.


define myfirewall::accept($proto, $port, $sources=[]) {
  include defaultfirewall

  $sources.each do |source|
    
    firewall { "100 allow $proto $port for $source":
      proto  => $proto,
      dport => $dport,
      source => $source,
      action   => ''accept'',
    }

  end
}

I could use it something like this:

node "mynode" {
  myfirewall:: accept { "http": 
    proto => ''tcp'',
    port   => ''80'',
    sources => [''1.1.1.1'',''2.2.2.2'']
  }
}


Is there any way to do something like this with puppet?  I''m new to
this
and quite confused.


-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/gFwX7nk-gbwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tuesday, November 20, 2012 3:51:07 PM UTC-5, Dusty Doris
wrote:
>
> Lets say I wanted to make a declared type for adding custom firewall rules 
> on a per-node basis.
>
>
> define myfirewall::accept($proto, $port, $sources=[]) {
>   include defaultfirewall
>
>   $sources.each do |source|
>     
>     firewall { "100 allow $proto $port for $source":
>       proto  => $proto,
>       dport => $dport,
>       source => $source,
>       action   => ''accept'',
>     }
>
>   end
> }
>
> I could use it something like this:
>
> node "mynode" {
>   myfirewall:: accept { "http": 
>     proto => ''tcp'',
>     port   => ''80'',
>     sources => [''1.1.1.1'',''2.2.2.2'']
>   }
> }
>
>
> Is there any way to do something like this with puppet?  I''m new
to this
> and quite confused.
>
>
>
aha.  I found I can do it using the $name parameter.

Is there anything inherently wrong with this type of usage?


define myfirewall::accept($proto, $port) {

  firewall { "100 $name $proto $port":
    proto => $proto,
    dport => $port,
    source => $name,
    action => ''accept''
  }

} 

node ''mynode'' {
  include firewall
  myfirewall::accept { [''node1'', ''node2''] :
    proto => ''tcp'',
    port  => ''80''
  }
}

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/9QSWO9NQWg4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Nothing wrong with that. It''s a very common practice.

One thing I would recommend is setting your array to a variable and passing 
that variable to the define. It just makes your code cleaner and easier to 
read:

node ''mynode'' {
  include firewall
  $sources = [''node1'', ''node2'']
  myfirewall::accept { $sources :
    proto => ''tcp'',
    port  => ''80''
  }


On Tuesday, November 20, 2012 2:30:45 PM UTC-7, Dusty Doris
wrote:
>
>
>
> On Tuesday, November 20, 2012 3:51:07 PM UTC-5, Dusty Doris wrote:
>>
>> Lets say I wanted to make a declared type for adding custom firewall 
>> rules on a per-node basis.
>>
>>
>> define myfirewall::accept($proto, $port, $sources=[]) {
>>   include defaultfirewall
>>
>>   $sources.each do |source|
>>     
>>     firewall { "100 allow $proto $port for $source":
>>       proto  => $proto,
>>       dport => $dport,
>>       source => $source,
>>       action   => ''accept'',
>>     }
>>
>>   end
>> }
>>
>> I could use it something like this:
>>
>> node "mynode" {
>>   myfirewall:: accept { "http": 
>>     proto => ''tcp'',
>>     port   => ''80'',
>>     sources =>
[''1.1.1.1'',''2.2.2.2'']
>>   }
>> }
>>
>>
>> Is there any way to do something like this with puppet?  I''m
new to this
>> and quite confused.
>>
>>
>>
> aha.  I found I can do it using the $name parameter.
>
> Is there anything inherently wrong with this type of usage?
>
>
> define myfirewall::accept($proto, $port) {
>
>   firewall { "100 $name $proto $port":
>     proto => $proto,
>     dport => $port,
>     source => $name,
>     action => ''accept''
>   }
>
> } 
>
> node ''mynode'' {
>   include firewall
>   myfirewall::accept { [''node1'',
''node2''] :
>     proto => ''tcp'',
>     port  => ''80''
>   }
> }
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/acxmlDAEJoUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks for the reply, I did run into one problem with duplicate 
declarations.  Say I wanted to include node1 and node2 in a group of 
servers for a particular rule.  Then wanted to just have node1 in a second 
rule.

eg:

node ''mynode'' {
  include firewall

  $apps = [''node1'', ''node2'']
  $ssl    = ''node1''

  myfirewall::accept { $apps :
    proto => ''tcp'',
    ports => [''80'',''8080'']
  }

  myfirewall::accept { ''node1'' :
   proto => ''tcp'',
   ports => ''443''
  }
}

When I run that I get a duplicate declaration error such as 
Myfirewall::Accept[node1].  How does one get around something like that?  I 
can''t think of a way to do that without assigning a unique name and
then
iterating on a source variable that is passed in.

BTW - I am using the puppetlabs-firewall module and unfortunately it 
doesn''t work correctly with an array for the source variable, so
that''s why
I''m stuck here.



On Tuesday, November 20, 2012 5:15:12 PM UTC-5, joe
wrote:
>
> Nothing wrong with that. It''s a very common practice.
>
> One thing I would recommend is setting your array to a variable and 
> passing that variable to the define. It just makes your code cleaner and 
> easier to read:
>
> node ''mynode'' {
>   include firewall
>   $sources = [''node1'', ''node2'']
>   myfirewall::accept { $sources :
>     proto => ''tcp'',
>     port  => ''80''
>   }
>
>
> On Tuesday, November 20, 2012 2:30:45 PM UTC-7, Dusty Doris wrote:
>>
>>
>>
>> On Tuesday, November 20, 2012 3:51:07 PM UTC-5, Dusty Doris wrote:
>>>
>>> Lets say I wanted to make a declared type for adding custom
firewall
>>> rules on a per-node basis.
>>>
>>>
>>> define myfirewall::accept($proto, $port, $sources=[]) {
>>>   include defaultfirewall
>>>
>>>   $sources.each do |source|
>>>     
>>>     firewall { "100 allow $proto $port for $source":
>>>       proto  => $proto,
>>>       dport => $dport,
>>>       source => $source,
>>>       action   => ''accept'',
>>>     }
>>>
>>>   end
>>> }
>>>
>>> I could use it something like this:
>>>
>>> node "mynode" {
>>>   myfirewall:: accept { "http": 
>>>     proto => ''tcp'',
>>>     port   => ''80'',
>>>     sources =>
[''1.1.1.1'',''2.2.2.2'']
>>>   }
>>> }
>>>
>>>
>>> Is there any way to do something like this with puppet? 
I''m new to this
>>> and quite confused.
>>>
>>>
>>>
>> aha.  I found I can do it using the $name parameter.
>>
>> Is there anything inherently wrong with this type of usage?
>>
>>
>> define myfirewall::accept($proto, $port) {
>>
>>   firewall { "100 $name $proto $port":
>>     proto => $proto,
>>     dport => $port,
>>     source => $name,
>>     action => ''accept''
>>   }
>>
>> } 
>>
>> node ''mynode'' {
>>   include firewall
>>   myfirewall::accept { [''node1'',
''node2''] :
>>     proto => ''tcp'',
>>     port  => ''80''
>>   }
>> }
>>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/ZpskRkRDbZoJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi.

You try this:

node ''mynode'' {
  include firewall

  myfirewall::accept { ''node2'':
    proto => ''tcp'',
    ports => [''80'',''8080'']
  }

  myfirewall::accept { ''node1'' :
   proto => ''tcp'',
   ports =>
[''80'',''8080'',''443'']
  }
}

It is more simple and so you don''t duplicate a declaration.

Sorry for my english
El 20/11/2012 23:32, "Dusty Doris" <dusty@doris.name> escribió:
> Thanks for the reply, I did run into one problem with duplicate
> declarations.  Say I wanted to include node1 and node2 in a group of
> servers for a particular rule.  Then wanted to just have node1 in a second
> rule.
>
> eg:
>
> node ''mynode'' {
>   include firewall
>
>   $apps = [''node1'', ''node2'']
>   $ssl    = ''node1''
>
>   myfirewall::accept { $apps :
>     proto => ''tcp'',
>     ports => [''80'',''8080'']
>   }
>
>   myfirewall::accept { ''node1'' :
>    proto => ''tcp'',
>    ports => ''443''
>   }
> }
>
> When I run that I get a duplicate declaration error such as
> Myfirewall::Accept[node1].  How does one get around something like that?  I
> can''t think of a way to do that without assigning a unique name
and then
> iterating on a source variable that is passed in.
>
> BTW - I am using the puppetlabs-firewall module and unfortunately it
> doesn''t work correctly with an array for the source variable, so
that''s why
> I''m stuck here.
>
>
>
> On Tuesday, November 20, 2012 5:15:12 PM UTC-5, joe wrote:
>>
>> Nothing wrong with that. It''s a very common practice.
>>
>> One thing I would recommend is setting your array to a variable and
>> passing that variable to the define. It just makes your code cleaner
and
>> easier to read:
>>
>> node ''mynode'' {
>>   include firewall
>>   $sources = [''node1'', ''node2'']
>>   myfirewall::accept { $sources :
>>     proto => ''tcp'',
>>     port  => ''80''
>>   }
>>
>>
>> On Tuesday, November 20, 2012 2:30:45 PM UTC-7, Dusty Doris wrote:
>>>
>>>
>>>
>>> On Tuesday, November 20, 2012 3:51:07 PM UTC-5, Dusty Doris wrote:
>>>>
>>>> Lets say I wanted to make a declared type for adding custom
firewall
>>>> rules on a per-node basis.
>>>>
>>>>
>>>> define myfirewall::accept($proto, $port, $sources=[]) {
>>>>   include defaultfirewall
>>>>
>>>>   $sources.each do |source|
>>>>
>>>>     firewall { "100 allow $proto $port for $source":
>>>>       proto  => $proto,
>>>>       dport => $dport,
>>>>       source => $source,
>>>>       action   => ''accept'',
>>>>     }
>>>>
>>>>   end
>>>> }
>>>>
>>>> I could use it something like this:
>>>>
>>>> node "mynode" {
>>>>   myfirewall:: accept { "http":
>>>>     proto => ''tcp'',
>>>>     port   => ''80'',
>>>>     sources =>
[''1.1.1.1'',''2.2.2.2'']
>>>>   }
>>>> }
>>>>
>>>>
>>>> Is there any way to do something like this with puppet? 
I''m new to
>>>> this and quite confused.
>>>>
>>>>
>>>>
>>> aha.  I found I can do it using the $name parameter.
>>>
>>> Is there anything inherently wrong with this type of usage?
>>>
>>>
>>> define myfirewall::accept($proto, $port) {
>>>
>>>   firewall { "100 $name $proto $port":
>>>     proto => $proto,
>>>     dport => $port,
>>>     source => $name,
>>>     action => ''accept''
>>>   }
>>>
>>> }
>>>
>>> node ''mynode'' {
>>>   include firewall
>>>   myfirewall::accept { [''node1'',
''node2''] :
>>>     proto => ''tcp'',
>>>     port  => ''80''
>>>   }
>>> }
>>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/ZpskRkRDbZoJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks Guillermo.  I appreciate your reply.  

I am trying to batch these entries, which is why I was originally asking 
about how to iterate on an array inside a defined type.  The reasoning for 
this, is that I will have somewhere between 20 and 40 IPs that need access 
to certain ports on certain nodes.  I''d rather not have to do them one
by
one on each node, so I''m trying to find an easy way to group them
together.
 Perhaps I need to rethink my approach.

I''m just starting at the basics now, trying to understand how puppet
works.

This was my concept, which could be extracted into classes or modules or 
something.  

accept { $app_servers:
  proto => ''tcp'',
  ports =>
[''80'',''3306'',''389'',''443'']
}

accept { $backup_servers:
  proto => ''tcp''
  ports => [''873'']
}

accept { $mail_relays:
  proto => ''tcp'',
  ports => [''25'',''875'']
}


Thanks for any suggestions.  I''ll keep reading the docs and start
looking
at more code in the modules.




  
On Tuesday, November 20, 2012 8:38:56 PM UTC-5, Guillermo Cordeiro
wrote:
>
> Hi.
>
> You try this:
>
> node ''mynode'' {
>   include firewall
>
>   myfirewall::accept { ''node2'':
>     proto => ''tcp'',
>     ports => [''80'',''8080'']
>   }
>
>   myfirewall::accept { ''node1'' :
>    proto => ''tcp'',
>    ports =>
[''80'',''8080'',''443'']
>   }
> }
>
> It is more simple and so you don''t duplicate a declaration.
>
> Sorry for my english
> El 20/11/2012 23:32, "Dusty Doris" <du...@doris.name
<javascript:>>
> escribió:
>
>> Thanks for the reply, I did run into one problem with duplicate 
>> declarations.  Say I wanted to include node1 and node2 in a group of 
>> servers for a particular rule.  Then wanted to just have node1 in a
second
>> rule.
>>
>> eg:
>>
>> node ''mynode'' {
>>   include firewall
>>
>>   $apps = [''node1'', ''node2'']
>>   $ssl    = ''node1''
>>
>>   myfirewall::accept { $apps :
>>     proto => ''tcp'',
>>     ports => [''80'',''8080'']
>>   }
>>
>>   myfirewall::accept { ''node1'' :
>>    proto => ''tcp'',
>>    ports => ''443''
>>   }
>> }
>>
>> When I run that I get a duplicate declaration error such as 
>> Myfirewall::Accept[node1].  How does one get around something like
that?  I
>> can''t think of a way to do that without assigning a unique
name and then
>> iterating on a source variable that is passed in.
>>
>> BTW - I am using the puppetlabs-firewall module and unfortunately it 
>> doesn''t work correctly with an array for the source variable,
so that''s why
>> I''m stuck here.
>>
>>
>>
>> On Tuesday, November 20, 2012 5:15:12 PM UTC-5, joe wrote:
>>>
>>> Nothing wrong with that. It''s a very common practice.
>>>
>>> One thing I would recommend is setting your array to a variable and
>>> passing that variable to the define. It just makes your code
cleaner and
>>> easier to read:
>>>
>>> node ''mynode'' {
>>>   include firewall
>>>   $sources = [''node1'', ''node2'']
>>>   myfirewall::accept { $sources :
>>>     proto => ''tcp'',
>>>     port  => ''80''
>>>   }
>>>
>>>
>>> On Tuesday, November 20, 2012 2:30:45 PM UTC-7, Dusty Doris wrote:
>>>>
>>>>
>>>>
>>>> On Tuesday, November 20, 2012 3:51:07 PM UTC-5, Dusty Doris
wrote:
>>>>>
>>>>> Lets say I wanted to make a declared type for adding custom
firewall
>>>>> rules on a per-node basis.
>>>>>
>>>>>
>>>>> define myfirewall::accept($proto, $port, $sources=[]) {
>>>>>   include defaultfirewall
>>>>>
>>>>>   $sources.each do |source|
>>>>>     
>>>>>     firewall { "100 allow $proto $port for
$source":
>>>>>       proto  => $proto,
>>>>>       dport => $dport,
>>>>>       source => $source,
>>>>>       action   => ''accept'',
>>>>>     }
>>>>>
>>>>>   end
>>>>> }
>>>>>
>>>>> I could use it something like this:
>>>>>
>>>>> node "mynode" {
>>>>>   myfirewall:: accept { "http": 
>>>>>     proto => ''tcp'',
>>>>>     port   => ''80'',
>>>>>     sources =>
[''1.1.1.1'',''2.2.2.2'']
>>>>>   }
>>>>> }
>>>>>
>>>>>
>>>>> Is there any way to do something like this with puppet? 
I''m new to
>>>>> this and quite confused.
>>>>>
>>>>>
>>>>>
>>>> aha.  I found I can do it using the $name parameter.
>>>>
>>>> Is there anything inherently wrong with this type of usage?
>>>>
>>>>
>>>> define myfirewall::accept($proto, $port) {
>>>>
>>>>   firewall { "100 $name $proto $port":
>>>>     proto => $proto,
>>>>     dport => $port,
>>>>     source => $name,
>>>>     action => ''accept''
>>>>   }
>>>>
>>>> } 
>>>>
>>>> node ''mynode'' {
>>>>   include firewall
>>>>   myfirewall::accept { [''node1'',
''node2''] :
>>>>     proto => ''tcp'',
>>>>     port  => ''80''
>>>>   }
>>>> }
>>>>
>>>  -- 
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msg/puppet-users/-/ZpskRkRDbZoJ.
>> To post to this group, send email to
puppet...@googlegroups.com<javascript:>
>> .
>> To unsubscribe from this group, send email to 
>> puppet-users...@googlegroups.com <javascript:>.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/vccf59LRvVMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.