oogs
2014-Aug-11 18:09 UTC
[Puppet Users] puppetlabs-firewall module - purging unmanaged firewall chains?
Hi,
We (my colleagues and I) have a question about using the purge attribute
in puppetlabs/firewall 1.1.3. Specifically, the per-chain purge
attribute listed here:
https://forge.puppetlabs.com/puppetlabs/firewall#050---2014-02-10
If I have this as my node definition:
node oogs-test01 {
include ::firewall
firewallchain { 'foo:filter:IPv4':
ensure => present,
purge => true,
}
firewallchain { 'bar:filter:IPv4':
ensure => present,
purge => false,
}
}
it should purge any rules for the chain "foo", right? While leaving
"bar" alone. At least, that's what I gather from the type:
oogs@oogs-dev:/etc/puppet-dev/modules/firewall/lib/puppet/type$ grep -A6
purge firewallchain.rb
newparam(:purge, :boolean => true) do
desc <<-EOS
Purge unmanaged firewall rules in this chain
EOS
newvalues(:false, :true)
defaultto :false
end
If I run puppet on my test node, oogs-test01, I get the following:
root@oogs-test01:~# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/iptables_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/mounts.rb
Info: Loading facts in /var/lib/puppet/lib/facter/scst_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Loading facts in /var/lib/puppet/lib/facter/lvm_facters.rb
Info: Loading facts in /var/lib/puppet/lib/facter/concat_basedir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in
/var/lib/puppet/lib/facter/postgres_default_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/blockdevice_controller.rb
Info: Loading facts in /var/lib/puppet/lib/facter/oncall.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/ip6tables_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/nfs_homes.rb
Info: Loading facts in
/var/lib/puppet/lib/facter/iptables_persistent_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/vmwaretools_version.rb
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Invalid parameter purge on Firewallchain[foo:filter:IPv4] at
/etc/puppet-dev/manifests/site.pp:5 on node oogs-test01.test.lab
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Has anyone else successfully used the purge attribute for a firewall
chain? If so, can you provide some sample code or point out what's wrong
in ours?
Thanks,
-Chris B.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/53E906BF.1090402%40merit.edu.
For more options, visit https://groups.google.com/d/optout.