Hi,
> The same set of rules are applied on each run. I used numbers as the
> names to sort the rules accordingly since iptables rules' order does
> matter. Has anyone been using this module/plugin? I havent tried
> using a-z for the names of the rules, and there are no specified
> dependencies of each rule (requires,before,after).
It is an issue I am aware of, is irritating me, and must investigate.
Using a-z names instead of numbers shouldn't solve the problem.
I've only noticed this on hosts with a fair amount of iptable resources
declared. So I believe one or several rules built by puppet don't match
the output of iptables-save. This leads puppet to think something has
changed.
I previously used regular require/before/after dependencies but I
switched to alphabetical ordering because of another "always running"
issue. Unless you declared strictly linear dependencies (first rule
before 2nd rule, 2nd rule before 3rd rule, etc) you depended on
puppet's random ordering of resources. And in this case, a different
ordering might mean something completely different, maybe even the
opposite of what is intended.
This wasn't too much of an issue when all resources were declared in
the same file (for instance inside a node{}). But my idea was to
include different iptable{} resources in different modules, which
weren't all included on each node. And this led to loads of failed
dependencies.
I'll try to have a look at this issue soon.
Thanks for the feedback !
Marc
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
