I changed a ipt_fragment to ensure absent, puppet removed the rule,
but didn't run rebuild-iptables.
Does the define below need a notify on the absent side of the case? Is
that valid? What about the ensure on the /etc/sysconfig/iptables.d
file (further below), when is it triggered?
Thanks again.
# Handles iptables concerns. See also ipt_fragment definition
define ipt_fragment($ensure="present") {
case $ensure {
absent: {
file { "/etc/sysconfig/iptables.d/$name":
ensure => absent,
}
}
present: {
file {
"/etc/sysconfig/iptables.d/$title":
source => "puppet:///files/iptables/fragments/
$name",
owner => root, group => root, mode => 640,
notify => Exec[rebuild_iptables],
<snip>
file {
"/etc/sysconfig/iptables.d":
ensure => directory,
purge => false,
notify => Exec["rebuild_iptables"];
"/usr/sbin/rebuild-iptables":
source => "puppet:///files/iptables/rebuild-iptables";
}
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
