Hello,
Thanks for the reply. I hope this is really not something related to
an incompatibility with puppet 2.7. Did anyone get this working using
puppet 2.7?
I have tried this with stages and I get the cyclic dependency problem.
Then I tried this solution using require => Class["fw::pre"] and
before => Class["fw::post"], but then puppet complains that it cannot
find fw::pre and fw::post.
The classes are defined in there. I even tried adding an import to the
file with these classes just before the global scope part with no
effect.
The message from puppet when using this example:
Tue Jun 19 09:56:56 -0400 2012 Puppet (err): Failed to apply catalog:
Could not find dependency Class[Fw::Pre] for Firewall[100 accept http
connections] at
/etc/puppet/env/production/manifests/classes/internals/fw.pp:61
Please, let me know how to properly put order to make this work.
Thanks!
Here my simple manifests:
# site.pp
import "nodes.pp"
import "classes/*/*.pp"
# nodes.pp
node basenode {
notify { "Base node configuration.": }
include fw
}
node 'hosting00' inherits basenode {
include hosting
}
# hosting.pp
class hosting {
include fw::http
}
# fw.pp
# global scope (same result here and in site.pp)
exec { 'persist-firewall':
command => $operatingsystem ? {
'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4',
/(RedHat|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables',
},
refreshonly => true,
}
Firewall {
notify => Exec["persist-firewall"],
require => Class["fw::pre"],
before => Class["fw::post"],
}
Firewallchain {
notify => Exec["persist-firewall"],
}
resources { "firewall": purge => true }
class fw {
firewall { "100 no op":
}
}
class fw::pre {
Firewall {
require => undef,
}
firewall { "000 accept all icmp requests":
proto => "icmp",
action => "accept",
}->
firewall { "001 allow packets with valid state":
state => ["RELATED", "ESTABLISHED"],
action => "accept",
}->
firewall { "002 allow all traffic to loopback":
iniface => "lo",
action => "accept",
}->
firewall { "010 accept ssh connections":
proto => "tcp",
port => "22",
action => "accept",
}
}
class fw::post {
firewall { "998 reject forwarding":
chain => "FORWARD",
action => "reject",
reject => "icmp-host-prohibited",
}
}
class fw::http {
firewall { "100 accept http connections":
proto => "tcp",
port => "80",
action => "accept",
}
}
On Tue, Jun 19, 2012 at 3:56 PM, jcbollinger <john.bollin...@stjude.org> wrote:
>
>
> On Tuesday, June 19, 2012 4:30:38 AM UTC-5, Ioannis wrote:
> [...]
>
>> Stages generate cycles.
>
>
> Yes, stages are prone to that.
>
>
>> Your solution tells me it cannot find the pre class:
>
>
> No, your application of Ken's example tells you that.
>
>
>> Tue Jun 19 05:20:23 -0400 2012 Puppet (err): Failed to apply catalog:
>> Could not find dependency Class[Fw::Pre] for Firewall[100 accept http
>> connections] at
>>
>> It definitely does not like:
>>
>> Firewall {
>> notify => Exec["persist-firewall"],
>> before => Class["my_soe::fwpost"],
>> require => Class["my_soe::fwpre"],
>> }
>
> Ken's example is not a drop-in solution. It works in appropriate context;
> especially, it requires your node declaration or ENC to declare the needed
> classes in an appropriate order. Alternatively -- perhaps easier -- you
> could wrap parts of it in a class that provides the needed ordering. Better
> yet, study the example to understand what it's doing, why it works when it
> does work, and what's needed to make it work.
>
> We may be able to help you more concretely if you present your own
> manifests.
>
>
> John
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/1-6XzB2ulvgJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
Ioannis Aslanidis
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
