Hi,
On 12/16/2014 06:14 PM, Matt Wise wrote:
> We're using Puppet to build up a few docker containers, and we find
> that the puppetlabs-firewall module throws some errors during initial
> compilation. These errors are ignorable ... but they're obnoxious. Is
> there a way to explicitly disable a module from being parsed for a
> particular node type?
>
> Debug: Puppet::Type::Firewall::ProviderIptables: [instances]
> Error: /Stage[main]/Main/Resources[firewall]: Failed to generate
> additional resources using 'generate': Command iptables_save is
> missing
>
>
> (obviously this is more than just not saying 'include firewall' ...
> because the provider/types get parsed regardless of whether or not we
> 'include firewall').
the providers should not generate error output on their own accord.
Debugging messages - sure. Don't collect those during provisioning ;-)
I believe that you do something along the lines of `resources {
'firewall': purge => true }` on the global scope. Move this to a
site-specific firewall wrapper module. Create a special environment that
mirrors production, but replaces this wrapper module with a stub. This
way, nodes can effectively ignore firewalling during provisioning. You
can even remove the puppetlabs-firewall module from this environment, I
believe.
Failing that, you can always fall back to a custom fact that is false
during the initial run, and true afterwards. Wrap any firewalling
resources in queries for this fact value.
HTH,
Felix
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/549DC02E.9060903%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.
