A quick question, I have modified iptables.rb to include some custom "jump" values. I have restarted puppetmasterd, but client still sees old "jump" values How do I make iptables.rb to recompile?
Thank you Dmytro On Dec 15, 3:31 pm, Dmytro Bablinyuk <[email protected]> wrote: > I have found what the problem was > > I have now > > iptables {"-2-": > table => "nat", > chain => "POSTROUTING", > proto => "udp", > destination => "172.17.7.118", > dport => "53", > jump => "MASQUERADE" > > } > > It was quietly doing nothing if I remove "" from destination IP > address. > > On Dec 15, 1:12 pm, Dmytro Bablinyuk <[email protected]> wrote: > > > A quick question, > > > If I run puppet more than one time it seems does not do anything, even > > if I change manifest file. > > > r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > > info: Retrieving plugin > > info: Caching catalog for puppet-client-ubuntu > > info: Applying configuration version '1292378428' > > notice: Finished catalog run in 0.02 seconds > > > It looks like it retrieves the catalog but does not apply it. > > How do I make puppet execute manifest? > > > Thank you > > Dmytro > > > On Dec 15, 11:18 am, Dmytro Bablinyuk <[email protected]> wrote: > > > > You are life saver Ken! > > > > It's working > > > > r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > > > info: Retrieving plugin > > > notice: /File[/var/lib/puppet/lib/puppet]/ensure: created > > > notice: /File[/var/lib/puppet/lib/puppet/test]/ensure: created > > > notice: /File[/var/lib/puppet/lib/puppet/test/iptables.rb]/ensure: > > > defined content as '{md5}b079e461bf96bd1194fb72abb8802515' > > > notice: /File[/var/lib/puppet/lib/puppet/type]/ensure: created > > > notice: /File[/var/lib/puppet/lib/puppet/type/iptables.rb]/ensure: > > > defined content as '{md5}66481c7e3fb362d3448509e1e7f7fb35' > > > info: Loading downloaded plugin /var/lib/puppet/lib/puppet/test/ > > > iptables.rb > > > err: Could not load downloaded file /var/lib/puppet/lib/puppet/test/ > > > iptables.rb: no such file to load -- puppettest > > > info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/ > > > iptables.rb > > > > r...@puppet-client-ubuntu:~# iptables -S > > > -P INPUT ACCEPT > > > -P FORWARD ACCEPT > > > -P OUTPUT ACCEPT > > > -A INPUT -p tcp -m tcp --dport 80 -m comment --comment "my iptables > > > rule" -j DROP > > > > On Dec 15, 10:56 am, Ken Barber <[email protected]> wrote: > > > > > Hi Dmytro, > > > > > Your methodology for installing modules isn't quite right :-). > > > > > Instead of trying to extract the iptables.rb file yourself you want to > > > > do > > > > something like: > > > > > cd /etc/puppet/modules > > > > git clone git://github.com/bobsh/puppet-iptables.git iptables > > > > > Which will give you a layout something like: > > > > > # find /etc/puppet/modules/iptables > > > > /etc/puppet/modules/iptables > > > > /etc/puppet/modules/iptables/Rakefile > > > > /etc/puppet/modules/iptables/COPYING > > > > /etc/puppet/modules/iptables/lib > > > > /etc/puppet/modules/iptables/lib/puppet > > > > /etc/puppet/modules/iptables/lib/puppet/test > > > > /etc/puppet/modules/iptables/lib/puppet/test/iptables.rb > > > > /etc/puppet/modules/iptables/lib/puppet/type > > > > /etc/puppet/modules/iptables/lib/puppet/type/iptables.rb > > > > /etc/puppet/modules/iptables/tests > > > > ... > > > > /etc/puppet/modules/iptables/Modulefile > > > > /etc/puppet/modules/iptables/README.rst > > > > # > > > > > Correct this and try again. > > > > > ken. > > > > > On Tuesday, December 14, 2010 11:43:31 PM UTC, Dmytro Bablinyuk wrote: > > > > > > Thank you Ken, > > > > > > I have downloaded 1.2.0 iptables as you suggested. > > > > > > I copied ruby script > > > > > r...@puppet-master:/etc/puppet/modules/type# ls -l > > > > > total 32 > > > > > -rw-rw-r-- 1 root root 31539 2010-10-30 03:37 iptables.rb > > > > > > Looks like I don't have other plugins, iptables is the only puppet > > > > > plugin I have > > > > > > r...@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib > > > > > type > > > > > r...@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib/ > > > > > type/ > > > > > iptables.rb > > > > > > I have this error every time I try to access iptable type > > > > > r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > > > > > info: Retrieving plugin > > > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not > > > > > retrieve information from source(s) puppet://puppet/plugins > > > > > err: Could not retrieve catalog from remote server: Error 400 on > > > > > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: > > > > > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on > > > > > node puppet-client-ubuntu.harbour > > > > > warning: Not using cache on failed catalog > > > > > err: Could not retrieve catalog; skipping run > > > > > > Thank you very much for your help > > > > > Dmytro > > > > > > On Dec 15, 10:03 am, Ken Barber <[email protected]> wrote: > > > > > > Hi Dmytro, > > > > > > > So looking at what you have posted .... I can see a couple of > > > > > > things that > > > > > > > trouble me: > > > > > > > .. > > > > > > info: Retrieving plugin > > > > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not > > > > > > retrieve > > > > > > information from source(s) puppet://puppet/plugins > > > > > > .. > > > > > > > Is this error always occurring? Are you able to synchronise Ruby > > > > > > plugins > > > > > at > > > > > > all? You can check by looking at /var/lib/puppet/lib to see if > > > > > > anything > > > > > else > > > > > > lives there. It just looks like generally your clients aren't > > > > > synchronising > > > > > > plugins at all - but I could be wrong :-). > > > > > > > Also the sync location doesn't look right to me on your > > > > > > puppetmaster ... > > > > > you > > > > > > show: > > > > > > > ... > > > > > > r...@puppet-master:/var/lib/puppet/lib/type# ls -l > > > > > > total 28 > > > > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > > > > > > ... > > > > > > > But it should have sync'd here: > > > > > > > .. > > > > > > r...@puppet-master:/var/lib/puppet/lib/type# ls -l > > > > > > total 28 > > > > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > > > > > > .. > > > > > > > Did it actually synchronise on its own (ie. after running puppet) > > > > > > like > > > > > this > > > > > > on your puppetmaster? Did you deploy the entire module into a path > > > > > > like > > > > > > /etc/puppet/modules/iptables? > > > > > > > Oh btw. I'm not entirely sure the camptocamp revision is 2.6.x > > > > > compatible. > > > > > > > Try the revision here: > > > > > > >https://github.com/bobsh/puppet-iptables/tree/1.2.0 > > > > > > > <https://github.com/bobsh/puppet-iptables/tree/1.2.0>ken. > > > > > > > On Tuesday, December 14, 2010 10:35:18 PM UTC, Dmytro Bablinyuk > > > > > > wrote: > > > > > > > > I have downloaded and deployed puppet-iptables (I have puppet > > > > > > > 2.6.4) > > > > > > > > On both client and master config looks like this > > > > > > > > [main] > > > > > > > logdir=/var/log/puppet > > > > > > > vardir=/var/lib/puppet > > > > > > > ssldir=/var/lib/puppet/ssl > > > > > > > rundir=/var/run/puppet > > > > > > > libdir=/var/lib/puppet/lib > > > > > > > factpath=$vardir/lib/facter > > > > > > > pluginsync=true > > > > > > > plugindest=/var/lib/puppet/lib > > > > > > > templatedir=$confdir/templates > > > > > > > prerun_command=/etc/puppet/etckeeper-commit-pre > > > > > > > postrun_command=/etc/puppet/etckeeper-commit-post > > > > > > > modulepath=/etc/puppet/modules > > > > > > > > I have deployed iptables.rb > > > > > > > > r...@puppet-master:/var/lib/puppet/lib/type# ls -l > > > > > > > total 28 > > > > > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb > > > > > > > > When I connect client to test a simple iptables action I have a > > > > > > > error, > > > > > > > obviously I have deployed iptables in the wrong place or failed to > > > > > > > register somewhere. > > > > > > > > r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test > > > > > > > info: Retrieving plugin > > > > > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not > > > > > > > retrieve information from source(s) puppet://puppet/plugins > > > > > > > err: Could not retrieve catalog from remote server: Error 400 on > > > > > > > SERVER: Puppet::Parser::AST::Resource failed with error > > > > > > > ArgumentError: > > > > > > > Invalid resource type iptables at > > > > > > > /etc/puppet/manifests/site.pp:10 on > > > > > > > node puppet-client-ubuntu.harbour > > > > > > > warning: Not using cache on failed catalog > > > > > > > err: Could not retrieve catalog; skipping run > > > > > > > > I tried to move type folder around but still no luck > > > > > > > > Can anybody advise on this? > > > > > > > > Thank you very much! > > > > > > > Dmytro -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
