Hi,
We (my colleagues and I) have a question about using the purge attribute
in puppetlabs/firewall 1.1.3. Specifically, the per-chain purge
attribute listed here:
https://forge.puppetlabs.com/puppetlabs/firewall#050---2014-02-10
If I have this as my node definition:
node oogs-test01 {
include ::firewall
firewallchain { 'foo:filter:IPv4':
ensure => present,
purge => true,
}
firewallchain { 'bar:filter:IPv4':
ensure => present,
purge => false,
}
}
it should purge any rules for the chain "foo", right? While leaving
"bar" alone. At least, that's what I gather from the type:
oogs@oogs-dev:/etc/puppet-dev/modules/firewall/lib/puppet/type$ grep -A6
purge firewallchain.rb
newparam(:purge, :boolean => true) do
desc <<-EOS
Purge unmanaged firewall rules in this chain
EOS
newvalues(:false, :true)
defaultto :false
end
If I run puppet on my test node, oogs-test01, I get the following:
root@oogs-test01:~# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/iptables_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/mounts.rb
Info: Loading facts in /var/lib/puppet/lib/facter/scst_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Loading facts in /var/lib/puppet/lib/facter/lvm_facters.rb
Info: Loading facts in /var/lib/puppet/lib/facter/concat_basedir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in
/var/lib/puppet/lib/facter/postgres_default_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/blockdevice_controller.rb
Info: Loading facts in /var/lib/puppet/lib/facter/oncall.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/ip6tables_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/nfs_homes.rb
Info: Loading facts in
/var/lib/puppet/lib/facter/iptables_persistent_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/vmwaretools_version.rb
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Invalid parameter purge on Firewallchain[foo:filter:IPv4] at
/etc/puppet-dev/manifests/site.pp:5 on node oogs-test01.test.lab
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Has anyone else successfully used the purge attribute for a firewall
chain? If so, can you provide some sample code or point out what's wrong
in ours?
Thanks,
-Chris B.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/53E906BF.1090402%40merit.edu.
For more options, visit https://groups.google.com/d/optout.
