A little difficult but I'll try ;)
manifests\default.pp
include iptables
iptables::ssh { 'd.vader' :
source => '1.2.3.4',
desc => 'Vader\'s Desktop'
}
iptables::ssh { 'd.maul' :
source => '1.2.3.3',
desc => 'Maul\'s Desktop'
}
modules\iptables\manifests\init.pp
class iptables {
stage { 'iptables-post':
require => Stage["main"],
}
stage { 'iptables-pre':
before => Stage["main"],
}
class { 'iptables::pre':
stage => 'iptables-pre'
}
class { 'iptables::post':
stage => 'iptables-post'
}
}
modules\iptables\manifests\pre.pp
class iptables::pre {
file { "/etc/sysconfig/iptables" :
ensure => directory,
}->
file { "/etc/sysconfig/iptables/conf" :
ensure => directory,
}
}
modules\iptables\manifests\post.pp
class iptables::post {
exec { 'wait_for_my_file' :
before => File["/etc/sysconfig/iptables/iptables-rules"],
command => "sleep 30",
path => "/usr/bin:/bin",
}
file { "/etc/sysconfig/iptables/iptables-rules" :
content => template("iptables/load.erb"),
}
}
modules\iptables\manifests\ssh.pp
define iptables::ssh(
$username = $title,
$source,
$desc = ''
) {
iptables::rule { "$username" :
source => $source,
port => 22,
desc => $desc,
section => "001-User-SSH"
}
}
define iptables::rule(
$chain = "INPUT",
$source = '',
$protocol = "tcp",
$port = '',
$jump = "ACCEPT",
$desc = '',
$section = 'General',
$priority = "999",
) {
exec { "Write $section-$priority-$name Header" :
command => "echo '# ${section}' >
/etc/sysconfig/iptables/conf/$section-000.conf",
path => "/usr/bin:/usr/sbin:/bin",
}->file { "/etc/sysconfig/iptables/conf/$section-$priority-$name.conf" :
content => template("iptables/rule.erb"),
}
}
Vagrant Provision Output
==> default: Notice: Compiled catalog for localhost in environment
production in 2.19 seconds
==> default: Notice:
/Stage[iptables-pre]/Iptables::Pre/File[/etc/sysconfig/iptables]/ensure:
ensure changed 'file' to 'directory'
==> default: Notice:
/Stage[iptables-pre]/Iptables::Pre/File[/etc/sysconfig/iptables/conf]/ensure:
created
==> default: Notice:
/Stage[main]/Main/Node[localhost]/File[/etc/iptables-rules]/ensure: defined
content as '{md5}5445180d0b6a46fa77a92d9e7cca2862'
==> default: Notice:
/Stage[main]/Main/Node[localhost]/Iptables::Ssh[d.vader]/Iptables::Rule[d.vader]/Exec[Write
001-User-SSH-999-d.vader Header]/returns: executed successfully
==> default: Notice:
/Stage[main]/Main/Node[localhost]/Iptables::Ssh[d.vader]/Iptables::Rule[d.vader]/File[/etc/sysconfig/iptables/conf/001-User-SSH-999-d.vader.conf]/ensure:
defined content as '{md5}c6cd7681784e67f683da937578257147'
==> default: Notice:
/Stage[main]/Main/Node[localhost]/Iptables::Ssh[d.maul]/Iptables::Rule[d.maul]/Exec[Write
001-User-SSH-999-d.maul Header]/returns: executed successfully
==> default: Notice:
/Stage[main]/Main/Node[localhost]/Iptables::Ssh[d.maul]/Iptables::Rule[d.maul]/File[/etc/sysconfig/iptables/conf/001-User-SSH-999-d.maul.conf]/ensure:
defined content as '{md5}a9111e707dc5615e8cfb32eb3a18349e'
==> default: Notice:
/Stage[iptables-post]/Iptables::Post/Exec[wait_for_my_file]/returns:
executed successfully
==> default: Notice:
/Stage[iptables-post]/Iptables::Post/File[/etc/sysconfig/iptables/iptables-rules]/ensure:
defined content as '{md5}b0286436497fd0b6320dce09af6a71b2'
==> default: Notice: Finished catalog run in 30.25 seconds
On Monday, 26 January 2015 15:51:00 UTC, Sebastian Otaegui wrote:
>
> Can you gist your entire puppet manifest?
>
>
>
> On Mon, Jan 26, 2015 at 8:30 AM, Luke O'Sullivan <[email protected]
> <javascript:>> wrote:
>
>> Hi Sebastian,
>>
>> Thanks for the reply.
>>
>> *What happens if you do "vagrant destroy -f && vagrant up &&
>> vagrant provision"?*
>>
>> If I run that, the master file is built as expected - I assume because
>> the by the time the second puppet provision is called, the file structure
>> is in place.
>>
>> Could you elaborate on what the timing issue is? Is it a puppet or
>> vagrant issue? I added the following to my puppet setup to make puppet wait
>> 2 seconds before building the master configuration file but it still fails:
>>
>> exec { 'wait_for_files' :
>> before => File["/etc/sysconfig/iptables/iptables-rules"],
>> command => "sleep 2",
>> path => "/usr/bin:/bin",
>> }
>>
>> file { "/etc/sysconfig/iptables/iptables-rules" :
>> content => template("iptables/load.erb"),
>> }
>>
>> Thanks,
>>
>> Luke
>>
>>
>>
>>
>> On Monday, 26 January 2015 14:07:17 UTC, Sebastian Otaegui wrote:
>>>
>>> This sounds like an ordering problem.
>>>
>>> What happens if you do "vagrant destroy -f && vagrant up &&
>>> vagrant provision"?
>>>
>>> If that works it may mean that you need to run puppet apply multiple
>>> times and that can point to an order issue.
>>>
>>> Regards
>>>
>>> On Monday, January 26, 2015, Luke O'Sullivan <[email protected]>
>>> wrote:
>>>
>>>>
>>>> <http://stackoverflow.com/questions/28150477/file-traverse-and-read-failure-in-vagrant-puppet-setup#>
>>>>
>>>>
>>>> I have a Vagrant / Puppet set up in which I am attempting to generate a
>>>> bunch of configuration files and then concatenate them into a master file.
>>>>
>>>> The individual files are generated and written to a conf directory and
>>>> the last action is to create the master file which uses an erb template to
>>>> read the files in the conf directory.
>>>>
>>>> <% files = Dir["/etc/sysconfig/iptables/conf/*.conf"] -%>
>>>> <% files.each do |name| -%>
>>>> <% file = File.open(name) -%>
>>>> <% contents = file.read -%>
>>>> <%= contents %>
>>>> <% end -%>
>>>>
>>>> When I run "vagrant up", everything appears to run correctly but the
>>>> master configuration file is empty. I have checked the timestamps on the
>>>> conf directory and the master configuration file and they are correct (the
>>>> master config file is created after all the individual config files).
>>>>
>>>> If I ssh into vagrant and run "puppet apply" manually, the master
>>>> config file is created as expected. I have tried using a bash script
>>>> instead of the erb method but encountered the same problems.
>>>>
>>>> Does anyone have any ideas what might cause this?
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Puppet Users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To view this discussion on the web visit https://groups.google.com/d/
>>>> msgid/puppet-users/ee7bea64-eb74-42be-b724-2e95d08ae4c6%
>>>> 40googlegroups.com
>>>> <https://groups.google.com/d/msgid/puppet-users/ee7bea64-eb74-42be-b724-2e95d08ae4c6%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>>
>>> --
>>> Those who do not understand Unix are condemned to reinvent it, poorly.
>>> Any sufficiently recent Microsoft OS contains an ad hoc,
>>> informally-specified, bug-ridden, slow implementation of half of Unix.
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/c483df41-feb1-4e79-b8f8-830da148f763%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/puppet-users/c483df41-feb1-4e79-b8f8-830da148f763%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Those who do not understand Unix are condemned to reinvent it, poorly.
> Any sufficiently recent Microsoft OS contains an ad hoc,
> informally-specified, bug-ridden, slow implementation of half of Unix.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ad76aa76-dfb4-4c28-becf-5ca3e26c4f38%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
