将 duritong/puppet-shorewall 与 Puppet 和 Hiera 一起使用无法按预期工作
Using duritong/puppet-shorewall with Puppet and Hiera does not work as expected
我正在尝试将此模块与 puppet 一起使用:https://github.com/duritong/puppet-shorewall
按照示例,我使规则生效
node xy {
class{'config::site_shorewall':
startup => "0" # create shorewall ruleset but don't startup
}
shorewall::rule {
'incoming-ssh': source => 'all', destination => '$FW', action => 'SSH(ACCEPT)', order => 200;
'incoming-puppetmaster': source => 'all', destination => '$FW', action => 'Puppetmaster(ACCEPT)', order => 300;
'incoming-imap': source => 'all', destination => '$FW', action => 'IMAP(ACCEPT)', order => 300;
'incoming-smtp': source => 'all', destination => '$FW', action => 'SMTP(ACCEPT)', order => 300;
}
}
现在我想把它打包到 hiera 中。通过一些研究,我在这里找到了如何将不同变量转换为 hiera 哈希的解释:http://puppetlunch.com/puppet/hiera.html
现在,当原始示例转换为 hiera 时,如果我没有记错的话,它应该是这样的(hiera 中只有 2 个示例):
---
classes:
- shorewall
shorewall::rule:
incoming-ssh:
source: 'all'
destination: '$FW'
action: 'SSH(ACCEPT)'
order: '200'
incoming-puppetmaster:
source: 'all'
destination: '$FW'
action: 'Puppetmaster(ACCEPT)'
order: 200
配置文件中除了页眉和页脚外没有数据可能是什么问题?
猫/etc/shorewall/puppet/rules
#
# Shorewall version 3.4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# See http://shorewall.net/Documentation.htm#Rules for additional information.
#
#############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
在 Hiera 中为资源建模只是完成了一半。您必须指示 Puppet 将此数据转换回实际资源。
$data = hiera('shorewall::rule', {})
create_resources('shorewall::rule', $data)
关键是 create_resources function.
您不应使用 shorewall::rule
作为您的 Hiera 密钥的名称,这会产生误导。使用与实际语法不相似的名称,例如
shorewall_rules:
incoming-ssh:
...
并且在清单中
$data = hiera('shorewall_rules', {})
我正在尝试将此模块与 puppet 一起使用:https://github.com/duritong/puppet-shorewall
按照示例,我使规则生效
node xy {
class{'config::site_shorewall':
startup => "0" # create shorewall ruleset but don't startup
}
shorewall::rule {
'incoming-ssh': source => 'all', destination => '$FW', action => 'SSH(ACCEPT)', order => 200;
'incoming-puppetmaster': source => 'all', destination => '$FW', action => 'Puppetmaster(ACCEPT)', order => 300;
'incoming-imap': source => 'all', destination => '$FW', action => 'IMAP(ACCEPT)', order => 300;
'incoming-smtp': source => 'all', destination => '$FW', action => 'SMTP(ACCEPT)', order => 300;
}
}
现在我想把它打包到 hiera 中。通过一些研究,我在这里找到了如何将不同变量转换为 hiera 哈希的解释:http://puppetlunch.com/puppet/hiera.html
现在,当原始示例转换为 hiera 时,如果我没有记错的话,它应该是这样的(hiera 中只有 2 个示例):
---
classes:
- shorewall
shorewall::rule:
incoming-ssh:
source: 'all'
destination: '$FW'
action: 'SSH(ACCEPT)'
order: '200'
incoming-puppetmaster:
source: 'all'
destination: '$FW'
action: 'Puppetmaster(ACCEPT)'
order: 200
配置文件中除了页眉和页脚外没有数据可能是什么问题?
猫/etc/shorewall/puppet/rules
#
# Shorewall version 3.4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# See http://shorewall.net/Documentation.htm#Rules for additional information.
#
#############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
在 Hiera 中为资源建模只是完成了一半。您必须指示 Puppet 将此数据转换回实际资源。
$data = hiera('shorewall::rule', {})
create_resources('shorewall::rule', $data)
关键是 create_resources function.
您不应使用 shorewall::rule
作为您的 Hiera 密钥的名称,这会产生误导。使用与实际语法不相似的名称,例如
shorewall_rules:
incoming-ssh:
...
并且在清单中
$data = hiera('shorewall_rules', {})