Puppet 找不到 class 防火墙
Puppet can't find class firewall
我使用本教程安装了基本的 Puppet https://www.digitalocean.com/community/tutorials/how-to-install-puppet-4-on-ubuntu-16-04
当我 运行 /opt/puppetlabs/bin/puppet agent --test 在我的节点上时,我得到
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Error while evaluating a Resource Statement. Could not find declared class firewall at /etc/puppetlabs/code/environments/production/manifests/site.pp:7:1 on node mark-inspiron.
在我的节点上:
/opt/puppetlabs/bin/puppet module list
returns
/etc/puppetlabs/code/environment/production/modules
----- puppetlabs-firewall (v1.9.0)
关于我的人偶大师 /etc/puppetlabs/code/environments/production/manifests/site.pp:
file {'/tmp/it_works.txt': # resource type file and filename
ensure => present, # make sure it exists
mode => '0644', # file permissions
content => "It works on ${ipaddress_eth0}!\n", # Print the eth0 IP fact
}
class { 'firewall': }
resources { 'firewall':
purge => true,
}
firewall { "051 asterisk-set-rate-limit-register":
string => "REGISTER sip:",
string_algo => "bm",
dport => '5060',
proto => 'udp',
recent => 'set',
rname => 'VOIPREGISTER',
rsource => 'true';
}
firewall { "052 asterisk-drop-rate-limit-register":
string => "REGISTER sip:",
string_algo => "bm",
dport => '5060',
proto => 'udp',
action => 'drop',
recent => 'update',
rseconds => '600',
rhitcount => '5',
rname => 'VOIPREGISTER',
rsource => true,
rttl => true;
}
文件部分有效,但防火墙无效。
您需要在使用 Puppet 的主站设置中将模块安装在主站上。它们需要在您的 modulepath 中的某个位置。您可以将它放在 $codedir(通常是 /etc/puppetlabs/code/modules)内的模块目录中,或者放在您的目录环境模块目录中(在您的情况下可能是 /etc/puppetlabs/code/environments/production/modules,因为您引用的 site.pp 是那里)。如果您在 environment.conf 中定义了额外的模块路径,那么您也可以将模块放在那里。
您可以 install/deploy 使用多种方法,例如 librarian-puppet、r10k 或 code-manager(在企业中)。但是,对您来说最简单的方法是 puppet module install puppetlabs-firewall on the master。然后,您的 Puppet 目录将在编译期间找到 firewall class。
附带说明:
resources { 'firewall':
purge => true,
}
将删除对相关防火墙配置的任何更改(根据 Puppet 对系统防火墙配置的了解,根据模块对资源管理内容的定义),这些更改不由 Puppet 管理。这对于消除人们所做的局部更改非常有用,但它也会产生有趣的副作用,所以要小心。
我使用本教程安装了基本的 Puppet https://www.digitalocean.com/community/tutorials/how-to-install-puppet-4-on-ubuntu-16-04
当我 运行 /opt/puppetlabs/bin/puppet agent --test 在我的节点上时,我得到
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Error while evaluating a Resource Statement. Could not find declared class firewall at /etc/puppetlabs/code/environments/production/manifests/site.pp:7:1 on node mark-inspiron.
在我的节点上:
/opt/puppetlabs/bin/puppet module list
returns
/etc/puppetlabs/code/environment/production/modules
----- puppetlabs-firewall (v1.9.0)
关于我的人偶大师 /etc/puppetlabs/code/environments/production/manifests/site.pp:
file {'/tmp/it_works.txt': # resource type file and filename
ensure => present, # make sure it exists
mode => '0644', # file permissions
content => "It works on ${ipaddress_eth0}!\n", # Print the eth0 IP fact
}
class { 'firewall': }
resources { 'firewall':
purge => true,
}
firewall { "051 asterisk-set-rate-limit-register":
string => "REGISTER sip:",
string_algo => "bm",
dport => '5060',
proto => 'udp',
recent => 'set',
rname => 'VOIPREGISTER',
rsource => 'true';
}
firewall { "052 asterisk-drop-rate-limit-register":
string => "REGISTER sip:",
string_algo => "bm",
dport => '5060',
proto => 'udp',
action => 'drop',
recent => 'update',
rseconds => '600',
rhitcount => '5',
rname => 'VOIPREGISTER',
rsource => true,
rttl => true;
}
文件部分有效,但防火墙无效。
您需要在使用 Puppet 的主站设置中将模块安装在主站上。它们需要在您的 modulepath 中的某个位置。您可以将它放在 $codedir(通常是 /etc/puppetlabs/code/modules)内的模块目录中,或者放在您的目录环境模块目录中(在您的情况下可能是 /etc/puppetlabs/code/environments/production/modules,因为您引用的 site.pp 是那里)。如果您在 environment.conf 中定义了额外的模块路径,那么您也可以将模块放在那里。
您可以 install/deploy 使用多种方法,例如 librarian-puppet、r10k 或 code-manager(在企业中)。但是,对您来说最简单的方法是 puppet module install puppetlabs-firewall on the master。然后,您的 Puppet 目录将在编译期间找到 firewall class。
附带说明:
resources { 'firewall':
purge => true,
}
将删除对相关防火墙配置的任何更改(根据 Puppet 对系统防火墙配置的了解,根据模块对资源管理内容的定义),这些更改不由 Puppet 管理。这对于消除人们所做的局部更改非常有用,但它也会产生有趣的副作用,所以要小心。