如何在 Puppet master 的多个代理上应用不同的防火墙规则?
How to apply the different firewall rules on multiple agents from Puppet master?
网络拓扑:
使用 puppet,我正在尝试对代理应用不同的防火墙规则。
在 Puppet master 中有 nodes.pp 个文件包含所有代理的信息:
node 'agent1.com' {
include firewall_node1
}
node 'agent2.com' {
include firewall_node2
}
node 'agent3.com' {
include firewall_node3
}
并且有 3 类 在 rules.pp 中定义了以下防火墙规则:
a. Open all incoming connection for 8083/tcp port on Agent1 and zone as public.
b. Open all incoming connection for 9007/tcp port on Agent2 and zone as public.
c. Open all incoming connection for 8097/tcp port on Agent3 and zone as public.
类 是:
class firewall_node1 {
firewalld_rich_rule { 'Open all incoming connection for 8083/tcp port on Agent1':
ensure => present,
zone => 'public',
log => {
'level' => 'debug',
'prefix' => 'puppetFirewallD'
},
port => {
'port' => 8083,
'protocol' => 'tcp'
},
action => 'accept',
}
}
class firewall_node2 {
firewalld_rich_rule { 'Open all incoming connection for 9007/tcp port on Agent2':
ensure => present,
zone => 'public',
log => {
'level' => 'debug',
'prefix' => 'puppetFirewallD'
},
port => {
'port' => 9007,
'protocol' => 'tcp'
},
action => 'accept',
}
}
class firewall_node3 {
firewalld_rich_rule { 'Open all incoming connection for 8097/tcp port on Agent3':
ensure => present,
zone => 'public',
log => {
'level' => 'debug',
'prefix' => 'puppetFirewallD'
},
port => {
'port' => 8097,
'protocol' => 'tcp'
},
action => 'accept',
}
}
当尝试应用上述防火墙规则时,我看到以下错误:
root@agent1]# puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Unknown resource type: 'firewalld_rich_rule' (file: /etc/puppetlabs/code/environments/production/manifests/ruls.pp, line: 2, column: 2) on node agent1.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
[root@agent1]#
请将此想法用于故障排除?
您的 类 正在尝试使用名为 firewalld_rich_rule 的资源类型,但管理员拒绝承认对此类资源类型的任何了解。这是合理的,因为核心 Puppet 中不包含此类资源类型。
我不确定您要使用哪个 firewalld_rich_rule,但我的第一个猜测是它是来自 puppet/firewalld module. Whichever one it is, you'll need to install the module 的那个,包含在您的 Puppet master 中。如果您使用的环境不是默认的“生产”环境,那么一定要将模块安装到正确的环境中。
错误:未知资源类型:'firewalld_rich_rule'
关注此 link 之后:https://forge.puppet.com/puppet/firewalld/readme
发现'puppet firewalld module'本身没有安装
使用 'puppet module install puppet-firewalld --version 4.3.0' 命令安装后,能够使用 puppet 成功应用防火墙规则。
网络拓扑:
使用 puppet,我正在尝试对代理应用不同的防火墙规则。
在 Puppet master 中有 nodes.pp 个文件包含所有代理的信息:
node 'agent1.com' {
include firewall_node1
}
node 'agent2.com' {
include firewall_node2
}
node 'agent3.com' {
include firewall_node3
}
并且有 3 类 在 rules.pp 中定义了以下防火墙规则:
a. Open all incoming connection for 8083/tcp port on Agent1 and zone as public.
b. Open all incoming connection for 9007/tcp port on Agent2 and zone as public.
c. Open all incoming connection for 8097/tcp port on Agent3 and zone as public.
类 是:
class firewall_node1 {
firewalld_rich_rule { 'Open all incoming connection for 8083/tcp port on Agent1':
ensure => present,
zone => 'public',
log => {
'level' => 'debug',
'prefix' => 'puppetFirewallD'
},
port => {
'port' => 8083,
'protocol' => 'tcp'
},
action => 'accept',
}
}
class firewall_node2 {
firewalld_rich_rule { 'Open all incoming connection for 9007/tcp port on Agent2':
ensure => present,
zone => 'public',
log => {
'level' => 'debug',
'prefix' => 'puppetFirewallD'
},
port => {
'port' => 9007,
'protocol' => 'tcp'
},
action => 'accept',
}
}
class firewall_node3 {
firewalld_rich_rule { 'Open all incoming connection for 8097/tcp port on Agent3':
ensure => present,
zone => 'public',
log => {
'level' => 'debug',
'prefix' => 'puppetFirewallD'
},
port => {
'port' => 8097,
'protocol' => 'tcp'
},
action => 'accept',
}
}
当尝试应用上述防火墙规则时,我看到以下错误:
root@agent1]# puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Unknown resource type: 'firewalld_rich_rule' (file: /etc/puppetlabs/code/environments/production/manifests/ruls.pp, line: 2, column: 2) on node agent1.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
[root@agent1]#
请将此想法用于故障排除?
您的 类 正在尝试使用名为 firewalld_rich_rule 的资源类型,但管理员拒绝承认对此类资源类型的任何了解。这是合理的,因为核心 Puppet 中不包含此类资源类型。
我不确定您要使用哪个 firewalld_rich_rule,但我的第一个猜测是它是来自 puppet/firewalld module. Whichever one it is, you'll need to install the module 的那个,包含在您的 Puppet master 中。如果您使用的环境不是默认的“生产”环境,那么一定要将模块安装到正确的环境中。
错误:未知资源类型:'firewalld_rich_rule'
关注此 link 之后:https://forge.puppet.com/puppet/firewalld/readme
发现'puppet firewalld module'本身没有安装
使用 'puppet module install puppet-firewalld --version 4.3.0' 命令安装后,能够使用 puppet 成功应用防火墙规则。