name resolver
28 views
Skip to first unread message
Albert Shih
Nov 14, 2016, 4:41:29 PM11/14/16
to puppet...@googlegroups.com
Hi,
Is they are any way puppet can make some "name resolver" ?
The purpose is to make the firewall rule withouts putting the ip adresse
inside hiera.
For example I want add on all my host something like
firewal {'accept for puppetserver':
....
destination => 'puppetmaster.server'
}
instead
firewal {'accept for puppetserver':
....
destination => 'x.y.z.t/32',
}
regards.
--
Albert SHIH
DIO bātiment 15
Observatoire de Paris
5 Place Jules Janssen
92195 Meudon Cedex
France
xmpp: j...@obspm.fr
Heure local/Local time:
lun 14 nov 2016 22:38:39 CET
Is they are any way puppet can make some "name resolver" ?
The purpose is to make the firewall rule withouts putting the ip adresse
inside hiera.
For example I want add on all my host something like
firewal {'accept for puppetserver':
....
destination => 'puppetmaster.server'
}
instead
firewal {'accept for puppetserver':
....
destination => 'x.y.z.t/32',
}
regards.
--
Albert SHIH
DIO bātiment 15
Observatoire de Paris
5 Place Jules Janssen
92195 Meudon Cedex
France
xmpp: j...@obspm.fr
Heure local/Local time:
lun 14 nov 2016 22:38:39 CET
Peter Faller
Nov 15, 2016, 2:44:39 AM11/15/16
to Puppet Users, Alber...@obspm.fr
Hi Albert
Here's a custom parser function that can resolve names:
require "resolv"
module Puppet::Parser::Functions
newfunction(
:name2ip,
:type => :rvalue,
:doc => "name2ip( hostname ) => ip_address"
) do |arguments|
raise(Puppet::ParseError, "name2ip(): Wrong number of arguments given (#{arguments.size} for 1)") if arguments.size < 1
name = arguments[0]
begin
return Resolv.getaddress(name)
rescue
begin
return Resolv::Hosts.new.getaddress(name)
rescue
raise(Puppet::Error, "Can't resolve host name '#{name}' to an IP address")
end
end
end
end
R.I.Pienaar
Nov 15, 2016, 3:33:29 AM11/15/16
to puppet-users
there are several on the forge too, but there's a good
reason your firewall doesnt allow you to enter names, its
not a safe thing to do.
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email
> to puppet-users...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/ed9160af-82e5-4131-aae0-84dfaa8a507a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
reason your firewall doesnt allow you to enter names, its
not a safe thing to do.
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email
> to puppet-users...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/ed9160af-82e5-4131-aae0-84dfaa8a507a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Albert Shih
Nov 16, 2016, 2:30:57 AM11/16/16
to puppet...@googlegroups.com
Le 15/11/2016 à 08:33:12+0000, R.I.Pienaar a écrit
infrastructure. So managing the acl rules by hand is dangourous too ;-)
Regards.
--
Albert SHIH
DIO bâtiment 15
> there are several on the forge too, but there's a good
> reason your firewall doesnt allow you to enter names, its
> not a safe thing to do.
Yes I know that, but we got a very complexe and lot of changing
> reason your firewall doesnt allow you to enter names, its
> not a safe thing to do.
infrastructure. So managing the acl rules by hand is dangourous too ;-)
Regards.
--
Albert SHIH
DIO bâtiment 15
Observatoire de Paris
5 Place Jules Janssen
92195 Meudon Cedex
France
xmpp: j...@obspm.fr
Heure local/Local time:
mer 16 nov 2016 08:29:13 CET
5 Place Jules Janssen
92195 Meudon Cedex
France
xmpp: j...@obspm.fr
Heure local/Local time:
Reply all
Reply to author
Forward
0 new messages