resources type and different providers

16 views
Skip to first unread message

Cristian Falcas

unread,
Jun 26, 2014, 10:25:44 AM6/26/14
to puppet...@googlegroups.com
Hello,

I'm trying to make a new provider for the firewall type ( for amazon security groups ).

But I'm trying to use both providers inside the catalog: some rules I need for iptables only (for ex. nat rules), others for the security groups only. I'm differentiating between the rules with a special tag.

In my code I have this rule to change the provider:

  Firewall <| tag != 'iptables' |> {
    provider => 'aws_securitygroup',
    line     => 'test',
    action   => 'accept',
  }

Much to my surprise, both providers are executed for each firewall rule: so i have a security rule added and an iptables rule.

I like this very much, because at first I thought that only the amazon rules will be executed.

My question is: is this the expected behavior? Or it's some kind of bug I stumbled upon?

Best regards,
Cristian Falcas

Felix Frank

unread,
Jun 26, 2014, 2:06:09 PM6/26/14
to puppet...@googlegroups.com
On 06/26/2014 04:24 PM, Cristian Falcas wrote:
> Much to my surprise, both providers are executed for each firewall rule:
> so i have a security rule added and an iptables rule.
>
> I like this very much, because at first I thought that only the amazon
> rules will be executed.
>
> My question is: is this the expected behavior? Or it's some kind of bug
> I stumbled upon?

Sounds weird to me. Could you file a ticket for an investigation?

Thanks,
Felix

Cristian Falcas

unread,
Jun 26, 2014, 2:33:46 PM6/26/14
to puppet...@googlegroups.com



--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/53AC60B5.2090806%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

jcbollinger

unread,
Jun 26, 2014, 3:04:08 PM6/26/14
to puppet...@googlegroups.com


The expected behavior is that each resource instance be served by exactly one provider (or fail if there are no suitable providers).  It is possible, though, that your aws_securitygroup provider's implementation somehow causes the iptables provider also to run for resources to which the aws_securitygroup provider is assigned.  I rate that more likely, but...

It is also conceivable that a bug has crept in to Puppet in the area of selecting providers where there are multiple suitable ones for a given resource.


John

Reply all
Reply to author
Forward
0 new messages