puppet 3.4: N00b has Trouble with regexes in a if-else structure manifest config.pp

[notif...@gmail.com]

Hi

I'm probably doing something horribly wrong. I can sense it, but it hasn't properly kicked in yet...

I'm trying to create a module for iptables. This is to make servers that have similar purpose, have the same flrewall configuration.

I created the modules/iptables/{manifests,files,templates} structure, Iike I have for a few modules I have been able to put together.

For some reason puppet claims not to see the iptables:::config class, which I have tried to setup in multiple ways, using regexes.

Configuration is like so:

class iptables::config {

## servers with "host" in their name

if $hostname =~         /\w*host+(.*)/ {

                ## iptables config file

                file { "/etc/sysconfig/iptables":

                        ensure  => present,

                        source  => "puppet://puppet/modules/iptables/iptables.vmhosts",

                        mode    => 0600,

                        require =>      Class["iptables::install"],

                        notify =>       Class["iptables::service"],

                        }

        }

##  (Anything with "qtm" in its hostname )

elsif $hostname =~      /\S*qtm\D+(.*)/ {

                ## iptables config file

                file { "/etc/sysconfig/iptables":

                        ensure  => present,

                        source  => "puppet://puppet/modules/iptables/iptables.qtm",

                        mode    => 0600,

                        require =>      Class["iptables::install"],

                        notify =>       Class["iptables::service"],

                        }

        }

    .......snip...

else                    {

##The others are custom jobs (  ) so they cant be grouped so easy.

## Working on that...

        warning("Coming soon for $hostname")

        }

}

The agents all cry "Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class iptables::config for myname on node me"

Please can some kind person show a poor little beginner what I am doing wrong?

Thanks!

[Rafael Cristaldo]

Hi... Can you make a " ls /modules/iptables/manifests/ ??

What do you have in the file  init.pp ?

Something is wrong there!!

[notif...@gmail.com]

Hi, This is what I have there:

#ls ../modules/iptables/manifests/

config.pp  init.pp  install.pp  service.pp

# cat ../modules/iptables/manifests/init.pp 

class iptables   {

        include iptables::install, iptables::config, iptables::service

[Joseph Swick]

On 02/10/2014 03:36 PM, notif...@gmail.com wrote:
> Hi
>
> I'm probably doing something horribly wrong. I can sense it, but it hasn't
> properly kicked in yet...
>
> I'm trying to create a module for iptables. This is to make servers that
> have similar purpose, have the same flrewall configuration.
> I created the modules/iptables/{manifests,files,templates} structure, Iike
> I have for a few modules I have been able to put together.

Out of (a possibly morbid) curiosity, have you looked at the
Puppetlabs-firewall module? It may already do some of the things that
you're trying to do (with regards to managing iptables). At first
glance, it would seem that you maybe trying to reinvent work that other
people have already solved.

https://github.com/puppetlabs/puppetlabs-firewall

> For some reason puppet claims not to see the iptables:::config class, which
> I have tried to setup in multiple ways, using regexes.
> Configuration is like so:
>
> class iptables::config {
>

<trim>

>
> The agents all cry "Could not retrieve catalog from remote server: Error
> 400 on SERVER: Could not find class iptables::config for myname on node me"

Is the file containing iptables::config in the appropriate directory and
named properly? E.g: modules/iptables/manifests/config.pp ?

> Please can some kind person show a poor little beginner what I am doing
> wrong?
>
> Thanks!
>

--
Joseph Swick <joseph...@meltwater.com>
Operations Engineer
Meltwater Group

[Rafael Cristaldo]

OK Notif...

Check out this questions!:

1) All yours manifests are located in modules/iptables/manifests/ ?
- init.pp
- config.pp
- install.pp
- service.pp

2) After o finish written then..did you validate it?

# puppet parser validate /etc/modules/iptables/manifests/install.pp
And validate the others files too... config.pp   install.pp and service.pp
No syntax errors ?

3) Are you using site.pp to declare the nodes with the include config?

My suggestion:

site.pp

node blablabla {
              include iptables
}

init.pp

#iptables

include iptables::install
include iptables::config
include iptables::service

Class['iptables::install'} ->
 Class['iptables::config'] ~>
  Class['iptables::service']

In the manifests keep just the notify configuration to the config.pp. Remove the require!.
The init.pp will take care the order!

[jcbollinger]

On Monday, February 10, 2014 2:36:05 PM UTC-6, notif...@gmail.com wrote:

Hi

I'm probably doing something horribly wrong. I can sense it, but it hasn't properly kicked in yet...

I'm trying to create a module for iptables. This is to make servers that have similar purpose, have the same flrewall configuration.

I created the modules/iptables/{manifests,files,templates} structure, Iike I have for a few modules I have been able to put together.

For some reason puppet claims not to see the iptables:::config class,

If during catalog compilation Puppet encounters a declaration of class iptables::config, and no definition of that class has yet been discovered, then Puppet will look for a definition in <module_path>/iptables/manifests/config.pp.  If there are multiple directories in your module path then Puppet will check each, in order.  Moreover, the Puppet master must be able to read that file.  In that regard, note especially that the master normally runs as an unprivileged user (named "puppet" by default). 

John