Duplicate declaration from create_resources, from query_facts

asked 2016-05-16 13:11:05 -0500

fura gravatar image

Hi all!

I tried to make flexibly and abruptly but have received an array of problems.

What i do? I use puppetdb, puppetlabs-firewall, and create_resource for permission of access to any services.

My code:

define profile::firewall::fgrant (
  $fqdn           = undef,
  $ipaddress       = undef,
  $ipaddress_eth0 = undef,
  $ipaddress_eth1 = undef,
  $port           = undef,
  $num            = undef,
  $comment        = undef,
  $proto          = 'tcp',
) {

  if $ipaddress != undef {
    $real_ip = $ipaddress
  if $ipaddress_eth0 != undef {
    $real_ip = $ipaddress_eth0
  if $ipaddress_eth1 != undef {
    $real_ip = $ipaddress_eth1

  firewall { "$num allow $title-$port to $comment":
    dport  => $port,
    proto  => $proto,
    source => "$real_ip",
    action => accept,

This code i use for create firewall access. ipaddress, ipaddresseth0 and ipaddresseth1 need because i have many different virtual hostnigs providers - they have various schemes of a name private ip and public ip. What ip is i set from variable when get JSON:

 $lv_webs = query_facts("fqdn~\"$prj$env$instance-w.*\"", [ 'fqdn', $network_local ])

$network_local i define from variable "datacentr" in hiera and this work good.

and at least how i define all this. Example how i create access all webs and all admins nodes (of specific project and environment and instance) for database to service sphinx (database::sphinx):

 $defaults = {
    'num'     => '230',
    'comment' => 'sphinx',
    'port'    => '9312',

  $lv_webs = query_facts("fqdn~\"$prj$env$instance-w.*\"", [ 'fqdn', $network_local ])
  create_resources ( profile::firewall::fgrant, $lv_webs, $defaults )

  $lv_admins = query_facts("fqdn~\"$prj$env$instance-a.*\"", [ 'fqdn', $network_local ])
  create_resources ( profile::firewall::fgrant, $lv_admins, $defaults )

This work just great

But if i need add access more than one service (with this method) i get Error : Duplicate declaration...

 $defaults = {
    'num'     => '240',
    'comment' => 'memcached',
    'port'    => '11211',

  $lv_webs = query_facts("fqdn~\"$prj$env$instance-w.*\"", [ 'fqdn', $network_local ])
  create_resources ( profile::firewall::fgrant, $lv_webs, $defaults )

Because query_facts return array with same title. Duplicate declaration: Profile::Firewall::Fgrant[lcctest-w2] is already declared;

First of all I think modify/concat title (from queryfacts in variable $lvwebs) with port or "service name" and after call create_resources, but i dont know how this do in puppet =(.

Thnx for any advise.

edit retag flag offensive close merge delete