Ask Your Question
0

How do I create an exception to a puppet catalog?

asked 2013-03-22 12:51:50 -0500

thewellington gravatar image

How do I create and exception to a puppet catalog?

Specifically I want to use Puppet to manage a one-off set of firewall rules, to be combined with the default ruleset.

This is for a single legacy system only, it should get the default set of rules, AND several additional rules.

It seems silly to me to put this on the puppet master, since it truly will only ever be a one-off thing... Can I put this in the modules directory on the local machine? Will Pupped comile a catalog from the server and from the local machine?

Thanks for ... (more)

edit retag flag offensive close merge delete

Comments

Did you ever end up solving this?

Ancillas gravatar imageAncillas ( 2013-04-08 01:48:30 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
1

answered 2013-03-23 14:37:02 -0500

Ancillas gravatar image

updated 2013-03-25 15:58:51 -0500

Ideally, your firewall module is flexible (built with defined types), and allows for one offs.

I don't think you can combine modules on the client with modules on the master, but what you could do is use a firewall module that is parameterized, and that uses defined types for rules. This way, you would create a node definition for your one-off server in site.pp, and alter your default setup slightly by passing in the special firewall rules to the firewall module.

This way, you're not writing a bunch of extra code in specialized modules. Instead, you're ... (more)

edit flag offensive delete link more

Comments

I am using the puppetlabs/firewall module I have it installed on the master at /etc/puppetlabs/puppet/modules... I have a default set of firewall rules that are pushed ...(more)

thewellington gravatar imagethewellington ( 2013-03-25 13:15:55 -0500 )edit
0

answered 2013-03-24 22:24:59 -0500

astrostl gravatar image

"It seems silly to me to put this on the puppet master, since it truly will only ever be a one-off thing..."

Responding to philosophy, as a tech answer already exists: is this a one-off thing that matters? That you'd want to rebuild if it died, that you'd build again if starting from scratch? Configuration management can (and IMO should) encompass everything, not just the shared/common components.

edit flag offensive delete link more

Comments

I guess that makes sense... I hadn't looked at it form that point of view.

thewellington gravatar imagethewellington ( 2013-03-25 13:18:58 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2013-03-22 12:51:50 -0500

Seen: 652 times

Last updated: Mar 25 '13