How do I create an exception to a puppet catalog?

asked 2013-03-22 12:51:50 -0600

thewellington gravatar image

How do I create and exception to a puppet catalog?

Specifically I want to use Puppet to manage a one-off set of firewall rules, to be combined with the default ruleset.

This is for a single legacy system only, it should get the default set of rules, AND several additional rules.

It seems silly to me to put this on the puppet master, since it truly will only ever be a one-off thing... Can I put this in the modules directory on the local machine? Will Pupped comile a catalog from the server and from the local machine?

Did you ever end up solving this?

Ancillas gravatar imageAncillas ( 2013-04-08 01:48:30 -0600 )edit

answered 2013-03-23 14:37:02 -0600

Ancillas gravatar image

updated 2013-03-25 15:58:51 -0600

Ideally, your firewall module is flexible (built with defined types), and allows for one offs.

I don't think you can combine modules on the client with modules on the master, but what you could do is use a firewall module that is parameterized, and that uses defined types for rules. This way, you would create a node definition for your one-off server in site.pp, and alter your default setup slightly by passing in the special firewall rules to the firewall module.

I am using the puppetlabs/firewall module I have it installed on the master at /etc/puppetlabs/puppet/modules... I have a default set of firewall rules that are pushed ...(more)

thewellington gravatar imagethewellington ( 2013-03-25 13:15:55 -0600 )edit

answered 2013-03-24 22:24:59 -0600

astrostl gravatar image

"It seems silly to me to put this on the puppet master, since it truly will only ever be a one-off thing..."

Responding to philosophy, as a tech answer already exists: is this a one-off thing that matters? That you'd want to rebuild if it died, that you'd build again if starting from scratch? Configuration management can (and IMO should) encompass everything, not just the shared/common components.

I guess that makes sense... I hadn't looked at it form that point of view.

thewellington gravatar imagethewellington ( 2013-03-25 13:18:58 -0600 )edit

Asked: 2013-03-22 12:51:50 -0600

Seen: 755 times

Last updated: Mar 25 '13