我已经克隆了这个模块到我的 Puppet 服务器上。我似乎无法理解如何将其包含到节点中。我正在做:
nodetest1 {
include firewalld
}
但这不适用我设置的所有配置,例如,我已将zone.pp示例文件夹中的文件复制到清单文件夹。然而,它不会在节点上创建新区域。
我怎样才能将其包括在内以及我遗漏了什么?
答案1
模块应该被克隆到环境的模块目录中,例如 /etc/puppet/environments/production/modules/firewalld:
The base modulepath is a list of global module directories for use with all environments. It
can be configured with the basemodulepath setting, but its default value is probably suitable
for you unless you’re doing something unusual.
The default value of the basemodulepath setting is
$codedir/modules:/opt/puppetlabs/puppet/modules. (On Windows, it will just use
$codedir\modules.)
为了强制找到模块,应该使用以下语法:
nodetest1 {
class { '::firewalld': }
}
请注意,include仅检查目录中某个类是否可用:
The include, require, contain, and hiera_include functions let you safely declare a class
multiple times; no matter how many times you declare it, a class will only be added to the
catalog once. This can allow classes or defined types to manage their own dependencies, and
lets you create overlapping “role” classes where a given node can have more than one role.
为了使用该模块:
This is puppet-firewalld a puppet module for firewalld.
You have several ways how to install it:
a) Install module from Puppet Forge
# puppet module install jpopelka-firewalld
b) If you run Fedora/EPEL7, use
# yum install puppet-firewalld
c) If you want to keep up with upstream git repo, you can do:
$ cd ~; mkdir git; cd git
$ git clone https://github.com/jpopelka/puppet-firewalld.git
$ su -c 'ln -s /home/user/git/puppet-firewalld /etc/puppet/modules/firewalld'
Look in the examples/ folder for usage.
See http://jpopelka.fedorapeople.org/puppet-firewalld/doc
for documentation, or generate it yourself:
puppet doc --mode rdoc --outputdir ./moduledocs --modulepath /etc/puppet/modules/
声明其中一个示例:
firewalld::service { 'dummy':
description => 'My dummy service',
ports => [{port => '1234', protocol => 'tcp',},],
modules => ['some_module_to_load'],
destination => {ipv4 => '224.0.0.251', ipv6 => 'ff02::fb'},
}
代替
nodetest1 {
include firewalld
}
以便部署模块的某些功能。
答案2
首先,确保模块位于您的 中modulepath。要弄清楚您的 的配置是什么modulepath:
$ sudo puppet config print modulepath
/etc/puppet/modules:/usr/share/puppet/modules
因此,就我而言,应该有一个/etc/puppet/modules/firewalld目录。
其次,定义节点根据示例,定义应该是这样的:
node nodetest1 {
class {'firewalld::configuration':
default_zone => 'custom',
}
# define a zone
firewalld::zone { 'custom':
description => 'This is an example zone',
services => ['ssh', 'dhcpv6-client'],
ports => [{
port => '1234',
protocol => 'tcp',},],
masquerade => true,
forward_ports => [{
port => '123',
protocol => 'tcp',
to_port => '321',
to_addr => '1.2.3.4',},],
rich_rules => [{
family => 'ipv4',
source => {
address => '1.1.1.1',
invert => true,},
destination => {
address => '2.2.2.2/24',},
port => {
portid => '123-321',
protocol => 'udp',},
log => {
prefix => 'testing',
level => 'notice',
limit => '3/s',},
audit => {
limit => '2/h',},
action => {
action_type => 'reject',
reject_type => 'icmp-host-prohibited',
limit => '2/m',},
},],
}
}
如果不适用,请查看 puppetmaster 和nodetest的日志(在类似 RHEL 的发行版中/var/log/messages)。
答案3
对于 Puppet 3:
检查一下这个:
nodetest1 {
include firewalld
}
写给
/etc/puppet/manifests/site.pp
或在此文件中导入的文件:
import path/to/file.pp
如果您使用环境但默认路径为
/etc/puppet/environment/<env>/manifests/site.pp
作为起始文件。
对于 Puppet 4:
与 Puppet 3 几乎相同。路径如下
/etc/puppetlabs/puppet/manifests/site.pp
或者如果你使用环境
/etc/puppetlabs/code/environments/<env>/manifest/site.pp