I have cloned this module onto my puppet server. I cannot seem to understand how I should be including this into a node. I am doing:
nodetest1 {
include firewalld
}
But this does not apply all the configuration I have set, e.g. I have taken the zone.pp file in the examples folder and copied to the manifests folder. However on the node it does not create a new zone.
How can I include this and what am I missing?
The modules should be cloned to the modules directory of an environment, e.g., /etc/puppet/environments/production/modules/firewalld:
The base modulepath is a list of global module directories for use with all environments. It
can be configured with the basemodulepath setting, but its default value is probably suitable
for you unless you’re doing something unusual.
The default value of the basemodulepath setting is
$codedir/modules:/opt/puppetlabs/puppet/modules. (On Windows, it will just use
$codedir\modules.)
and to force that a module can be found the following syntax should be used:
nodetest1 {
class { '::firewalld': }
}
Note that an include only checks whether a certain class is available in the catalog:
The include, require, contain, and hiera_include functions let you safely declare a class
multiple times; no matter how many times you declare it, a class will only be added to the
catalog once. This can allow classes or defined types to manage their own dependencies, and
lets you create overlapping “role” classes where a given node can have more than one role.
In order to use the module:
This is puppet-firewalld a puppet module for firewalld.
You have several ways how to install it:
a) Install module from Puppet Forge
# puppet module install jpopelka-firewalld
b) If you run Fedora/EPEL7, use
# yum install puppet-firewalld
c) If you want to keep up with upstream git repo, you can do:
$ cd ~; mkdir git; cd git
$ git clone https://github.com/jpopelka/puppet-firewalld.git
$ su -c 'ln -s /home/user/git/puppet-firewalld /etc/puppet/modules/firewalld'
Look in the examples/ folder for usage.
See http://jpopelka.fedorapeople.org/puppet-firewalld/doc
for documentation, or generate it yourself:
puppet doc --mode rdoc --outputdir ./moduledocs --modulepath /etc/puppet/modules/
Declare one of the examples:
firewalld::service { 'dummy':
description => 'My dummy service',
ports => [{port => '1234', protocol => 'tcp',},],
modules => ['some_module_to_load'],
destination => {ipv4 => '224.0.0.251', ipv6 => 'ff02::fb'},
}
instead of
nodetest1 {
include firewalld
}
in order to deploy some functionality of the module.
First, make sure the module is in your modulepath. To figure out what's configured as your modulepath:
$ sudo puppet config print modulepath
/etc/puppet/modules:/usr/share/puppet/modules
So, in my case, there should be a /etc/puppet/modules/firewalld directory.
Secondly, to define the node according to the example, the definition should look something like this:
node nodetest1 {
class {'firewalld::configuration':
default_zone => 'custom',
}
# define a zone
firewalld::zone { 'custom':
description => 'This is an example zone',
services => ['ssh', 'dhcpv6-client'],
ports => [{
port => '1234',
protocol => 'tcp',},],
masquerade => true,
forward_ports => [{
port => '123',
protocol => 'tcp',
to_port => '321',
to_addr => '1.2.3.4',},],
rich_rules => [{
family => 'ipv4',
source => {
address => '1.1.1.1',
invert => true,},
destination => {
address => '2.2.2.2/24',},
port => {
portid => '123-321',
protocol => 'udp',},
log => {
prefix => 'testing',
level => 'notice',
limit => '3/s',},
audit => {
limit => '2/h',},
action => {
action_type => 'reject',
reject_type => 'icmp-host-prohibited',
limit => '2/m',},
},],
}
}
If it does not apply, look in the puppetmaster's and nodetest's logs(in RHEL-like distros, /var/log/messages).
For Puppet 3:
Check out that this:
nodetest1 {
include firewalld
}
is written to
/etc/puppet/manifests/site.pp
or a file that is imported within this file with:
import path/to/file.pp
This also applies if you use environments but the default path is
/etc/puppet/environment/<env>/manifests/site.pp
as starting file.
For Puppet 4:
Nearly the same like for Puppet 3. The paths are
/etc/puppetlabs/puppet/manifests/site.pp
or if you use environments
/etc/puppetlabs/code/environments/<env>/manifest/site.pp
