我已经将这个模块克隆到我的木偶服务器上。 我似乎无法理解我应该如何将这个包含到节点中。 我在做:
nodetest1 { include firewalld } 但是这并不适用于我已经设置的所有configuration,例如,我已经采取了示例文件夹中的zone.pp文件并将其复制到了清单文件夹。 但是在节点上它不会创build一个新的区域。
我怎么能包括这个,我错过了什么?
这些模块应该被克隆到环境的模块目录中,例如/ etc / puppet / environments / production / modules / firewalld:
基本模块path
The base modulepath is a list of global module directories for use with all environments. It can be configured with the basemodulepath setting, but its default value is probably suitable for you unless you're doing something unusual. The default value of the basemodulepath setting is $codedir/modules:/opt/puppetlabs/puppet/modules. (On Windows, it will just use $codedir\modules.)
并强制一个模块可以find应该使用以下语法:
nodetest1 { class { '::firewalld': } }
请注意, include仅检查目录中是否有某个类可用:
包含行为
The include, require, contain, and hiera_include functions let you safely declare a class multiple times; no matter how many times you declare it, a class will only be added to the catalog once. This can allow classes or defined types to manage their own dependencies, and lets you create overlapping “role” classes where a given node can have more than one role.
为了使用模块:
自述
This is puppet-firewalld a puppet module for firewalld. You have several ways how to install it: a) Install module from Puppet Forge # puppet module install jpopelka-firewalld b) If you run Fedora/EPEL7, use # yum install puppet-firewalld c) If you want to keep up with upstream git repo, you can do: $ cd ~; mkdir git; cd git $ git clone https://github.com/jpopelka/puppet-firewalld.git $ su -c 'ln -s /home/user/git/puppet-firewalld /etc/puppet/modules/firewalld' Look in the examples/ folder for usage. See http://jpopelka.fedorapeople.org/puppet-firewalld/doc for documentation, or generate it yourself: puppet doc --mode rdoc --outputdir ./moduledocs --modulepath /etc/puppet/modules/
声明一个例子:
firewalld::service { 'dummy': description => 'My dummy service', ports => [{port => '1234', protocol => 'tcp',},], modules => ['some_module_to_load'], destination => {ipv4 => '224.0.0.251', ipv6 => 'ff02::fb'}, }
代替
nodetest1 { include firewalld }
以部署模块的一些function。
首先,确保模块在你的模块modulepath 。 要弄清楚什么configuration为您的modulepath :
$ sudo puppet config print modulepath /etc/puppet/modules:/usr/share/puppet/modules
所以,在我的情况下,应该有一个/etc/puppet/modules/firewalld目录。
其次,根据示例定义节点 ,定义应该是这样的:
node nodetest1 { class {'firewalld::configuration': default_zone => 'custom', } # define a zone firewalld::zone { 'custom': description => 'This is an example zone', services => ['ssh', 'dhcpv6-client'], ports => [{ port => '1234', protocol => 'tcp',},], masquerade => true, forward_ports => [{ port => '123', protocol => 'tcp', to_port => '321', to_addr => '1.2.3.4',},], rich_rules => [{ family => 'ipv4', source => { address => '1.1.1.1', invert => true,}, destination => { address => '2.2.2.2/24',}, port => { portid => '123-321', protocol => 'udp',}, log => { prefix => 'testing', level => 'notice', limit => '3/s',}, audit => { limit => '2/h',}, action => { action_type => 'reject', reject_type => 'icmp-host-prohibited', limit => '2/m',}, },], } }
如果不适用,请查看puppetmaster和nodetest的日志(在类似RHEL的发行版/var/log/messages )。
对于木偶3:
看看这个:
nodetest1 { include firewalld }
写入
/etc/puppet/manifests/site.pp
或在此文件中导入的文件:
import path/to/file.pp
这也适用于使用环境但缺省path为
/etc/puppet/environment/<env>/manifests/site.pp
作为开始文件。
对于木偶4:
几乎像木偶3一样。path是
/etc/puppetlabs/puppet/manifests/site.pp
或者如果你使用环境
/etc/puppetlabs/code/environments/<env>/manifest/site.pp