FAQ
We're using Puppet to build up a few docker containers, and we find that
the puppetlabs-firewall module throws some errors during initial
compilation. These errors are ignorable ... but they're obnoxious. Is there
a way to explicitly disable a module from being parsed for a particular
node type?

Debug: Puppet::Type::Firewall::ProviderIptables: [instances]
Error: /Stage[main]/Main/Resources[firewall]: Failed to generate
additional resources using 'generate': Command iptables_save is missing

(obviously this is more than just not saying 'include firewall' ... because
the provider/types get parsed regardless of whether or not we 'include
firewall').

Matt Wise
Sr. Systems Architect
Nextdoor.com

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOHkZxPa4NsYzf-afSD3LLNTmOHeMcCs39KOJNFPxC-im21Y4g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • Felix Frank at Dec 26, 2014 at 8:08 pm
    Hi,
    On 12/16/2014 06:14 PM, Matt Wise wrote:
    We're using Puppet to build up a few docker containers, and we find
    that the puppetlabs-firewall module throws some errors during initial
    compilation. These errors are ignorable ... but they're obnoxious. Is
    there a way to explicitly disable a module from being parsed for a
    particular node type?

    Debug: Puppet::Type::Firewall::ProviderIptables: [instances]
    Error: /Stage[main]/Main/Resources[firewall]: Failed to generate
    additional resources using 'generate': Command iptables_save is
    missing


    (obviously this is more than just not saying 'include firewall' ...
    because the provider/types get parsed regardless of whether or not we
    'include firewall').
    the providers should not generate error output on their own accord.
    Debugging messages - sure. Don't collect those during provisioning ;-)

    I believe that you do something along the lines of `resources {
    'firewall': purge => true }` on the global scope. Move this to a
    site-specific firewall wrapper module. Create a special environment that
    mirrors production, but replaces this wrapper module with a stub. This
    way, nodes can effectively ignore firewalling during provisioning. You
    can even remove the puppetlabs-firewall module from this environment, I
    believe.

    Failing that, you can always fall back to a custom fact that is false
    during the initial run, and true afterwards. Wrap any firewalling
    resources in queries for this fact value.

    HTH,
    Felix

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/549DC02E.9060903%40Alumni.TU-Berlin.de.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedDec 16, '14 at 5:14p
activeDec 26, '14 at 8:08p
posts2
users2
websitepuppetlabs.com

2 users in discussion

Matt Wise: 1 post Felix Frank: 1 post

People

Translate

site design / logo © 2022 Grokbase