我正在尝试将此模块与 puppet 一起使用:https ://github.com/duritong/puppet-shorewall
按照这个例子,我得到了规则的工作
node xy {
class{'config::site_shorewall':
startup => "0" # create shorewall ruleset but don't startup
}
shorewall::rule {
'incoming-ssh': source => 'all', destination => '$FW', action => 'SSH(ACCEPT)', order => 200;
'incoming-puppetmaster': source => 'all', destination => '$FW', action => 'Puppetmaster(ACCEPT)', order => 300;
'incoming-imap': source => 'all', destination => '$FW', action => 'IMAP(ACCEPT)', order => 300;
'incoming-smtp': source => 'all', destination => '$FW', action => 'SMTP(ACCEPT)', order => 300;
}
}
现在我想把它打包到hiera中。通过一些研究,我在这里找到了如何将不同变量转换为 hiera 哈希的解释:http: //puppetlunch.com/puppet/hiera.html
现在,当原始示例转换为 hiera 时,如果我没记错的话,它应该看起来像这样(hiera 中只有 2 个示例):
---
classes:
- shorewall
shorewall::rule:
incoming-ssh:
source: 'all'
destination: '$FW'
action: 'SSH(ACCEPT)'
order: '200'
incoming-puppetmaster:
source: 'all'
destination: '$FW'
action: 'Puppetmaster(ACCEPT)'
order: 200
配置文件中除了页眉和页脚之外没有数据可能是什么问题?
猫 /etc/shorewall/puppet/rules
#
# Shorewall version 3.4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# See http://shorewall.net/Documentation.htm#Rules for additional information.
#
#############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE