1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# I have environment wide config that says what nets exist, what ip addresses # are associated with what servers etc. This file is structurally the same # for test, prod, etc. but the content changes from one to the next # Then I have a build module for each machine type, that refers back to the # definitions in the environment config # Started with # In my environment specific config: $sources = {mgt_ops => '192.168.1.0/24' } iptables::source {'mgt_ops': srcs => $sources[mgt_ops] } # In the build file for machine type 1, I had nbx5::connection {'mgt_ops': from => 'MGT_OPS', # that worked fine until I needed to build machine type 2 that didn't need that # connection, but others instead. I found that type 2 got Iptables::Source['mgt_ops'] # defined, so I made it virtual: # In my environment specific config: $sources = {mgt_ops => '192.168.1.0/24' } @iptables::source {'mgt_ops': srcs => $sources[mgt_ops] } # In the build file for machine type 1: nbx5::connection {'mgt_ops': from => 'MGT_OPS', # In the build file for machine type 2: nbx5::connection {'other_hosts': from => 'OTHER_HOSTS', # but that throws syntax errors: (Syntax error at '<|'; expected '|>'), so I changed it to: # In my environment specific config: $sources = {mgt_ops => '192.168.1.0/24' } @iptables::source {'mgt_ops': srcs => $sources[mgt_ops] } # In the build file for machine type 1: nbx5::connection {'mgt_ops': from => 'MGT_OPS' } Nbx5::Connection['mgt_ops'] <- Iptables::Source <| title == 'mgt_ops' |> # In the build file for machine type 2: nbx5::connection {'other_hosts': from => 'OTHER_HOSTS' } Nbx5::Connection['otehr_hosts'] <- Iptables::Source <| title == 'other_hosts' |> # which seems to work, but the "require =>" method feels cleaner. |
Pastie << self Blog
