Firewalld - Adding multiple entries

I am trying to use the following module:

https://forge.puppet.com/crayfishx/firewalld

If in foreman, I edit Smart Class Parameter "ports" and enter key type
"yaml" with the following code:

firewalld_port:
ensure: present
zone: public
port: '161'
protocol: udp

it works and makes this addition to the firewall.

What I would like to be able to do, is add multiple entries. I have tried
a bunch of syntax, none working, but thought something like this would work:

firewalld_port:
ensure: present
zone: public
port: '161'
protocol: udp

firewalld_port:
ensure: present
zone: public
port: '80'
protocol: tcp

However, if I enter this, only the port 80 rule stays in the GUI and is
thus applied to my client.

Is there a correct syntax to apply multiple rules?

Also, if I understand Foreman correctly. I could have a host that is a
member of multiple Host Groups, and apply an override to each Host Group.

Therefore, if my host is a member of Host Groups "Web Server" and "SNMP
Client" it would get both Smart Class Parameter overides.

I have done this and when I view my host which is a member of both Host
Groups, click edit, then parameters, I only get one firewalld entry and not
two.

Is there a way to have a firewalld rule added based for each Host Group a
host might be in?

Thanks

You can either write a wrapper or use something like that:

Klaas Demter

ATIX Informationstechnologie und Consulting AG
Einsteinstraße 10
85716 Unterschleißheim

Registergericht: Amtsgericht München, Registernummer: HRB 168930
USt.-Id.: DE209485962
Vorstand: Thomas Merz (Vors.), Mark Hlawatschek
Vorsitzender des Aufsichtsrats: Dr. Martin Buss

----- Ursprüngliche Mail -----

··· Von: aarb000@gmail.com An: "Foreman users" Gesendet: Mittwoch, 24. August 2016 17:38:59 Betreff: [foreman-users] Firewalld - Adding multiple entries

I am trying to use the following module:

If in foreman, I edit Smart Class Parameter “ports” and enter key type
“yaml” with the following code:

firewalld_port:
ensure: present
zone: public
port: ‘161’
protocol: udp

it works and makes this addition to the firewall.

What I would like to be able to do, is add multiple entries. I have tried
a bunch of syntax, none working, but thought something like this would work:

firewalld_port:
ensure: present
zone: public
port: ‘161’
protocol: udp

firewalld_port:
ensure: present
zone: public
port: ‘80’
protocol: tcp

However, if I enter this, only the port 80 rule stays in the GUI and is
thus applied to my client.

Is there a correct syntax to apply multiple rules?

Also, if I understand Foreman correctly. I could have a host that is a
member of multiple Host Groups, and apply an override to each Host Group.

Therefore, if my host is a member of Host Groups “Web Server” and “SNMP
Client” it would get both Smart Class Parameter overides.

I have done this and when I view my host which is a member of both Host
Groups, click edit, then parameters, I only get one firewalld entry and not
two.

Is there a way to have a firewalld rule added based for each Host Group a
host might be in?

Thanks


You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Thanks for the response.

I am assuming that the following code in the github example is the input:

class { 'hash_resources':
resources => {
'file': {
'/tmp/foo': {
'ensure' => 'present',
'content' => 'test',
},
'/tmp/bar': {
'ensure' => 'present',
'content' => 'test',
}
}
}
}

and that the code below on the github link is the output as it would appear
in the foreman yaml file. If so, when I paste this exact code into the
'Smart Class Parameter' in Foreman. I get invalid syntax on any keytype.

Assuming it did work, would I put this code (modified for my use of course)
under 'ports' of the 'Smart Class Parameters' for my module?

In the hash_resources example, they are passing two different files with
the same parameters. For my firewall case, I want different ports all with
the same type of parameters. I am guessing but would my code look similar
to this?

class { 'firewalld':
ports => {
'firewalld_port': {
'ensure' => 'present',
'zone' => 'public',
'port:' => '161',
'protocol:' => 'udp',
}

'firewalld_port': {
    'ensure'   => 'present',
    'zone' => 'public',
    'port:' => '80',
    'protocol:' => 'tcp',
}

}
}

So what keytype do I use? And what is wrong with my input?

Thanks again

Wrong assumption :slight_smile:

You need the yaml part and then withou the first two lines and properly
indented.
I tried it today and this is what I put into the parameter field:
file:
/tmp/foo:
ensure: present
content: test
/tmp/bar:
ensure: present
content: test

Greetz,

Joop

··· On 29-8-2016 18:30, aarb000@gmail.com wrote: > Thanks for the response. > > I am assuming that the following code in the github example is the input: > > > > class{'hash_resources': resources =>{ 'file':{ '/tmp/foo':{ > 'ensure' =>'present', 'content'=>'test', }, > '/tmp/bar':{ 'ensure' =>'present', 'content'=>'test', > } } }} > > >

By pasting that exactly into 'resources' on the 'Smart Class Parameter' tab for the 'hash_resources' module I get this output on my nodes yaml.

classes:
hash_resources:
resources:
file:
"/tmp/foo":
ensure: present
content: test
"/tmp/bar":
ensure: present
content: test

So mine for one firewall rule should look like this:

classes:
firewalld:
ports:
firewalld_port:
ensure: present
zone: public
port: '161'
protocol: udp

and I'm not sure what it would look like for multiple entries. So I guess
I am asking, how does the hash_resources module know to pass information to
the firewalld module?
If the hash_resources entry module is configured correctly, then wouldn't
my yaml output match above?

··· On Monday, August 29, 2016 at 11:51:56 AM UTC-5, jvandewege wrote: > > On 29-8-2016 18:30, aar...@gmail.com wrote: > > Thanks for the response. > > I am assuming that the following code in the github example is the input: > > class { 'hash_resources': > resources => { > 'file': { > '/tmp/foo': { > 'ensure' => 'present', > 'content' => 'test', > }, > '/tmp/bar': { > 'ensure' => 'present', > 'content' => 'test', > } > } > }} > > > Wrong assumption :-) > > You need the yaml part and then withou the first two lines and properly > indented. > I tried it today and this is what I put into the parameter field: > file: > /tmp/foo: > ensure: present > content: test > /tmp/bar: > ensure: present > content: test > > Greetz, > > Joop > >

Thanks everybody. I figured it out. By using the 'file' example and
comparing that to copying a file, I was able to copy the exact syntax for
my firewall.

My solution is this:

firewalld_port:
Open Port 161 for SNMP:
ensure: present
zone: public
port: 161
protocol: udp
Open Port 80 for Apache:
ensure: present
zone: public
port: 80
protocol: tcp