I have a custom puppet type called iptables. Not surprisingly it is used to build iptables rules.
Recently I was setting up a router which required MASQUERADING a few virtual network interfaces. I found that the module was lacking the ability to negate a match. For example I wanted a rule:
-A FORWARD ! -s 192.168.1.0/24 -i vnet -j DROP
It seemed like a simple task to add in the ability to insert the !. After all it is mostly just string manipulation.
My puppet setup already has pluginsync enabled and working so I though deploying my changes would be easy too.
I managed to make my changes (even though ruby is quite a foreign language to me). When I ran puppet I could see the changes being pulled down to the client but alas, it did not work correctly.
I checked with several web pages which try to explain how easy it is to add new properties and everything I was doing was correct.
After wasting hours tinkering in the ruby code I had the idea to restart the puppet master and bang, it started working.
Seems so obvious in hindsight.
No comments:
Post a Comment