timglabisch · October 21, 2012 21:51
diff --git a/gistfile1.txt b/gistfile1.txt
 # this describs why i hate the puppet execution flow.
 # i am new to puppet but really tryed to find a good solution.
 # My main problem is that i want to find a nice way to handel different modules
 # and some webservers. the modules shouldnt know from other modules (dependencies)
 # like iptables shouldnt know about nginx or ssh.
 # on the other site, the webserver should know how the firewall should be configured.
 # so the webserver knows about all dependencies.
 # i started to create a module for nginx, iptables and the webserver.
 # nginx mustn't know webserver
 # nginx mustn't know iptables
 # but the webserver module is project specific and knows that it needs iptables, and a nginx.


 # this is the main class that defines the "webserver" instance
 # webserver.pp

 node default {
    # first i want to setup all iptables rules for the webserver
    # the rules are project specific -> website module

    require webserver::iptables 
    require webserver::nginx
    #...

 }

 # if you take a look at the website module
 # you see that the website::iptables use some classes
 # from the iptable module to preconfigure all.
 # here you see the main problem, i need an explicit order but
 # the iptable moduke shouldnt know about the webserver module
 class webserver::iptables {

    Class['iptables::clear'] -> Class['webserver::iptables::ssh'] -> Class['webserver::iptables::nginx'] -> Class['iptables::basic'] -> Class['iptables::persist']

 }

 # take a look at the iptables::clear for example
 # the most import here is, that this class shouldnt know
 # about the website or any execution order.
 # just the website should know that the clear method should used.
 # this wouldnt be such a big problem if there arent iptable classes
 # in the website module. for example webserver::iptables::nginx
 # must called before iptables::clear and after iptables::persist
 # but the iptables module must not know about this dependency
 class iptables::clear {
    exec { 'flush all iptable rules':
        path => ["/bin", "/usr/bin"],
        command => "sudo iptables -F",
    }
 }
	# this describs why i hate the puppet execution flow.
	# i am new to puppet but really tryed to find a good solution.
	# My main problem is that i want to find a nice way to handel different modules
	# and some webservers. the modules shouldnt know from other modules (dependencies)
	# like iptables shouldnt know about nginx or ssh.
	# on the other site, the webserver should know how the firewall should be configured.
	# so the webserver knows about all dependencies.
	# i started to create a module for nginx, iptables and the webserver.
	# nginx mustn't know webserver
	# nginx mustn't know iptables
	# but the webserver module is project specific and knows that it needs iptables, and a nginx.


	# this is the main class that defines the "webserver" instance
	# webserver.pp

	node default {
	# first i want to setup all iptables rules for the webserver
	# the rules are project specific -> website module

	require webserver::iptables
	require webserver::nginx
	#...

	}

	# if you take a look at the website module
	# you see that the website::iptables use some classes
	# from the iptable module to preconfigure all.
	# here you see the main problem, i need an explicit order but
	# the iptable moduke shouldnt know about the webserver module
	class webserver::iptables {

	Class['iptables::clear'] -> Class['webserver::iptables::ssh'] -> Class['webserver::iptables::nginx'] -> Class['iptables::basic'] -> Class['iptables::persist']

	}

	# take a look at the iptables::clear for example
	# the most import here is, that this class shouldnt know
	# about the website or any execution order.
	# just the website should know that the clear method should used.
	# this wouldnt be such a big problem if there arent iptable classes
	# in the website module. for example webserver::iptables::nginx
	# must called before iptables::clear and after iptables::persist
	# but the iptables module must not know about this dependency
	class iptables::clear {
	exec { 'flush all iptable rules':
	path => ["/bin", "/usr/bin"],
	command => "sudo iptables -F",
	}
	}