Linux System Administration Recipes A Problem-Solution Approach

CHAPTER 3 ■ MONITORING AND UPDATING-A INPUT -s 104.198.153.0/255.255.255.0 -d -j ACCEPT-A INPUT -d -p tcp -m tcp --dport 22 -j LOG --log-prefix "ssh:"-A INPUT -d -p tcp -m tcp --dport 22 -j ACCEPTCOMMITYou can then refer to this template as follows:file { "iptables_config":name => "/etc/sysconfig/iptables",content => template("/etc/puppet/templates/iptables.erb"),}Note that although files need the puppet://puppetserver.example.com syntax, templates do not.Custom FactsThe default facts are available on all clients automatically. However, if you write custom facts, you willwant to keep them on the puppetmaster and then set up the clients to synchronize their facts with theserver. To do this, first add a section to /etc/puppet/fileserver.conf on the puppetmaster:[facts]path /etc/puppet/factsallow *.example.comThen, on each client, add a line to /etc/puppet/puppetd.conf:factsync = trueRestart puppetmasterd on the server and puppetd on the clients. Now you can put any custom facts in/etc/puppet/facts and have them propagated. For example, to set up a fact that sets the $home fact to the$HOME environment variable, create this /etc/puppet/facts/home.rb file:Facter.add("home") dosetcode doENV['HOME']endendThe next time Puppet runs on your clients, this fact will be synchronized and can then be used inany of your recipes.Other VariablesYou can also use variables in other situations. A variable set in site.pp will be available to all othermanifests or classes. So, for example, if you have a standard set of users who are allowed to log into yourservers and you want to edit /etc/ssh/sshd_config accordingly, this snippet and template will work well:90Download at WoweBook.Com