Comments (7)
crayfishx
commented on June 25, 2024
@dlevene1 wouldn't you need to restart firewall-cmd again after you add them to the zones?
from puppet-firewalld.
DLV111
commented on June 25, 2024
Yep, but when you add a service it's not "seen" until you restart. So when
it's added to the zone it tries to add a service which it can't see yet and
fails, the next puppet run works fine. I can provide some error messages
and how to reproduce next week if that helps?
On 20 Nov 2015 5:58 pm, "Craig Dunn" [email protected] wrote:
@dlevene1 https://github.com/dlevene1 wouldn't you need to restart
firewall-cmd again after you add them to the zones?—
Reply to this email directly or view it on GitHub
#27 (comment)
.
from puppet-firewalld.
jovandeginste
commented on June 25, 2024
@dlevene1 I think this is fixed with #30 - can you confirm?
from puppet-firewalld.
DLV111
commented on June 25, 2024
@jovandeginste I combined #30 and #31 in my tests and it all works as expected. I did noticed that on a custom zone the source's don't get applied until the second puppet run. See example below.
So apart from the 2 puppet runs, it all looks good.
[root@firewalld ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for firewalld.levene
Info: Applying configuration version '1449619585'
Notice: /Stage[main]/Base::Firewalld_rules/Firewalld::Custom_service[nagios]/File[/etc/firewalld/services/nagios.xml]/ensure: created
Info: /Stage[main]/Base::Firewalld_rules/Firewalld::Custom_service[nagios]/File[/etc/firewalld/services/nagios.xml]: Scheduling refresh of Exec[firewalld::custom_service::reload-nagios]
Notice: /Stage[main]/Base::Firewalld_rules/Firewalld::Custom_service[nagios]/Exec[firewalld::custom_service::reload-nagios]: Triggered 'refresh' from 1 events
Notice: /Stage[main]/Base::Firewalld_rules/Firewalld_zone[ns_internal]/ensure: created
Info: /Stage[main]/Base::Firewalld_rules/Firewalld_zone[ns_internal]: Scheduling refresh of Exec[firewalld::reload]
Notice: /Stage[main]/Nsceph::Firewall::Ceph_server/Firewalld::Custom_service[Ceph Ports]/File[/etc/firewalld/services/ceph_ports.xml]/ensure: created
Info: /Stage[main]/Nsceph::Firewall::Ceph_server/Firewalld::Custom_service[Ceph Ports]/File[/etc/firewalld/services/ceph_ports.xml]: Scheduling refresh of Exec[firewalld::custom_service::reload-Ceph Ports]
Notice: /Stage[main]/Nsceph::Firewall::Ceph_server/Firewalld::Custom_service[Ceph Ports]/Exec[firewalld::custom_service::reload-Ceph Ports]: Triggered 'refresh' from 1 events
Notice: /Stage[main]/Nsceph::Firewall::Ceph_server/Firewalld_service[ceph_server-ceph_ports]/ensure: created
Info: /Stage[main]/Nsceph::Firewall::Ceph_server/Firewalld_service[ceph_server-ceph_ports]: Scheduling refresh of Exec[firewalld::reload]
Notice: /Stage[main]/Base::Firewalld_rules/Firewalld_service[ns_internal-ssh]/ensure: created
Info: /Stage[main]/Base::Firewalld_rules/Firewalld_service[ns_internal-ssh]: Scheduling refresh of Exec[firewalld::reload]
Notice: /Stage[main]/Base::Firewalld_rules/Firewalld_service[ns_internal-nagios]/ensure: created
Info: /Stage[main]/Base::Firewalld_rules/Firewalld_service[ns_internal-nagios]: Scheduling refresh of Exec[firewalld::reload]
Notice: /Stage[main]/Firewalld/Exec[firewalld::reload]: Triggered 'refresh' from 4 events
Notice: Finished catalog run in 90.00 seconds
[root@firewalld ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for firewalld.levene
Info: Applying configuration version '1449619717'
Notice: /Stage[main]/Base::Firewalld_rules/Firewalld_zone[ns_internal]/sources: sources changed '[]' to '[10.10.10.0/24, 1234:4567:111::/48, 1234:4567:112::/48, 10.10.11.0/20]'
Info: /Stage[main]/Base::Firewalld_rules/Firewalld_zone[ns_internal]: Scheduling refresh of Exec[firewalld::reload]
Notice: /Stage[main]/Firewalld/Exec[firewalld::reload]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 62.23 seconds
from puppet-firewalld.
crayfishx
commented on June 25, 2024
@dlevene1 #71 should solve this issue for you
from puppet-firewalld.
DLV111
commented on June 25, 2024
Thanks Craig! I might wait until the discussion on issue/26 is complete
before I test this in our environment as both components have value to me.
On 13 August 2016 at 18:12, Craig Dunn [email protected] wrote:
@dlevene1 https://github.com/dlevene1 #71
#71 should solve this
issue for you—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#27 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AKENZLrRlme0k-vgk1VZYF5-I37gbnf7ks5qfYN7gaJpZM4GmFtA
.
from puppet-firewalld.
crayfishx
commented on June 25, 2024
Released in 3.1.0
from puppet-firewalld.
Related Issues (20)
- FEATURE REQUEST: Hiera support for firewalld_custom_services
- firewalld_rich_rule needs to autorequire firewalld_custom_service on `service`
- firewalld_rich_rule should not permit both masqerade true and action parameters
- enable ping/icmp for ipv6? HOT 1
- [Feature] Validate zone sources arguments (only support IP addresses)
- [4.4.0] AllowZoneDrifting must be igored on RHEL9
- Upgrade compatibility to <8.0.0? HOT 1
- Rich rule purging isn't idempotent, or isn't saving, or similar HOT 6
- [4.5.1] add support for Puppet 8
- Ignore some rules not defined in puppet e.g, Fail2ban
- Dependency Problem - puppetlabs-stdlib HOT 1
- add support for debian based OS
- Proposal: Archive this module HOT 1
- [4.5.1] detect and filter overlapped IP's on firewalld_ipset HOT 6
- [5.0.0] icmp_block_inversion setting for zone is unkown. HOT 3
- firewalld::zone purge_ports not purging unmanaged by puppet permanent ports
- firewalld_zone doesn't autorequire consumed firewalld_ipset elements
- Server Error: no parameter named 'icmp_block_inversion' HOT 3
- Firewalld rich rules purged every time when priority enabled
- List more autorequired resources in firewalld_rich_rule doc (and readme)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-firewalld.