Comments (6)
@tallsam this is interesting - we weren't previously testing 4.7.0, I've added this to the test matrix and it passes the tests.
I did find this, claiming to be fixed in 4.6.1, https://tickets.puppetlabs.com/browse/PUP-6653
Have you used the 'puppet generate types' feature on your PE installation? - I'll continue to track this down but any more info that you have would be useful.
from puppet-firewalld.
@tallsam I was unable to reproduce this error on 4.7.0, with generated types, in multiple environments - can you give me a better idea of all the firewalld_* types you are invoking and from where? Either in the ticket or by email to [email protected] so I can investigate this further?
Also - you mention you are running different versions.... which ones?
from puppet-firewalld.
@crayfishx , sorry for taking a while to get back to this, and thanks for your work. We are on puppet 4.8 now.
I tried 3.1.7, 3.0.2, 2.2.0.
Pretty sure its something to do with the server configuration here, its running Oracle Linux 7, which is basically CentOS7. Since its an internal server i tried dropping everything from iptables but it didn't seem to help. edit I have it working on a virtual machine, but when I try run it on the server it fails.
Here are my invocations of firewalld:
[root@server r_server]# grep firewalld * -R -A 5
manifests/opencpu.pp: firewalld_port { 'Port 80 for opencpu':
manifests/opencpu.pp- ensure => present,
manifests/opencpu.pp- zone => 'public',
manifests/opencpu.pp- port => 80,
manifests/opencpu.pp- protocol => 'tcp',
manifests/opencpu.pp- }
[root@server r_server]# cd ../r_packages/
[root@server r_packages]# grep firewalld * -R -A 5
manifests/init.pp: require firewalld
manifests/init.pp-
manifests/init.pp- @package { 'libxml2-devel':
manifests/init.pp- ensure => installed,
manifests/init.pp- }
manifests/init.pp-
--
manifests/rserve.pp: firewalld_port { 'Port 6311 for Rserve':
manifests/rserve.pp- ensure => present,
manifests/rserve.pp- zone => 'public',
manifests/rserve.pp- port => 6311,
manifests/rserve.pp- protocol => 'tcp',
manifests/rserve.pp- }
--
manifests/rstudio.pp: firewalld_port { 'Port 8787 for RStudio':
manifests/rstudio.pp- ensure => present,
manifests/rstudio.pp- zone => 'public',
manifests/rstudio.pp- port => 8787,
manifests/rstudio.pp- protocol => 'tcp',
manifests/rstudio.pp- }
from puppet-firewalld.
So I didn't require firewalld in the r_server package. Working fine now. The error threw me off though. Thanks for your time!
from puppet-firewalld.
@tallsam I think you may have fixed it by accident - there appears to be some odd behaviour depending on what order things are evaluated in the manifest, see https://tickets.puppetlabs.com/browse/PUP-6922
For now, I'm going to re-open this issue to keep it on the radar - I encountered a similar problem changing some of the dependencies around firewalld_direct_purge
in the manifest.
from puppet-firewalld.
FYI @tallsam #103 will fix the errors you were seeing, it will get released in 3.1.8 shortly.... Your set up is working but only because of the ordering of type evaluation in your manifests, I would suggest upgrading to 3.1.8 anyway to ensure that the problem doesn't regress for you.
from puppet-firewalld.
Related Issues (20)
- Firewalld module support for puppet 7.x HOT 3
- RHEL 8 - Error: COMMAND_FAILED: 'python-nftables' failed HOT 12
- FEATURE REQUEST: Hiera support for firewalld_custom_services
- firewalld_rich_rule needs to autorequire firewalld_custom_service on `service`
- firewalld_rich_rule should not permit both masqerade true and action parameters
- enable ping/icmp for ipv6? HOT 1
- [Feature] Validate zone sources arguments (only support IP addresses)
- [4.4.0] AllowZoneDrifting must be igored on RHEL9
- Upgrade compatibility to <8.0.0? HOT 1
- Rich rule purging isn't idempotent, or isn't saving, or similar HOT 6
- [4.5.1] add support for Puppet 8
- Ignore some rules not defined in puppet e.g, Fail2ban
- Dependency Problem - puppetlabs-stdlib HOT 1
- add support for debian based OS
- Proposal: Archive this module HOT 1
- [4.5.1] detect and filter overlapped IP's on firewalld_ipset HOT 6
- [5.0.0] icmp_block_inversion setting for zone is unkown. HOT 3
- firewalld::zone purge_ports not purging unmanaged by puppet permanent ports
- firewalld_zone doesn't autorequire consumed firewalld_ipset elements
- Server Error: no parameter named 'icmp_block_inversion' HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-firewalld.