Comments (15)
You say a manual install of firewalld.... What OS are you running on and where is the firewall-cmd binary located when you see this issue?
from puppet-firewalld.
I'm actually on rhel 7.3 - shiny and new, using version 0.4.3.2-8.el7 and from that very server (after installing firewalld manually:
which firewall-cmd /usr/bin/firewall-cmd
When i see this issue firewall-cmd is nowhere since it isn't installed (which I was hoping declaring
class { '::firewalld': }
in my manifest would do - it's just that it seems to ignore that declaration and not install it and not start it - just goes ahead and tries to create my rules.
from puppet-firewalld.
Ah, you are running puppet on a system that doesn't actually have firewalld installed yet? - That's not a use case we've come across yet as the distro has firewalld already installed - although I've not tested this on 7.3 yet...... interesting dilema... the problem is that to solve #90 we added functionality in #91 to test the status of the firewalld service at initiation, so before the package provider has had a chance to do it's thing - I must admit I (and everyone else) didn't spot the use case that this might break if you dont yet have firewalld.
It's a valid issue though, so I'll accept it and try and engineer a solution soon.... thanks for reporting it.
from puppet-firewalld.
yeap - great - thanks very much for that. It does actually come as standard on 7.3 distro but when testing modules like this I always like to make sure everything runs first time seamlessly from the base case that it's totally absent. Just makes sure it's not relying on some element which might not be present in a particular scenario.....Thanks again!
from puppet-firewalld.
Yep - agreed - it may be an unusual scenario, but it's a valid one that the module should take care of.
from puppet-firewalld.
@rgill3003 I also note that it ships with firewalld 0.4, since I haven't tested against that yet it (RH 7.2 shipped with 0.3) would be nice to know if everything works as expected and they haven't changed any API settings that effect the module.... if you could ping me and let me know I'd appreciate it
from puppet-firewalld.
@rgill3003 #97 is my proposed fix for this.... my smoke tests so far look good....
[root@localhost ~]# service firewalld stop ; yum -y remove firewalld ; rm -rf /etc/firewalld
...
[root@localhost ~]# puppet apply /vagrant/tests/test.pp
Notice: Compiled catalog for localhost.localdomain in environment production in 1.48 seconds
Notice: /Stage[main]/Firewalld/Package[firewalld]/ensure: created
Notice: /Stage[main]/Firewalld/Service[firewalld]/ensure: ensure changed 'stopped' to 'running'
Notice: /Stage[main]/Firewalld/Firewalld_port[xPort 80 for opencpu]/ensure: created
Notice: /Stage[main]/Main/Firewalld_zone[restricted]/ensure: created
Notice: /Stage[main]/Firewalld/Exec[firewalld::reload]: Triggered 'refresh' from 2 events
Notice: Applied catalog in 4.53 seconds
from puppet-firewalld.
great! let me know when i can give it a go. Other than that so far it generates the rich rules fine. However One thing i'm trying to do is add the option to log packet drops (its the reason i upgraded to 7.3 in the first place) - according to redhat's technote the thing to do its:
firewall-cmd --set-log-denied=all
but annoyingly this doesn't work, so i've a case opened with Redhat. In any case though once i get the definitive method from RH there won't yet be a way to incorporate the setting into the puppet module?
from puppet-firewalld.
Currently that option is not configurable in the module - if you raise a separate issue with details (once Redhat have confirmed the case) then we would be happy to add the functionality - or submit a PR yourself if you feel up to it :)
from puppet-firewalld.
OK - Thanks - i'll give it a crack!
from puppet-firewalld.
@rgill3003 This issue was fixed in 3.1.7, FYI
from puppet-firewalld.
Thanks – I can’t seem to get that Tag though – even tried deleting the current project and tried remirroring and it only downloads up to tag 3.1.6 – don’t suppose you know if that’s a problem your end or mine?
From: Craig Dunn [mailto:[email protected]]
Sent: 09 November 2016 10:35
To: crayfishx/puppet-firewalld
Cc: Gill, Richard; Mention
Subject: Re: [crayfishx/puppet-firewalld] Can't seem to run this first time (#96)
@rgill3003https://github.com/rgill3003 This issue was fixed in 3.1.7, FYI
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com//issues/96#issuecomment-259383188, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AWLs_9VBAcZzzXNEdyyr_DK-MssOIzsZks5q8aHcgaJpZM4KpgfQ.
This email (including any attachment) may contain confidential and/ or legally privileged information. If you are not the intended recipient, please notify us on +44(0)1202 292333 ext. 30033 and destroy it and any copies. Unauthorised access, use, disclosure, storage or copying of this email is not permitted and, unless you are the intended recipient, you are not entitled to rely on it in any way. Any opinions expressed in this email are those of the individual sending it and not necessarily those of LV=.
This email is believed to be free of any virus or other defect. However, communication by email cannot be guaranteed to be free from defect, error free or secure. If you choose to communicate with us by email you must realise that there can be no guarantee of privacy and you should carry out your own security checks before opening any email or attachment. LV= accepts no liability for any loss or damage which may be caused by any lack of privacy, software viruses or other defect.
LV= reserves the right to monitor and inspect any email (including any attachment) sent to and/or from LV= for reasons of security and for monitoring internal compliance with our office policies. LV= may use email monitoring or blocking software at its discretion. You are responsible for ensuring that any email you send is appropriate and within the bounds of the law.
LV= and Liverpool Victoria are trade marks of Liverpool Victoria Friendly Society Limited and LV= and Liverpool Victoria are trading styles of the Liverpool Victoria group of companies. The registered office address for all LV= companies is County Gates, Bournemouth, BH1 2NF. Information about the LV= group of companies can be found via this link www.lv.com/legal/lvcompanieshttp://www.lv.com/legal/lvcompanies/
from puppet-firewalld.
Craigs-MBP:firewalld-clean craigdunn$ git push origin --tags
Counting objects: 1, done.
Writing objects: 100% (1/1), 154 bytes | 0 bytes/s, done.
Total 1 (delta 0), reused 0 (delta 0)
To [email protected]:crayfishx/puppet-firewalld
* [new tag] 3.1.7 -> 3.1.7
.... ahem.... oops, sorry :-)
from puppet-firewalld.
Should be ok now ;)
from puppet-firewalld.
Haha! Thanks!!
From: Craig Dunn [mailto:[email protected]]
Sent: 09 November 2016 13:53
To: crayfishx/puppet-firewalld
Cc: Gill, Richard; Mention
Subject: Re: [crayfishx/puppet-firewalld] Can't seem to run this first time (#96)
Should be ok now ;)
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com//issues/96#issuecomment-259419427, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AWLs_7U6PDqg8If89z-7n66mvD-iOwwIks5q8dA4gaJpZM4KpgfQ.
This email (including any attachment) may contain confidential and/ or legally privileged information. If you are not the intended recipient, please notify us on +44(0)1202 292333 ext. 30033 and destroy it and any copies. Unauthorised access, use, disclosure, storage or copying of this email is not permitted and, unless you are the intended recipient, you are not entitled to rely on it in any way. Any opinions expressed in this email are those of the individual sending it and not necessarily those of LV=.
This email is believed to be free of any virus or other defect. However, communication by email cannot be guaranteed to be free from defect, error free or secure. If you choose to communicate with us by email you must realise that there can be no guarantee of privacy and you should carry out your own security checks before opening any email or attachment. LV= accepts no liability for any loss or damage which may be caused by any lack of privacy, software viruses or other defect.
LV= reserves the right to monitor and inspect any email (including any attachment) sent to and/or from LV= for reasons of security and for monitoring internal compliance with our office policies. LV= may use email monitoring or blocking software at its discretion. You are responsible for ensuring that any email you send is appropriate and within the bounds of the law.
LV= and Liverpool Victoria are trade marks of Liverpool Victoria Friendly Society Limited and LV= and Liverpool Victoria are trading styles of the Liverpool Victoria group of companies. The registered office address for all LV= companies is County Gates, Bournemouth, BH1 2NF. Information about the LV= group of companies can be found via this link www.lv.com/legal/lvcompanieshttp://www.lv.com/legal/lvcompanies/
from puppet-firewalld.
Related Issues (20)
- [4.4.0] option for connection limiting is missing on the rich_rule
- Possible parse errors in hiera data input HOT 1
- Trying to add custom service with protocols and not ports, results in an error on first run
- The module requires an old stdlib version HOT 2
- [4.4.0] priority option missing for rich rules HOT 1
- [4.5.1] let it work with puppetlabs-stdlib 9.4.0 HOT 5
- Support for Rocky Linux / Alma Linux ? HOT 1
- Request to support policy objects
- Missing dependency in metadata.json -- puppetlabs-augeas_core HOT 3
- support for policy objects missing
- Firewalld module support for puppet 7.x HOT 3
- RHEL 8 - Error: COMMAND_FAILED: 'python-nftables' failed HOT 12
- FEATURE REQUEST: Hiera support for firewalld_custom_services
- firewalld_rich_rule needs to autorequire firewalld_custom_service on `service`
- firewalld_rich_rule should not permit both masqerade true and action parameters
- enable ping/icmp for ipv6? HOT 1
- [Feature] Validate zone sources arguments (only support IP addresses)
- [4.4.0] AllowZoneDrifting must be igored on RHEL9
- Upgrade compatibility to <8.0.0? HOT 1
- Rich rule purging isn't idempotent, or isn't saving, or similar HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-firewalld.