Can't seem to run this first time about puppet-firewalld HOT 15 CLOSED

You say a manual install of firewalld.... What OS are you running on and where is the firewall-cmd binary located when you see this issue?

from puppet-firewalld.

I'm actually on rhel 7.3 - shiny and new, using version 0.4.3.2-8.el7 and from that very server (after installing firewalld manually:
which firewall-cmd /usr/bin/firewall-cmd
When i see this issue firewall-cmd is nowhere since it isn't installed (which I was hoping declaring
class { '::firewalld': }
in my manifest would do - it's just that it seems to ignore that declaration and not install it and not start it - just goes ahead and tries to create my rules.

from puppet-firewalld.

Ah, you are running puppet on a system that doesn't actually have firewalld installed yet? - That's not a use case we've come across yet as the distro has firewalld already installed - although I've not tested this on 7.3 yet...... interesting dilema... the problem is that to solve #90 we added functionality in #91 to test the status of the firewalld service at initiation, so before the package provider has had a chance to do it's thing - I must admit I (and everyone else) didn't spot the use case that this might break if you dont yet have firewalld.

It's a valid issue though, so I'll accept it and try and engineer a solution soon.... thanks for reporting it.

from puppet-firewalld.

yeap - great - thanks very much for that. It does actually come as standard on 7.3 distro but when testing modules like this I always like to make sure everything runs first time seamlessly from the base case that it's totally absent. Just makes sure it's not relying on some element which might not be present in a particular scenario.....Thanks again!

from puppet-firewalld.

Yep - agreed - it may be an unusual scenario, but it's a valid one that the module should take care of.

from puppet-firewalld.

@rgill3003 I also note that it ships with firewalld 0.4, since I haven't tested against that yet it (RH 7.2 shipped with 0.3) would be nice to know if everything works as expected and they haven't changed any API settings that effect the module.... if you could ping me and let me know I'd appreciate it

from puppet-firewalld.

@rgill3003 #97 is my proposed fix for this.... my smoke tests so far look good....

[root@localhost ~]# service firewalld stop ; yum -y remove firewalld ; rm -rf /etc/firewalld
...
[root@localhost ~]# puppet apply /vagrant/tests/test.pp
Notice: Compiled catalog for localhost.localdomain in environment production in 1.48 seconds
Notice: /Stage[main]/Firewalld/Package[firewalld]/ensure: created
Notice: /Stage[main]/Firewalld/Service[firewalld]/ensure: ensure changed 'stopped' to 'running'
Notice: /Stage[main]/Firewalld/Firewalld_port[xPort 80 for opencpu]/ensure: created
Notice: /Stage[main]/Main/Firewalld_zone[restricted]/ensure: created
Notice: /Stage[main]/Firewalld/Exec[firewalld::reload]: Triggered 'refresh' from 2 events
Notice: Applied catalog in 4.53 seconds

from puppet-firewalld.

great! let me know when i can give it a go. Other than that so far it generates the rich rules fine. However One thing i'm trying to do is add the option to log packet drops (its the reason i upgraded to 7.3 in the first place) - according to redhat's technote the thing to do its:

firewall-cmd --set-log-denied=all

but annoyingly this doesn't work, so i've a case opened with Redhat. In any case though once i get the definitive method from RH there won't yet be a way to incorporate the setting into the puppet module?

from puppet-firewalld.

Currently that option is not configurable in the module - if you raise a separate issue with details (once Redhat have confirmed the case) then we would be happy to add the functionality - or submit a PR yourself if you feel up to it :)

from puppet-firewalld.

OK - Thanks - i'll give it a crack!

from puppet-firewalld.

@rgill3003 This issue was fixed in 3.1.7, FYI

from puppet-firewalld.

Thanks – I can’t seem to get that Tag though – even tried deleting the current project and tried remirroring and it only downloads up to tag 3.1.6 – don’t suppose you know if that’s a problem your end or mine?

From: Craig Dunn [mailto:[email protected]]
Sent: 09 November 2016 10:35
To: crayfishx/puppet-firewalld
Cc: Gill, Richard; Mention
Subject: Re: [crayfishx/puppet-firewalld] Can't seem to run this first time (#96)

@rgill3003https://github.com/rgill3003 This issue was fixed in 3.1.7, FYI

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com//issues/96#issuecomment-259383188, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AWLs_9VBAcZzzXNEdyyr_DK-MssOIzsZks5q8aHcgaJpZM4KpgfQ.

This email (including any attachment) may contain confidential and/ or legally privileged information. If you are not the intended recipient, please notify us on +44(0)1202 292333 ext. 30033 and destroy it and any copies. Unauthorised access, use, disclosure, storage or copying of this email is not permitted and, unless you are the intended recipient, you are not entitled to rely on it in any way. Any opinions expressed in this email are those of the individual sending it and not necessarily those of LV=.

This email is believed to be free of any virus or other defect. However, communication by email cannot be guaranteed to be free from defect, error free or secure. If you choose to communicate with us by email you must realise that there can be no guarantee of privacy and you should carry out your own security checks before opening any email or attachment. LV= accepts no liability for any loss or damage which may be caused by any lack of privacy, software viruses or other defect.

LV= reserves the right to monitor and inspect any email (including any attachment) sent to and/or from LV= for reasons of security and for monitoring internal compliance with our office policies. LV= may use email monitoring or blocking software at its discretion. You are responsible for ensuring that any email you send is appropriate and within the bounds of the law.

LV= and Liverpool Victoria are trade marks of Liverpool Victoria Friendly Society Limited and LV= and Liverpool Victoria are trading styles of the Liverpool Victoria group of companies. The registered office address for all LV= companies is County Gates, Bournemouth, BH1 2NF. Information about the LV= group of companies can be found via this link www.lv.com/legal/lvcompanieshttp://www.lv.com/legal/lvcompanies/

from puppet-firewalld.

Craigs-MBP:firewalld-clean craigdunn$ git push origin --tags
Counting objects: 1, done.
Writing objects: 100% (1/1), 154 bytes | 0 bytes/s, done.
Total 1 (delta 0), reused 0 (delta 0)
To [email protected]:crayfishx/puppet-firewalld
 * [new tag]         3.1.7 -> 3.1.7

.... ahem.... oops, sorry :-)

from puppet-firewalld.

Should be ok now ;)

from puppet-firewalld.

Haha! Thanks!!

From: Craig Dunn [mailto:[email protected]]
Sent: 09 November 2016 13:53
To: crayfishx/puppet-firewalld
Cc: Gill, Richard; Mention
Subject: Re: [crayfishx/puppet-firewalld] Can't seem to run this first time (#96)

Should be ok now ;)

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com//issues/96#issuecomment-259419427, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AWLs_7U6PDqg8If89z-7n66mvD-iOwwIks5q8dA4gaJpZM4KpgfQ.

This email (including any attachment) may contain confidential and/ or legally privileged information. If you are not the intended recipient, please notify us on +44(0)1202 292333 ext. 30033 and destroy it and any copies. Unauthorised access, use, disclosure, storage or copying of this email is not permitted and, unless you are the intended recipient, you are not entitled to rely on it in any way. Any opinions expressed in this email are those of the individual sending it and not necessarily those of LV=.

This email is believed to be free of any virus or other defect. However, communication by email cannot be guaranteed to be free from defect, error free or secure. If you choose to communicate with us by email you must realise that there can be no guarantee of privacy and you should carry out your own security checks before opening any email or attachment. LV= accepts no liability for any loss or damage which may be caused by any lack of privacy, software viruses or other defect.

LV= reserves the right to monitor and inspect any email (including any attachment) sent to and/or from LV= for reasons of security and for monitoring internal compliance with our office policies. LV= may use email monitoring or blocking software at its discretion. You are responsible for ensuring that any email you send is appropriate and within the bounds of the law.

LV= and Liverpool Victoria are trade marks of Liverpool Victoria Friendly Society Limited and LV= and Liverpool Victoria are trading styles of the Liverpool Victoria group of companies. The registered office address for all LV= companies is County Gates, Bournemouth, BH1 2NF. Information about the LV= group of companies can be found via this link www.lv.com/legal/lvcompanieshttp://www.lv.com/legal/lvcompanies/

from puppet-firewalld.