-
-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't seem to run this first time #96
Comments
You say a manual install of firewalld.... What OS are you running on and where is the firewall-cmd binary located when you see this issue? |
I'm actually on rhel 7.3 - shiny and new, using version 0.4.3.2-8.el7 and from that very server (after installing firewalld manually: |
Ah, you are running puppet on a system that doesn't actually have firewalld installed yet? - That's not a use case we've come across yet as the distro has firewalld already installed - although I've not tested this on 7.3 yet...... interesting dilema... the problem is that to solve #90 we added functionality in #91 to test the status of the firewalld service at initiation, so before the package provider has had a chance to do it's thing - I must admit I (and everyone else) didn't spot the use case that this might break if you dont yet have firewalld. It's a valid issue though, so I'll accept it and try and engineer a solution soon.... thanks for reporting it. |
yeap - great - thanks very much for that. It does actually come as standard on 7.3 distro but when testing modules like this I always like to make sure everything runs first time seamlessly from the base case that it's totally absent. Just makes sure it's not relying on some element which might not be present in a particular scenario.....Thanks again! |
Yep - agreed - it may be an unusual scenario, but it's a valid one that the module should take care of. |
@rgill3003 I also note that it ships with firewalld 0.4, since I haven't tested against that yet it (RH 7.2 shipped with 0.3) would be nice to know if everything works as expected and they haven't changed any API settings that effect the module.... if you could ping me and let me know I'd appreciate it |
If the firewalld package is not installed yet, then the module fails because firewalld tries to determine the state of the firewalld process by using the firewall-cmd command, also the firewalld_zone resource type will try and call the provider.exists? method in the generate method. Both of these steps occur before the catalog is applied so before the package resource can install the package. This PR catches the exception when the command is missing and leaves the @running instance variable set to nil.... When determining the state of the firewalld service later in the Puppet run, the state is re-checked if @running is set to nil. Closes #96
@rgill3003 #97 is my proposed fix for this.... my smoke tests so far look good....
|
great! let me know when i can give it a go. Other than that so far it generates the rich rules fine. However One thing i'm trying to do is add the option to log packet drops (its the reason i upgraded to 7.3 in the first place) - according to redhat's technote the thing to do its: firewall-cmd --set-log-denied=all but annoyingly this doesn't work, so i've a case opened with Redhat. In any case though once i get the definitive method from RH there won't yet be a way to incorporate the setting into the puppet module? |
Currently that option is not configurable in the module - if you raise a separate issue with details (once Redhat have confirmed the case) then we would be happy to add the functionality - or submit a PR yourself if you feel up to it :) |
OK - Thanks - i'll give it a crack! |
@rgill3003 This issue was fixed in 3.1.7, FYI |
Thanks – I can’t seem to get that Tag though – even tried deleting the current project and tried remirroring and it only downloads up to tag 3.1.6 – don’t suppose you know if that’s a problem your end or mine? From: Craig Dunn [mailto:notifications@github.com] @rgill3003https://github.com/rgill3003 This issue was fixed in 3.1.7, FYI — This email (including any attachment) may contain confidential and/ or legally privileged information. If you are not the intended recipient, please notify us on +44(0)1202 292333 ext. 30033 and destroy it and any copies. Unauthorised access, use, disclosure, storage or copying of this email is not permitted and, unless you are the intended recipient, you are not entitled to rely on it in any way. Any opinions expressed in this email are those of the individual sending it and not necessarily those of LV=. This email is believed to be free of any virus or other defect. However, communication by email cannot be guaranteed to be free from defect, error free or secure. If you choose to communicate with us by email you must realise that there can be no guarantee of privacy and you should carry out your own security checks before opening any email or attachment. LV= accepts no liability for any loss or damage which may be caused by any lack of privacy, software viruses or other defect. LV= reserves the right to monitor and inspect any email (including any attachment) sent to and/or from LV= for reasons of security and for monitoring internal compliance with our office policies. LV= may use email monitoring or blocking software at its discretion. You are responsible for ensuring that any email you send is appropriate and within the bounds of the law. LV= and Liverpool Victoria are trade marks of Liverpool Victoria Friendly Society Limited and LV= and Liverpool Victoria are trading styles of the Liverpool Victoria group of companies. The registered office address for all LV= companies is County Gates, Bournemouth, BH1 2NF. Information about the LV= group of companies can be found via this link www.lv.com/legal/lvcompanieshttp://www.lv.com/legal/lvcompanies/ |
.... ahem.... oops, sorry :-) |
Should be ok now ;) |
Haha! Thanks!! From: Craig Dunn [mailto:notifications@github.com] Should be ok now ;) — This email (including any attachment) may contain confidential and/ or legally privileged information. If you are not the intended recipient, please notify us on +44(0)1202 292333 ext. 30033 and destroy it and any copies. Unauthorised access, use, disclosure, storage or copying of this email is not permitted and, unless you are the intended recipient, you are not entitled to rely on it in any way. Any opinions expressed in this email are those of the individual sending it and not necessarily those of LV=. This email is believed to be free of any virus or other defect. However, communication by email cannot be guaranteed to be free from defect, error free or secure. If you choose to communicate with us by email you must realise that there can be no guarantee of privacy and you should carry out your own security checks before opening any email or attachment. LV= accepts no liability for any loss or damage which may be caused by any lack of privacy, software viruses or other defect. LV= reserves the right to monitor and inspect any email (including any attachment) sent to and/or from LV= for reasons of security and for monitoring internal compliance with our office policies. LV= may use email monitoring or blocking software at its discretion. You are responsible for ensuring that any email you send is appropriate and within the bounds of the law. LV= and Liverpool Victoria are trade marks of Liverpool Victoria Friendly Society Limited and LV= and Liverpool Victoria are trading styles of the Liverpool Victoria group of companies. The registered office address for all LV= companies is County Gates, Bournemouth, BH1 2NF. Information about the LV= group of companies can be found via this link www.lv.com/legal/lvcompanieshttp://www.lv.com/legal/lvcompanies/ |
I get this on every puppet run:
Error: Failed to apply catalog: Command firewall_cmd is missing
a manual install of firewalld, start it and then a puppet run makes this issue disappear and move on, creating my firewall rules, even though i've declared
class { '::firewalld': }
in my manifest (which by default should install, and start firewalld)Anyone got any ideas?
The text was updated successfully, but these errors were encountered: