Ask Your Question

Dependency loop with removal of directory and files when setting enabled to false

asked 2016-10-29 07:16:00 -0500

I have a puppet module to manage firewalld, including creating the /etc/firewalld dir and adding the custom services xml files to /etc/firewalld/services/

The dependency ordering for enabled="true" is

Package["$package_name"] -> File['/etc/firewalld'] -> Service["$service_name"]

and then on the service add function I have

  define firewalld_zone_add_service($zone, $service) {
    exec { "firewalld_${zone}_add_service_${service}":
      path    => '/bin:/usr/bin:/sbin:/usr/sbin',
      command => "firewall-cmd --permanent --zone=${zone} --add-service=${service}",
      unless  => "firewall-cmd -q --permanent --zone=${zone} --query-service=${service}",
      notify  => Exec['firewalld_reload'],
      require => [ Exec["firewalld_zone_create_$zone"],

This all works fine, but when I set it to enabled="false" it fails. The ordering is the reverse:

Service["$service_name"]  -> File['/etc/firewalld'] -> Package["$package_name"]

This returns an error as the removal of the /etc/firewalld directory also removes the services files and I get a file not found error when it trues to set $file_ensure = 'absent'

If I try and set the ordering so the files are removed before the directory, I get a dependency loop error

Service["$service_name"] ->  File['networker'] -> File['snmpd'] -> File['/etc/firewalld'] -> Package["$package_name"]

So my questions is, how do I manage this loop? Is there a way to ignore $file_ensure for enabled="false" so it doesn't try and set anything if the directory removal also removes the managed configuration files.

Thank you.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-11-01 05:14:58 -0500

Emerson Prado gravatar image

Before you try to sort out the dependencies: from the OS point of view, you can't remove files from a package before uninstalling the package. I suggest you try the following order for enabled = 'false':
Service["$service_name"] -> Package["$package_name"] -> File['/etc/firewalld']
That said, many of the files you manage will probably be removed when the package is uninstalled. Don't treat files not found in the last step as an error.

As for the dependency loop, is the error message complete? I can't see the cycle, that is, the repeated resource. Could you pls double-check?
Anyway, it seems you have the dependencies declared in two different locations: a general one and another one specific for the enabled = 'false' case. They seem to be comficting.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2016-10-29 07:16:00 -0500

Seen: 19 times

Last updated: Nov 01 '16