Ask Your Question
0

puppet-agent rpm breaks firewall module

asked 2017-09-05 19:23:03 -0500

billjamzz2 gravatar image

updated 2017-09-06 09:36:12 -0500

DarylW gravatar image

If I have puppet-agent 1.10 or 5.1.0-1 installed and try to add iptables rules via puppetlabs-firewall module it fails saying

journalctl log for iptables:
-- Logs begin at Fri 2017-09-01 10:38:08 PDT, end at Tue 2017-09-05 16:51:52 PDT. --
Sep 05 16:50:08 billj7-5.test.j2noc.com systemd[1]: Stopping IPv4 firewall with iptables...
Sep 05 16:50:08 billj7-5.test.j2noc.com iptables.init[25672]: iptables: Setting chains to policy ACCEPT: filter nat [  OK  ]
Sep 05 16:50:08 billj7-5.test.j2noc.com iptables.init[25672]: iptables: Flushing firewall rules: [  OK  ]
Sep 05 16:50:08 billj7-5.test.j2noc.com iptables.init[25672]: iptables: Unloading modules: [  OK  ]
Sep 05 16:50:08 billj7-5.test.j2noc.com systemd[1]: Stopped IPv4 firewall with iptables.
Sep 05 16:51:52 billj7-5.test.j2noc.com systemd[1]: Assertion failed for IPv4 firewall with iptables.

Error: /Stage[main]/Firewall::Linux::Redhat/Service[iptables]/ensure: change from stopped to running failed: Systemd start for iptables failed!

If I touch /etc/sysconfig/iptables and start iptables on centos 7 firewall module then correctly configures iptables. On centos 6 it still fails. If I install puppet-3.8.7 firewall module works fine (I tried both 1.8.2 & 1.9.0).

Behaves the same with a puppet master running puppet 4 or puppet 5.

The node's manifest has this:

class {'firewall': ensure => running, }
firewall {'102 forward port 443 to 8444':
  table       => 'nat',
  chain       => 'PREROUTING',
  proto       => 'tcp',
  dport       => '443',
  jump        => 'REDIRECT',
  toports     => '8444'
}
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2017-09-18 11:12:16 -0500

billjamzz2 gravatar image

puppet-agent-5.2.0-1 fixes this issue. thanks.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-09-05 19:23:03 -0500

Seen: 79 times

Last updated: 2 days ago