Ask Your Question
0

kickstart puppet run fails to reload firewalld service

asked 2018-12-07 09:07:36 -0600

jefff gravatar image

I've been struggling with this one for the past couple of days.

I'm using crayfishx/puppet-firewalld to set custom rules for the vsftpd server. OS is CentOS7 and puppet is used in a masterless configuration. The first run happens as part of kickstart triggered from %post section (puppet apply). It always fails saying that firewalld is not running (when attempting to reload firewalld). See log output below. I've also attached the relevant manifest file. Once the system has rebooted after kickstart installation, subsequent puppet apply runs work without any problems.

Log output: https://pastebin.com/TtePZBjU

vsftpd server manifest file: https://pastebin.com/8hcUJiiR

Some unanswered questions: - is firewalld actually running? - why would firewalld not be running given that Service["firewalld"] exists and is set to running? - in theory, should the crayfishx module verify that firewalld is indeed running before reloading the service?

Any hints would be much appreciated. Thank you!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-12-10 13:21:06 -0600

jefff gravatar image

To answer my own question:

In essence, it comes down to one thing: Systemd does not work in a chrooted environment

This is the reason Puppet fails to reload firewalld; it wasn't even running in the first place, nor can it, in the context of a Kickstart, chrooted-environment.

Although I have yet to find a proper solution (if one exist), there was something I did to work around it: instead of creating a custom service, I'm specifying those ports directly on the zone. This requires only a single reload instead of 2, and does not cause any dependency failures. This allows the puppet run to finish without breaking.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-12-07 09:07:36 -0600

Seen: 136 times

Last updated: Dec 10