Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When defining a custom service & attaching to a zone - puppet errors and requires 2 runs #27

Closed
DLV111 opened this issue Nov 20, 2015 · 7 comments
Closed

When defining a custom service & attaching to a zone - puppet errors and requires 2 runs #27

DLV111 opened this issue Nov 20, 2015 · 7 comments
Labels
bug Something isn't working
Milestone
3.0.3

Comments

@DLV111
Copy link

DLV111 commented Nov 20, 2015

This is an ordering issue - but i'm not sure how to fix it.

We need to ensure that the custom_services are all defined and a reload of the firewall-cmd is done - then you can proceed to add them to the defined zones.
@crayfishx
Copy link
Contributor

@dlevene1 wouldn't you need to restart firewall-cmd again after you add them to the zones?

@DLV111
Copy link
Author

DLV111 commented Nov 20, 2015

Yep, but when you add a service it's not "seen" until you restart. So when
it's added to the zone it tries to add a service which it can't see yet and
fails, the next puppet run works fine. I can provide some error messages
and how to reproduce next week if that helps?
On 20 Nov 2015 5:58 pm, "Craig Dunn" notifications@github.com wrote:

@dlevene1 https://github.com/dlevene1 wouldn't you need to restart
firewall-cmd again after you add them to the zones?


Reply to this email directly or view it on GitHub
#27 (comment)
.

@jovandeginste
Copy link
Contributor

@dlevene1 I think this is fixed with #30 - can you confirm?

@DLV111
Copy link
Author

DLV111 commented Dec 9, 2015

@jovandeginste I combined #30 and #31 in my tests and it all works as expected. I did noticed that on a custom zone the source's don't get applied until the second puppet run. See example below.

So apart from the 2 puppet runs, it all looks good.

[root@firewalld ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for firewalld.levene
Info: Applying configuration version '1449619585'
Notice: /Stage[main]/Base::Firewalld_rules/Firewalld::Custom_service[nagios]/File[/etc/firewalld/services/nagios.xml]/ensure: created
Info: /Stage[main]/Base::Firewalld_rules/Firewalld::Custom_service[nagios]/File[/etc/firewalld/services/nagios.xml]: Scheduling refresh of Exec[firewalld::custom_service::reload-nagios]
Notice: /Stage[main]/Base::Firewalld_rules/Firewalld::Custom_service[nagios]/Exec[firewalld::custom_service::reload-nagios]: Triggered 'refresh' from 1 events
Notice: /Stage[main]/Base::Firewalld_rules/Firewalld_zone[ns_internal]/ensure: created
Info: /Stage[main]/Base::Firewalld_rules/Firewalld_zone[ns_internal]: Scheduling refresh of Exec[firewalld::reload]
Notice: /Stage[main]/Nsceph::Firewall::Ceph_server/Firewalld::Custom_service[Ceph Ports]/File[/etc/firewalld/services/ceph_ports.xml]/ensure: created
Info: /Stage[main]/Nsceph::Firewall::Ceph_server/Firewalld::Custom_service[Ceph Ports]/File[/etc/firewalld/services/ceph_ports.xml]: Scheduling refresh of Exec[firewalld::custom_service::reload-Ceph Ports]
Notice: /Stage[main]/Nsceph::Firewall::Ceph_server/Firewalld::Custom_service[Ceph Ports]/Exec[firewalld::custom_service::reload-Ceph Ports]: Triggered 'refresh' from 1 events
Notice: /Stage[main]/Nsceph::Firewall::Ceph_server/Firewalld_service[ceph_server-ceph_ports]/ensure: created
Info: /Stage[main]/Nsceph::Firewall::Ceph_server/Firewalld_service[ceph_server-ceph_ports]: Scheduling refresh of Exec[firewalld::reload]
Notice: /Stage[main]/Base::Firewalld_rules/Firewalld_service[ns_internal-ssh]/ensure: created
Info: /Stage[main]/Base::Firewalld_rules/Firewalld_service[ns_internal-ssh]: Scheduling refresh of Exec[firewalld::reload]
Notice: /Stage[main]/Base::Firewalld_rules/Firewalld_service[ns_internal-nagios]/ensure: created
Info: /Stage[main]/Base::Firewalld_rules/Firewalld_service[ns_internal-nagios]: Scheduling refresh of Exec[firewalld::reload]
Notice: /Stage[main]/Firewalld/Exec[firewalld::reload]: Triggered 'refresh' from 4 events
Notice: Finished catalog run in 90.00 seconds

[root@firewalld ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for firewalld.levene
Info: Applying configuration version '1449619717'
Notice: /Stage[main]/Base::Firewalld_rules/Firewalld_zone[ns_internal]/sources: sources changed '[]' to '[10.10.10.0/24, 1234:4567:111::/48, 1234:4567:112::/48, 10.10.11.0/20]'
Info: /Stage[main]/Base::Firewalld_rules/Firewalld_zone[ns_internal]: Scheduling refresh of Exec[firewalld::reload]
Notice: /Stage[main]/Firewalld/Exec[firewalld::reload]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 62.23 seconds

crayfishx added a commit that referenced this issue Aug 13, 2016
@crayfishx
#27 set zone sources when creating
51c108b
@crayfishx crayfishx mentioned this issue Aug 13, 2016
Merged
crayfishx added a commit that referenced this issue Aug 13, 2016
@crayfishx
added tests to assert #27 - sources on zones
717534d
@crayfishx crayfishx added bug Something isn't working accepted labels Aug 13, 2016
@crayfishx
Copy link
Contributor

@dlevene1 #71 should solve this issue for you

@crayfishx crayfishx added this to the 3.0.3 milestone Aug 13, 2016
@DLV111
Copy link
Author

DLV111 commented Aug 14, 2016

Thanks Craig! I might wait until the discussion on issue/26 is complete
before I test this in our environment as both components have value to me.

On 13 August 2016 at 18:12, Craig Dunn notifications@github.com wrote:

@dlevene1 https://github.com/dlevene1 #71
#71 should solve this
issue for you


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#27 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AKENZLrRlme0k-vgk1VZYF5-I37gbnf7ks5qfYN7gaJpZM4GmFtA
.

crayfishx added a commit that referenced this issue Aug 14, 2016
@crayfishx
Merge pull request #71 from crayfishx/issue/27
d4bb5ac 
#27 set zone sources when creating
@crayfishx
Copy link
Contributor

Released in 3.1.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
3.0.3
Development

No branches or pull requests
3 participants
@crayfishx @jovandeginste @DLV111