Hello everyone, ’m currently learning about Puppet and I can’t see where is the error in my configuration…
I tested The following module to manage the CentOS firewall, firewalld. I Ok, following the instructions in the webpage: https://forge.puppet.com/crayfishx/firewalld I installed themodule on the server (without special configuration) I included the following configuration on my node : *[root@srv-eldpupet-02 manifests]# cat site.pp* *node 'centos7-dev01.xxxx.local' { # Applies only to mentioned node; if nothing mentioned, applies to all.* *include snmp* *include firewalld* *firewalld_service { 'Close dhcpv6-client':* * ensure => 'absent',* * service => 'dhcpv6-client',* * zone => 'public',* *}* *[root@srv-eldpupet-02 manifests]#* This configuration works correctly, the snmp service/package and the firewalld service/package are installed. And the service « dhcpv6-client is deactivated correctly, so the firewalld_service function correctly. Now, following the documentation, if I try to use the « firewall_port » instruction, I have the following error on the client and the configuration defined for firewalld_port is not applied : è *Don’t work !!!* *firewalld_port { 'Open port 161 in the public zone':* * ensure => 'present',* * zone => 'public',* * port => '161',* * protocol => 'tcp',* *}* è (Ffor opening the port dedicated to snmp…) With this configuration, I have the following error on my client : *[root@centos7-dev01 ~]# puppet agent -tv* *Info: Using configured environment 'production'* *Info: Retrieving pluginfacts* *Info: Retrieving plugin* *Info: Retrieving locales* *Info: Loading facts* *Info: Caching catalog for centos7-dev01.eldora.local* *Info: Applying configuration version '1566830315'* */opt/puppetlabs/puppet/cache/lib/puppet/type/firewalld_zone.rb:148: warning: key :port is duplicated and overwritten on line 150* *Info: Redefining firewalld_service in Puppet::Type* *Info: Redefining firewalld_port in Puppet::Type* *Error: Execution of '/usr/bin/firewall-cmd --permanent --zone public --add-port /' returned 102: Error: INVALID_PORT* *Error: /Stage[main]/Main/Node[centos7-dev01.eldora.local]/Firewalld_port[Open port 161 in the public zone]/ensure: change from 'absent' to 'present' failed: Execution of '/usr/bin/firewall-cmd --permanent --zone public --add-port /' returned 102: Error: INVALID_PORT* *Notice: /Stage[main]/Firewalld/Exec[firewalld::reload]: Dependency Firewalld_port[Open port 161 in the public zone] has failures: true* *Warning: /Stage[main]/Firewalld/Exec[firewalld::reload]: Skipping because of failed dependencies* *Notice: Applied catalog in 1.85 seconds* *[root@centos7-dev01 ~]#* When the « *firewalld_service »* instruction works without more configuration, the « firewall_port » instruction fail due to « failed dependencies »… I’m sure this is a newbie question… but I don’t find any documentation about that error ! When I try to open the port by command line, no problem: *[root@centos7-dev01 ~]# firewall-cmd --zone=public --add-port=161/udp --permanent* *success* *[root@centos7-dev01 ~]# firewall-cmd --zone=public --add-port=161/tcp --permanent* *success* *[root@centos7-dev01 ~]#* Is there something to configure in the module itself before using « firewalld_port » instruction ? By advance, thanks for your help and have a nice day ! Jean -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/145ead0c-c120-4a40-8d8d-b744208d6497%40googlegroups.com.
