Don't worry too much about the "Failed Dependency"; that's a red-herring in this case. It's not saying that you missed some configuration, it's saying that firewalld::reload class failed because something it was dependent on (the port) failed.
Looks like the fix should be easy: your code has the port number quoted as a string. The documentation says that it should be an integer. Take the quotes off your port value, and give it another shot. On Wednesday, August 28, 2019 at 4:34:45 PM UTC-4, Jean Berthold wrote: > > Hello everyone, > > ’m currently learning about Puppet and I can’t see where is the error in > my configuration… > > > I tested The following module to manage the CentOS firewall, firewalld. > > I > > > > Ok, following the instructions in the webpage: > https://forge.puppet.com/crayfishx/firewalld > > > > I installed themodule on the server (without special configuration) > > I included the following configuration on my node : > > > > *[root@srv-eldpupet-02 manifests]# cat site.pp* > > *node 'centos7-dev01.xxxx.local' { # Applies only to mentioned node; if > nothing mentioned, applies to all.* > > *include snmp* > > *include firewalld* > > > > *firewalld_service { 'Close dhcpv6-client':* > > * ensure => 'absent',* > > * service => 'dhcpv6-client',* > > * zone => 'public',* > > *}* > > *[root@srv-eldpupet-02 manifests]#* > > > > This configuration works correctly, the snmp service/package and the > firewalld service/package are installed. > > And the service « dhcpv6-client is deactivated correctly, so the > firewalld_service function correctly. > > > > Now, following the documentation, if I try to use the « firewall_port » > instruction, I have the following error on the client and the configuration > defined for firewalld_port is not applied : > > > > è *Don’t work !!!* > > > > *firewalld_port { 'Open port 161 in the public zone':* > > * ensure => 'present',* > > * zone => 'public',* > > * port => '161',* > > * protocol => 'tcp',* > > *}* > > > > è (Ffor opening the port dedicated to snmp…) > > > > > > With this configuration, I have the following error on my client : > > > > *[root@centos7-dev01 ~]# puppet agent -tv* > > *Info: Using configured environment 'production'* > > *Info: Retrieving pluginfacts* > > *Info: Retrieving plugin* > > *Info: Retrieving locales* > > *Info: Loading facts* > > *Info: Caching catalog for centos7-dev01.eldora.local* > > *Info: Applying configuration version '1566830315'* > > */opt/puppetlabs/puppet/cache/lib/puppet/type/firewalld_zone.rb:148: > warning: key :port is duplicated and overwritten on line 150* > > *Info: Redefining firewalld_service in Puppet::Type* > > *Info: Redefining firewalld_port in Puppet::Type* > > *Error: Execution of '/usr/bin/firewall-cmd --permanent --zone public > --add-port /' returned 102: Error: INVALID_PORT* > > *Error: > /Stage[main]/Main/Node[centos7-dev01.eldora.local]/Firewalld_port[Open port > 161 in the public zone]/ensure: change from 'absent' to 'present' failed: > Execution of '/usr/bin/firewall-cmd --permanent --zone public --add-port /' > returned 102: Error: INVALID_PORT* > > *Notice: /Stage[main]/Firewalld/Exec[firewalld::reload]: Dependency > Firewalld_port[Open port 161 in the public zone] has failures: true* > > *Warning: /Stage[main]/Firewalld/Exec[firewalld::reload]: Skipping because > of failed dependencies* > > *Notice: Applied catalog in 1.85 seconds* > > *[root@centos7-dev01 ~]#* > > > > > > When the « *firewalld_service »* instruction works without more > configuration, the « firewall_port » instruction fail due to « failed > dependencies »… > > I’m sure this is a newbie question… but I don’t find any documentation > about that error ! > > > > When I try to open the port by command line, no problem: > > > > *[root@centos7-dev01 ~]# firewall-cmd --zone=public --add-port=161/udp > --permanent* > > *success* > > *[root@centos7-dev01 ~]# firewall-cmd --zone=public --add-port=161/tcp > --permanent* > > *success* > > *[root@centos7-dev01 ~]#* > > > > Is there something to configure in the module itself before using > « firewalld_port » instruction ? > > > > By advance, thanks for your help and have a nice day ! > > > > Jean > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d5d23291-9b4f-46a7-add9-107cc79d12ef%40googlegroups.com.
