Hello,
I believe 'port' should be a hash that consist of 'port' and 'protocol'
parameters:
Example:
firewalld_port {'Open port 8080 in the public Zone':
ensure => 'present',
zone => 'public',
port => {
'port' => 8080,
'protocol' => 'tcp',
},
}
}
The documentation for this module is confusing on this point, but in the source
code I see that it only accept hashes, like shown in the 'parameters' part of
the documentation for firewalld_port
(https://forge.puppet.com/crayfishx/firewalld#parameters-6)
-----Original message-----
From: Jean Berthold <[email protected]>
Sent: Friday 30th August 2019 20:05
To: Puppet Users <[email protected]>
Subject: [Puppet Users] Re: firewalld module configuration issue
Hello A Manzer and thank you for your suggesion,
I tried to remove the quotes but no more success...
root@srv-eldpupet-02 manifests]# cat site.pp
node 'centos7-dev01.xxx.local'{# Applies only to mentioned node; if nothing
mentioned, applies to all.
include snmp
include firewalld
include 'add_user'
firewalld_service {'Close dhcpv6-client':
ensure =>'present',
service =>'dhcpv6-client',
zone =>'public',
}
firewalld_port {'Open port 161 in the public zone':
ensure =>'present',
zone =>'public',
port =>161,
protocol =>'udp',
}
The output on the node:
[root@centos7-dev01 ~]# puppet agent -tv
Info:Using configured environment 'production'
Info:Retrieving pluginfacts
Info:Retrieving plugin
Info:Retrieving locales
Info:Loading facts
Info:Caching catalog for centos7-dev01.xxxx.local
Info:Applying configuration version '1567171673'
/opt/puppetlabs/puppet/cache/lib/puppet/type/firewalld_zone.rb:148: warning:
key :port is duplicated and overwritten on line 150
Info:Redefining firewalld_service inPuppet::Type
Info:Redefining firewalld_port inPuppet::Type
Error:/Stage[main]/Main/Node[centos7-dev01.xxx.local]/Firewalld_port[Open port
161in the public zone]:Couldnot evaluate:noimplicit conversion of
StringintoInteger
Notice:/Stage[main]/Firewalld/Exec[firewalld::reload]:DependencyFirewalld_port[Open
port 161in the public zone] has failures:true
Warning:/Stage[main]/Firewalld/Exec[firewalld::reload]:Skipping because of
failed dependencies
Notice:Applied catalog in1.10 seconds
[root@centos7-dev01 ~]#
Again the message about conversion of String into Integer...
I followed the syntax given in the documentation...
Thanks again !
Le mercredi 28 août 2019 22:34:45 UTC+2, Jean Berthold a écrit :
Hello everyone,
’m currently learning about Puppet and I can’t see where is the error in my
configuration…
I tested The following module to manage the CentOS firewall, firewalld.
I
Ok, following the instructions in the webpage:
https://forge.puppet.com/crayfishx/firewalld
I installed themodule on the server (without special configuration)
I included the following configuration on my node :
[root@srv-eldpupet-02 manifests]# cat site.pp
node 'centos7-dev01.xxxx.local' { # Applies only to mentioned node; if nothing
mentioned, applies to all.
include snmp
include firewalld
firewalld_service { 'Close dhcpv6-client':
ensure => 'absent',
service => 'dhcpv6-client',
zone => 'public',
}
[root@srv-eldpupet-02 manifests]#
This configuration works correctly, the snmp service/package and the firewalld
service/package are installed.
And the service « dhcpv6-client is deactivated correctly, so the
firewalld_service function correctly.
Now, following the documentation, if I try to use the « firewall_port »
instruction, I have the following error on the client and the configuration
defined for firewalld_port is not applied :
èDon’t work !!!
firewalld_port { 'Open port 161 in the public zone':
ensure => 'present',
zone => 'public',
port => '161',
protocol => 'tcp',
}
è(Ffor opening the port dedicated to snmp…)
With this configuration, I have the following error on my client :
[root@centos7-dev01 ~]# puppet agent -tv
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for centos7-dev01.eldora.local
Info: Applying configuration version '1566830315'
/opt/puppetlabs/puppet/cache/lib/puppet/type/firewalld_zone.rb:148: warning:
key :port is duplicated and overwritten on line 150
Info: Redefining firewalld_service in Puppet::Type
Info: Redefining firewalld_port in Puppet::Type
Error: Execution of '/usr/bin/firewall-cmd --permanent --zone public --add-port
/' returned 102: Error: INVALID_PORT
Error: /Stage[main]/Main/Node[centos7-dev01.eldora.local]/Firewalld_port[Open
port 161 in the public zone]/ensure: change from 'absent' to 'present' failed:
Execution of '/usr/bin/firewall-cmd --permanent --zone public --add-port /'
returned 102: Error: INVALID_PORT
Notice: /Stage[main]/Firewalld/Exec[firewalld::reload]: Dependency
Firewalld_port[Open port 161 in the public zone] has failures: true
Warning: /Stage[main]/Firewalld/Exec[firewalld::reload]: Skipping because of
failed dependencies
Notice: Applied catalog in 1.85 seconds
[root@centos7-dev01 ~]#
When the « firewalld_service » instruction works without more configuration,
the « firewall_port » instruction fail due to « failed dependencies »…
I’m sure this is a newbie question… but I don’t find any documentation about
that error !
When I try to open the port by command line, no problem:
[root@centos7-dev01 ~]# firewall-cmd --zone=public --add-port=161/udp
--permanent
success
[root@centos7-dev01 ~]# firewall-cmd --zone=public --add-port=161/tcp
--permanent
success
[root@centos7-dev01 ~]#
Is there something to configure in the module itself before using «
firewalld_port » instruction ?
By advance, thanks for your help and have a nice day !
Jean
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected]
<mailto:[email protected]> .
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/782b0f68-6dbb-4606-9661-dd3c9a131fef%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/zarafa.5d6a8fe3.3c2c.73c63eef1870bfdb%40anjie.dontpanic.nl.
