Hello Bart-Jan,
Exactly what I need, great thanks !
my mistake was to not look in the module code...
The syntax is given here:
[root@srv-eldpupet-02 type]# pwd
/etc/puppetlabs/code/environments/production/modules/firewalld/lib/puppet/
type
[root@srv-eldpupet-02 type]# cat firewalld_port.rb
require 'puppet'
Puppet::Type.newtype(:firewalld_port) do
@doc =%q{Assigns a port to a specific firewalld zone.
firewalld_port will autorequire the firewalld_zone specified in the
zone parameter so there is no need to add dependencies for this
Example:
firewalld_port {'Open port 8080 in the public Zone':
ensure => 'present',
zone => 'public',
port => {
'port' => 8080,
'protocol' => 'tcp',
},
}
Thanks again and have a nice day !
Jean
Le samedi 31 août 2019 17:19:19 UTC+2, Bart-Jan Vrielink a écrit :
>
> Hello,
>
>
> I believe 'port' should be a hash that consist of 'port' and 'protocol'
> parameters:
>
>
> Example:
>
> firewalld_port {'Open port 8080 in the public Zone':
> ensure => 'present',
> zone => 'public',
> port => {
> 'port' => 8080,
> 'protocol' => 'tcp',
> },
> }
> }
>
> The documentation for this module is confusing on this point, but in the
> source code I see that it only accept hashes, like shown in the
> 'parameters' part of the documentation for firewalld_port (
> https://forge.puppet.com/crayfishx/firewalld#parameters-6)
>
>
>
> -----Original message-----
> *From:* Jean Berthold <[email protected] <javascript:>>
> *Sent:* Friday 30th August 2019 20:05
> *To:* Puppet Users <[email protected] <javascript:>>
> *Subject:* [Puppet Users] Re: firewalld module configuration issue
>
> Hello A Manzer and thank you for your suggesion,
>
> I tried to remove the quotes but no more success...
>
> root@srv-eldpupet-02 manifests]# cat site.pp
> node 'centos7-dev01.xxx.local'{# Applies only to mentioned node; if
> nothing mentioned, applies to all.
> include snmp
> include firewalld
> include 'add_user'
>
> firewalld_service {'Close dhcpv6-client':
> ensure =>'present',
> service =>'dhcpv6-client',
> zone =>'public',
> }
>
> firewalld_port {'Open port 161 in the public zone':
> ensure =>'present',
> zone =>'public',
> port =>161,
> protocol =>'udp',
> }
>
> The output on the node:
>
> [root@centos7-dev01 ~]# puppet agent -tv
> Info:Using configured environment 'production'
> Info:Retrieving pluginfacts
> Info:Retrieving plugin
> Info:Retrieving locales
> Info:Loading facts
> Info:Caching catalog for centos7-dev01.xxxx.local
> Info:Applying configuration version '1567171673'
> /opt/puppetlabs/puppet/cache/lib/puppet/type/firewalld_zone.rb:148:
> warning: key :port is duplicated and overwritten on line 150
> Info:Redefining firewalld_service inPuppet::Type
> Info:Redefining firewalld_port inPuppet::Type
> Error:/Stage[main]/Main/Node[centos7-dev01.xxx.local]/Firewalld_port[Open
> port 161in the public zone]:Couldnot evaluate:noimplicit conversion of
> StringintoInteger
> Notice:/Stage[main]/Firewalld/Exec[firewalld::reload]:Dependency
> Firewalld_port[Open port 161in the public zone] has failures:true
> Warning:/Stage[main]/Firewalld/Exec[firewalld::reload]:Skipping because
> of failed dependencies
> Notice:Applied catalog in1.10 seconds
> [root@centos7-dev01 ~]#
>
> Again the message about conversion of String into Integer...
> I followed the syntax given in the documentation...
>
> Thanks again !
>
>
>
>
>
>
>
>
> Le mercredi 28 août 2019 22:34:45 UTC+2, Jean Berthold a écrit :
>>
>> Hello everyone,
>>
>> ’m currently learning about Puppet and I can’t see where is the error in
>> my configuration…
>>
>>
>> I tested The following module to manage the CentOS firewall, firewalld.
>>
>> I
>>
>>
>>
>> Ok, following the instructions in the webpage:
>> https://forge.puppet.com/crayfishx/firewalld
>>
>>
>>
>> I installed themodule on the server (without special configuration)
>>
>> I included the following configuration on my node :
>>
>>
>>
>> *[root@srv-eldpupet-02 manifests]# cat site.pp*
>>
>> *node 'centos7-dev01.xxxx.local' { # Applies only to mentioned node; if
>> nothing mentioned, applies to all.*
>>
>> *include snmp*
>>
>> *include firewalld*
>>
>>
>>
>> *firewalld_service { 'Close dhcpv6-client':*
>>
>> * ensure => 'absent',*
>>
>> * service => 'dhcpv6-client',*
>>
>> * zone => 'public',*
>>
>> *}*
>>
>> *[root@srv-eldpupet-02 manifests]#*
>>
>>
>>
>> This configuration works correctly, the snmp service/package and the
>> firewalld service/package are installed.
>>
>> And the service « dhcpv6-client is deactivated correctly, so the
>> firewalld_service function correctly.
>>
>>
>>
>> Now, following the documentation, if I try to use the « firewall_port »
>> instruction, I have the following error on the client and the configuration
>> defined for firewalld_port is not applied :
>>
>>
>>
>> è*Don’t work !!!*
>>
>>
>>
>> *firewalld_port { 'Open port 161 in the public zone':*
>>
>> * ensure => 'present',*
>>
>> * zone => 'public',*
>>
>> * port => '161',*
>>
>> * protocol => 'tcp',*
>>
>> *}*
>>
>>
>>
>> è(Ffor opening the port dedicated to snmp…)
>>
>>
>>
>>
>>
>> With this configuration, I have the following error on my client :
>>
>>
>>
>> *[root@centos7-dev01 ~]# puppet agent -tv*
>>
>> *Info: Using configured environment 'production'*
>>
>> *Info: Retrieving pluginfacts*
>>
>> *Info: Retrieving plugin*
>>
>> *Info: Retrieving locales*
>>
>> *Info: Loading facts*
>>
>> *Info: Caching catalog for centos7-dev01.eldora.local*
>>
>> *Info: Applying configuration version '1566830315'*
>>
>> */opt/puppetlabs/puppet/cache/lib/puppet/type/firewalld_zone.rb:148:
>> warning: key :port is duplicated and overwritten on line 150*
>>
>> *Info: Redefining firewalld_service in Puppet::Type*
>>
>> *Info: Redefining firewalld_port in Puppet::Type*
>>
>> *Error: Execution of '/usr/bin/firewall-cmd --permanent --zone public
>> --add-port /' returned 102: Error: INVALID_PORT*
>>
>> *Error:
>> /Stage[main]/Main/Node[centos7-dev01.eldora.local]/Firewalld_port[Open port
>> 161 in the public zone]/ensure: change from 'absent' to 'present' failed:
>> Execution of '/usr/bin/firewall-cmd --permanent --zone public --add-port /'
>> returned 102: Error: INVALID_PORT*
>>
>> *Notice: /Stage[main]/Firewalld/Exec[firewalld::reload]: Dependency
>> Firewalld_port[Open port 161 in the public zone] has failures: true*
>>
>> *Warning: /Stage[main]/Firewalld/Exec[firewalld::reload]: Skipping
>> because of failed dependencies*
>>
>> *Notice: Applied catalog in 1.85 seconds*
>>
>> *[root@centos7-dev01 ~]#*
>>
>>
>>
>>
>>
>> When the « *firewalld_service »* instruction works without more
>> configuration, the « firewall_port » instruction fail due to « failed
>> dependencies »…
>>
>> I’m sure this is a newbie question… but I don’t find any documentation
>> about that error !
>>
>>
>>
>> When I try to open the port by command line, no problem:
>>
>>
>>
>> *[root@centos7-dev01 ~]# firewall-cmd --zone=public --add-port=161/udp
>> --permanent*
>>
>> *success*
>>
>> *[root@centos7-dev01 ~]# firewall-cmd --zone=public --add-port=161/tcp
>> --permanent*
>>
>> *success*
>>
>> *[root@centos7-dev01 ~]#*
>>
>>
>>
>> Is there something to configure in the module itself before using
>> « firewalld_port » instruction ?
>>
>>
>>
>> By advance, thanks for your help and have a nice day !
>>
>>
>>
>> Jean
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected] <javascript:>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/782b0f68-6dbb-4606-9661-dd3c9a131fef%40googlegroups.com
>
> <https://groups.google.com/d/msgid/puppet-users/782b0f68-6dbb-4606-9661-dd3c9a131fef%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/1b0160c2-467d-47aa-aa9c-774581f71d59%40googlegroups.com.
