Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-10907

puppetlabs-firewall : hex-string parameter is not idempotent

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Template:
      MODULES Bug Template
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Basic Info
      Module Version: 2.7.0
      Puppet Version: 5.5.21
      OS Name/Version: RHEL7.4

      When a negated string_hex is used with a space in it Puppet thinks it needs to be changed every run. Example Puppet resource below. I think this is happening because the space is being deleted out of the relevant line of ip6tables-save output by this line

      Resource:

      firewall { '500 allow v6 non-any queries':
        chain       => 'mychain',
        proto       => 'udp',
        dport       => '53',
        string_hex  => '! |0000ff0001|',
        string_algo => 'bm',
        to          => '65535',
        action      => 'accept',
        provider    => 'ip6tables',
      }
      

      Related line in output of ip6tables-save:

      -A mychain -p udp -m multiport --dports 53 -m string ! --hex-string "|0000ff0001|" --algo bm --to 65535 -m comment --comment "500 allow v6 non-any queries" -j ACCEPT
      

      Puppet Agent output (this happens every run):

      (/Stage[main]/my_class_name/Firewall[500 allow v6 non-any queries]/string_hex) string_hex changed '! |0000ff0001|' to '!|0000ff0001|' (corrective)
      

      Desired Behavior: the string_hex change is made a single time

      Actual Behavior: the string_hex change is made every run

        Attachments

          Activity

            People

            Assignee:
            adrian.iurca Adrian Iurca
            Reporter:
            echan525 Evan Chaney
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support