Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-10947

puppetlabs-firewall : iptables-persistent should be a prereq on Raspberry Pi OS

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Environment:

      Raspberry Pi OS (renamed from "Raspbian") 2020-12.  Debian Buster based.

    • Template:
      MODULES Bug Template
    • Acceptance Criteria:
      1. iptables state is preserved when altered by puppetlabs-firewall and hence survives a reboot.
      2. No error or warning message is given about inability to persist firewall rules when altered by puppetlabs-firewall.
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Basic Info
      Module Version: 2.8.1
      Puppet Version: 7.4.0
      OS Name/Version: Raspberry Pi OS 2020-12 with current patches

      puppetlabs-firewall does not detect that the apt package 'iptables-persistent' is required on this OS and does not install it.  This causes an error during firewall alterations, plus the firewall configuration is not persisted and hence not applied at reboot.

      Desired Behavior:

      iptables state is preserved when altered by puppetlabs-firewall and survives a reboot.

      Actual Behavior:

      root@redacted:/root# puppet agent -t
      Info: Using configured environment 'redacted'
      [...]
      Info: Applying configuration version 'redacted'
      Notice: /Stage[main]/Profile::Base/Firewall[100 redacted]/ensure: removed
      Warning: Firewall[100 redacted](provider=iptables): Unable to persist firewall rules: Execution of '/usr/sbin/service iptables-persistent save' returned 1: iptables-persistent: unrecognized service
      Notice: /Stage[main]/Profile::Base/Firewall[100 redacted]/ensure: created
      Warning: Firewall[100 redacted](provider=iptables): Unable to persist firewall rules: Execution of '/usr/sbin/service iptables-persistent save' returned 1: iptables-persistent: unrecognized service
      **[...]
      root@redacted:/root# facter
      [...]
      os => {
      {{ architecture => "armv7l",}}
      {{ distro => {}}
      {{ codename => "buster",}}
      {{ description => "Raspbian GNU/Linux 10 (buster)",}}
      {{ id => "Raspbian",}}
      {{ release => {}}
      {{ full => "10.8",}}
      {{ major => "10",}}
      {{ minor => "8"}}
      {{ }}}
      {{ },}}
      {{ family => "Debian",}}
      {{ hardware => "armv7l",}}
      {{ name => "Raspbian",}}
      {{ release => {}}
      {{ full => "10.8",}}
      {{ major => "10",}}
      {{ minor => "8"}}
      {{ },}}
      {{ selinux => {}}
      {{ enabled => false}}
      {{ }}}
      }
      [...]

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              Ozzard Peter Crowther
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:

                  Zendesk Support