Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-1840

Flush IPTables Type if path no longer exists

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall, supported
    • Labels:
      None
    • Template:
    • Epic Link:
    • Team:
      Modules
    • CS Priority:
      Reviewed

      Description

      So the iptables types won't flush if the path to run them has been changed since the type was created.

      Hard to explain, but the following scenario replicates it:

          class { 'firewall':}
          ->
          resources{ 'firewall':
            purge => true,
          }
          ->
          firewall { '555 - test':
            proto  => tcp,
            port   => '555',
            action => accept,
          }
          "
      

      Expected:
      Class firewall installs the correct firewall package on RHEL7 (iptables-services)
      Then uses the correct path to run the purge command from the type and provider

      Actual
      Class firewall installs the correct firewall package on RHEL7 (iptables-services)
      The old path is still loaded in the type and provider, so it tries to run the purge using the old paths to no avail:

      Logs:

      Warning: Firewall[9038 62d1ab13e33ca508e42463ca58d129a0](provider=ip6tables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/ip6tables.init save' returned 1:
      Notice: /Stage[main]/Main/Firewall[9042 ccf69992426bb7a04ee13714ba2901ae]/ensure: removed
      

      So my gut feeling is the flush method on the type and provider needs some sort of "Does the path still exist" logic in it

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              peter.souter Peter Souter
              Votes:
              4 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:

                  Zendesk Support