Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-6129

firewall : Error when not purging docker-made rules

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Environment:

      Linux jess4 4.9.0-4-amd64 #1 SMP Debian 4.9.51-1 (2017-09-28) x86_64 GNU/Linux
      Debian GNU/Linux 9.2 (stretch)
      Jenkins node
      puppetlabs-firewall 1.10.0
      puppet 4.8.2
      Docker version 17.09.0-ce, build afdb6d4

    • QA Risk Assessment:
      Needs Assessment

      Description

      Basic Info
      puppetlabs-firewall 1.10.0
      puppet 4.8.2
      Debian GNU/Linux 9.2 (stretch)

      We are using docker on our jenkins nodes. Docker adds firewall rules which we'd like puppet to ignore. The puppet config looks like this:

      class fw {
        case $hostname {
          /^jess/: { }
          /^zoe/: { }
          default: {
            resources { 'firewall':
              purge => true,
            }
          }
        }
        Firewall {
          before  => Class['fw::post'],
          require => Class['fw::pre'],
        }
        class { ['fw::pre', 'fw::post']: }
        class { 'firewall': }
      }
      

      jess[0-9]+ and zoe.* are jenkins nodes where we'd like to ignore the docker-created rules. However, one of the rules looks like this:

      -A FORWARD -i br-376f8c7b6d16 ! -o br-376f8c7b6d16 -j ACCEPT
      

      Puppet then fails on the jenkins nodes with the following error:

      Error: Failed to apply catalog: Parser error: keys (3) and values (5) count mismatch on line: -A FORWARD -i br-376f8c7b6d16 ! -o br-376f8c7b6d16 -j ACCEPT
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            pdr Pete Ryland
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support