Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-7862

puppetlabs-firewall : No such file or directory - /usr/libexec/iptables/iptables.init

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Template:
      MODULES Bug Template
    • Acceptance Criteria:
      Hide

      Successfully excuting iptables.init by ensuring the package "iptables-services" is installed on CentOS and RHEL derived systems.

      Show
      Successfully excuting iptables.init by ensuring the package "iptables-services" is installed on CentOS and RHEL derived systems.
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Module Version: 1.12.0
      Puppet Version: 5.5.6
      OS Name/Version: CentOS 7.5 (official minimal image for AWS that had iptables but not firewalld installed)

      When declaring a defined resource "firewall", the module attempts to execute /usr/libexec/iptables/iptables.init, but it is doesn't necessarily exists when package "iptables-services" is not installed, for example on a new EC2 instance created on AWS.

      For example I have something like this in one of my manifests:

        firewall { '001 ssh':
          dport  => 22,
          proto  => 'tcp',
          action => 'accept',
        }
      

      Upon running puppet, I get the following warning:

      Warning: Firewall[__001 ssh__](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1: Error: Could not execute posix command: No such file or directory - /usr/libexec/iptables/iptables.init

      Desired Behavior:

      The module to ensure that package "iptables-services" is installed before applying the firewall rule.

      Actual Behavior:

      The module attempts to execute /usr/libexec/iptables/iptables.init unsucessfully when package "iptables-services" is not already installed, for example on a new EC2 instance created on AWS.

      Work around:

      Add package "iptables-services" resource before using the firewall module:

      package { 'iptables-services':
        ensure => installed,
      }
      

      or

      puppet resource package iptables-services ensure=installed

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              sunnymhfa Sunny
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support