Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regression 3.1.5: firewalld_rich_rule failes when firewalld is not running #112

Closed
elconas opened this issue Feb 1, 2017 · 3 comments
Closed

Regression 3.1.5: firewalld_rich_rule failes when firewalld is not running #112

elconas opened this issue Feb 1, 2017 · 3 comments
Labels
bug Something isn't working

Comments

@elconas
Copy link
Contributor

elconas commented Feb 1, 2017

When firewalld is not running when firewalld_rich_rule is applied, it failes with:

Firewalld_rich_rule[NAME]: Could not evaluate: Execution of '/bin/firewall-offline-cmd --zone ZONE --query-rich-rule rule family="ipv4" source address="0.0.0.0/0" service name="SERVICE" accept' returned 1: no

On the second run and when firewalld is already running, everything works ok.
@elconas
Copy link
Contributor Author

elconas commented Feb 1, 2017

Two ways to fix it:

--- a/lib/puppet/provider/firewalld_rich_rule/firewall_cmd.rb
+++ b/lib/puppet/provider/firewalld_rich_rule/firewall_cmd.rb
@@ -12,7 +12,11 @@ Puppet::Type.type(:firewalld_rich_rule).provide(

   def exists?
     @rule_args ||= build_rich_rule
-    output=execute_firewall_cmd(['--query-rich-rule', @rule_args], @resource[:zone], true, false)
+    begin
+      output=execute_firewall_cmd(['--query-rich-rule', @rule_args], @resource[:zone], true, false)
+    rescue Puppet::ExecutionFailure => e
+      return false
+    end
     output.exitstatus == 0
   end

Or

--- a/lib/puppet/provider/firewalld.rb
+++ b/lib/puppet/provider/firewalld.rb
@@ -61,7 +61,7 @@ class Puppet::Provider::Firewalld < Puppet::Provider
     if online?
       self.class.execute_firewall_cmd(args, zone, perm, failonfail)
     else
-      self.class.execute_firewall_cmd(args, zone, false, true, 'firewall-offline-cmd')
+      self.class.execute_firewall_cmd(args, zone, false, failonfail, 'firewall-offline-cmd')
     end
   end

elconas pushed a commit to elconas/puppet-firewalld that referenced this issue Feb 1, 2017
@rhmms
Fixed Issue voxpupuli#112
f698ea2
@elconas elconas mentioned this issue Feb 1, 2017
Merged
@elconas elconas changed the title Regression 3.1.6: firewalld_rich_rule failes when firewalld is not running Regression 3.1.5: firewalld_rich_rule failes when firewalld is not running Feb 1, 2017
@elconas
Copy link
Contributor Author

elconas commented Feb 1, 2017

With 3.1.4 it still works.

@crayfishx
Copy link
Contributor

I seem to remember there was a reason for forcing failonfail when offline... or maybe there wasn't - I'll add this fix in and test it against the scenarios we were trying to fix.

@crayfishx crayfishx added accepted bug Something isn't working labels Feb 13, 2017
crayfishx added a commit that referenced this issue Feb 27, 2017
@crayfishx
Merge pull request #113 from elconas/fix_112
4bed9ca 
Fixed Issue #112
@gchaix gchaix mentioned this issue Jun 30, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crayfishx @elconas