Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chooses wrong firewall package #90

Closed
jgrill opened this issue Sep 10, 2015 · 7 comments
Closed

Chooses wrong firewall package #90

jgrill opened this issue Sep 10, 2015 · 7 comments

Comments

@jgrill
Copy link

jgrill commented Sep 10, 2015

OS: CentOS 6.6.

Just pulled in the new version of firewall and am seeing the following...

I think iptables should be the default choice for this OS and version, eh?

Compiling Cookbooks...
       [2015-09-10T17:17:32+00:00] WARN: You declared a new resource Chef::Provider::FirewallIptables for resource firewall, but it comes alphabetically after Chef::Provider::FirewallFirewalld and has the same filters ({:platform_family=>["rhel", "fedora"], :os=>"linux"}), so it will not be used. Use override: true if you want to use it for firewall.
       [2015-09-10T17:17:32+00:00] WARN: You declared a new resource Chef::Provider::FirewallRuleIptables for resource firewall_rule, but it comes alphabetically after Chef::Provider::FirewallRuleFirewalld and has the same filters ({:platform_family=>["rhel", "fedora"], :os=>"linux"}), so it will not be used. Use override: true if you want to use it for firewall_rule.
       [2015-09-10T17:17:32+00:00] WARN: You declared a new resource Chef::Provider::FirewallRuleUfw for resource firewall_rule, but it comes alphabetically after Chef::Provider::FirewallRuleIptablesUbuntu and has the same filters ({:platform_family=>["debian"], :os=>"linux"}), so it will not be used. Use override: true if you want to use it for firewall_rule.
       [2015-09-10T17:17:32+00:00] WARN: You declared a new resource Chef::Provider::FirewallUfw for resource firewall, but it comes alphabetically after Chef::Provider::FirewallIptablesUbuntu and has the same filters ({:platform_family=>["debian"], :os=>"linux"}), so it will not be used. Use override: true if you want to use it for firewall.
       Recipe: chef-sugar::default
        (up to date)
         Converging 11 resources
         * chef_gem[chef-sugar] action install (up to date)
       Recipe: firewall::default


         * yum_package[firewalld] action install
           * No candidate version available for firewalld
           ================================================================================
           Error executing action `install` on resource 'yum_package[firewalld]'
           ================================================================================

           Chef::Exceptions::Package
           -------------------------
           No candidate version available for firewalld

           Resource Declaration:
           ---------------------
           # In /tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_firewalld.rb

            32:         package 'firewalld' do
            33:           action :install
            34:         end
            35:
@martinb3
Copy link
Contributor

Hi there! Is this chef 11.x?

@martinb3
Copy link
Contributor

If it's chef 12, could you show us the contents of node[:platform_version]? That's what Chef is being told to check for CentOS to figure out whether to use firewalld or iptables.

@martinb3
Copy link
Contributor

I just re-confirmed our test suites on CentOS 6.7 are choosing iptables over firewalld. Please keep me posted :)

@jgrill
Copy link
Author

jgrill commented Sep 10, 2015

Thanks for the quickness :)

[root@jxg170-tk-two-apps-efx-firewall ~]# chef-client --version
Chef: 12.4.0
[root@jxg170-tk-two-apps-efx-firewall ~]# ohai | grep platform
"platform": "centos",
"platform_version": "6.6",
"platform_family": "rhel",

@martinb3
Copy link
Contributor

I suspect you're running into this bug from Chef 12.4.0. Can you give it a whirl on Chef 12.4.1? I think it'll resolve your issue, since we're also using the same kind of provider block that was reportedly broken in that issue.

@jgrill
Copy link
Author

jgrill commented Sep 11, 2015

That was the problem.

@martinb3
Copy link
Contributor

If you'd like to avoid upgrading, you can also manually specify a provider on each resource, or do something like this:

Chef::Platform.set platform: :centos, version: '< 7.0', resource: :firewall, provider: Chef::Provider::FirewallIptables
Chef::Platform.set platform: :redhat, version: '< 7.0', resource: :firewall, provider: Chef::Provider::FirewallIptables

Chef::Platform.set platform: :centos, version: '< 7.0', resource: :firewall_rule, provider: Chef::Provider::FirewallRuleIptables
Chef::Platform.set platform: :redhat, version: '< 7.0', resource: :firewall_rule, provider: Chef::Provider::FirewallRuleIptables

I think that should still work... but manually specifying a provider on each resource would definitely work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@martinb3 @jgrill