Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add install_method parameter #104

Merged
merged 1 commit into from
May 18, 2020
Merged

add install_method parameter #104

merged 1 commit into from
May 18, 2020

Conversation

Dan33l
Copy link
Member

@Dan33l Dan33l commented May 2, 2020

Pull Request (PR) description

This PR add parameter install_method that permits to choose between package and vcsrepo. This permit to install more recent version of ferm when desired.

This Pull Request (PR) fixes the following issues

Fixes #103

bastelfreak
bastelfreak reviewed May 2, 2020
View reviewed changes
manifests/config.pp Outdated Show resolved Hide resolved
@Dan33l Dan33l changed the title add install_method parameter WIP : add install_method parameter May 2, 2020
@Dan33l
Copy link
Member Author

Dan33l commented May 4, 2020
edited
Loading

Note to myself, the CentOS6 is failing to start service ferm with message :

starting firewall fermFATAL: Could not load /lib/modules/4.15.0-74-generic/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/4.15.0-74-generic/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/4.15.0-74-generic/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/4.15.0-74-generic/modules.dep: No such file or directory

The directory is empty.

We already have the message on master branch.

@Dan33l Dan33l added the enhancement New feature or request label May 10, 2020
@Dan33l
Copy link
Member Author

Dan33l commented May 10, 2020
edited
Loading

On debian10, it looks that iptables-save point to /usr/sbin/xtables-nft-multi.

The acceptance test uses iptables-save to verify rules. But to check rules with install_method => vcsrepo we have to use iptables-legacy-save instead of iptables-save

Edit:
Extract from CHANGELOG file aka NEWS:

v2.5 - 22 Nov 2019

  • call "legacy" xtables tools because nft based tools are incompatible

MaxKellermann/ferm@47b78b6

The ferm version shipped by debian10 package is 2.4.
This explain why the result is different with last ferm sersion 2.5.1

@Dan33l Dan33l force-pushed the install_from_sources branch 3 times, most recently from 725d1cc to bc18180 Compare May 16, 2020 20:51
@Dan33l Dan33l changed the title WIP : add install_method parameter add install_method parameter May 16, 2020
bastelfreak
bastelfreak reviewed May 16, 2020
View reviewed changes
manifests/install.pp Outdated
ensure => absent,
}

-> package { ['iptables', 'perl', 'make']:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

at least perl and make could be managed by another module, should be use ensure_package here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The function ensure_packages() is now used.

@Dan33l Dan33l force-pushed the install_from_sources branch 5 times, most recently from b327d8c to d9369ba Compare May 18, 2020 08:45
bastelfreak
bastelfreak reviewed May 18, 2020
View reviewed changes
manifests/config.pp Outdated
@@ -10,6 +10,19 @@

$_ip = join($ferm::ip_versions, ' ')

if $facts['systemd'] { #fact provided by systemd module
if $ferm::install_method == 'vcsrepo' and $ferm::manage_service {
include systemd::systemctl::daemon_reload
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this isn't required. systemd::dropin_file does the notify:
https://github.com/camptocamp/puppet-systemd/blob/master/manifests/dropin_file.pp#L93-L103

bastelfreak
bastelfreak reviewed May 18, 2020
View reviewed changes
manifests/init.pp Outdated
@@ -67,6 +70,9 @@
Hash $chains = {},
Array[Enum['ip','ip6']] $ip_versions = ['ip','ip6'],
Hash[String[1],Array[String[1]]] $preserve_chains_in_tables = {},
Enum['package','vcsrepo'] $install_method = 'package',
String $vcsrepo = 'https://github.com/MaxKellermann/ferm.git',
String $vcstag = 'v2.5.1',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
String $vcstag = 'v2.5.1',
String[1] $vcstag = 'v2.5.1',

bastelfreak
bastelfreak reviewed May 18, 2020
View reviewed changes
manifests/init.pp Outdated
@@ -67,6 +70,9 @@
Hash $chains = {},
Array[Enum['ip','ip6']] $ip_versions = ['ip','ip6'],
Hash[String[1],Array[String[1]]] $preserve_chains_in_tables = {},
Enum['package','vcsrepo'] $install_method = 'package',
String $vcsrepo = 'https://github.com/MaxKellermann/ferm.git',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
String $vcsrepo = 'https://github.com/MaxKellermann/ferm.git',
Stdlib::HTTPSUrl $vcsrepo = 'https://github.com/MaxKellermann/ferm.git',

bastelfreak
bastelfreak reviewed May 18, 2020
View reviewed changes
manifests/install.pp Outdated
}
'vcsrepo': {
$_source_path = '/opt/ferm'
ensure_packages (['iptables', 'perl', 'make'], { ensure => present })
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

isn't git also a requirement that should be installed?

bastelfreak
bastelfreak reviewed May 18, 2020
View reviewed changes
spec/acceptance/ferm_spec.rb
@@ -43,12 +53,36 @@ class { 'ferm':
},
},
ip_versions => ['ip'], #only ipv4 available with CI
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why did you delete this line?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to factorize the manifest and add at this end some parameters or not

bastelfreak
bastelfreak reviewed May 18, 2020
View reviewed changes
spec/spec_helper_acceptance.rb Outdated
@@ -2,4 +2,5 @@

configure_beaker do |host|
install_package(host, 'epel-release') if fact_on(host, 'os.name') == 'CentOS'
install_package(host, 'git')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this isn't required anymore since we now manage the git package.

@Dan33l Dan33l force-pushed the install_from_sources branch 4 times, most recently from 48bbd6b to 007a9bd Compare May 18, 2020 20:04
@bastelfreak bastelfreak merged commit 1924c40 into voxpupuli:master May 18, 2020
@Dan33l Dan33l deleted the install_from_sources branch May 18, 2020 20:16
@Dan33l
Copy link
Member Author

Dan33l commented May 18, 2020

@bastelfreak thank you for the review

@foxxx0 foxxx0 mentioned this pull request Jun 22, 2020
Merged
@vox-pupuli-tasks
Copy link

Dear @Dan33l, thanks for the PR!

This is Vox Pupuli Tasks, your friendly Vox Pupuli Github Bot. I noticed that your pull request has CI failures. Can you please have a look at the failing CI jobs?
If you need any help, you can reach out to us on our IRC channel voxpupuli on Freenode or our Slack channel voxpupuli at slack.puppet.com.
You can find my sourcecode at voxpupuli/vox-pupuli-tasks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bastelfreak bastelfreak bastelfreak left review comments

Assignees
No one assigned
Labels
enhancement New feature or request tests-fail
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unrecognized keyword: @preserve with ubuntu1604
2 participants
@Dan33l @bastelfreak