Issue #10711 has been updated by Justin Ellison. Status changed from Closed to Re-opened
I did figure this out. I have a mixed environment of some CentOS 5 and some CentOS 6. I introduced CentOS 6 at the same time I upgraded puppetlabs-firewall, and that was the source of the confusion. I'm pretty sure this has less to do with the $operatingsystemrelease and has more to do with the kernel version, but I'll stick to what I know for sure. In CentOS 5, if you add a firewall resource with a source property of '127.0.0.1/32', 'puppet resource firewall' will output the source as '127.0.0.1'. This will cause puppet to needlessly re-apply the resource on each run. If you use a source property of '127.0.0.1', things work as they should. In CentOS 6, the bits are flipped. If you add a resource with source property of '127.0.0.1', 'puppet resource firewall' will output the source as '127.0.0.1/32'. You can see where this is going. I had to create a case statement based on $operatingsystemrelease that either set $iptables_host_suffix to empty string, or '/32', and use that to get both releases to work together the right way. ---------------------------------------- Bug #10711: In 0.0.2 of puppetlabs-firewall, source property doesn't grok what '/32' means https://projects.puppetlabs.com/issues/10711 Author: Justin Ellison Status: Re-opened Priority: Normal Assignee: Category: Target version: Affected Puppet version: Keywords: Branch: I'm about 80% sure this didn't happen with 0.0.1, but certainly could be wrong. Given the following resource: firewall { "test rule": action => 'accept', source => 127.0.0.1, state => "NEW", dport => '25', proto => "tcp", } Upon each puppet run after the initial insertion of the rule the first time, it tries to update the rule, because iptables reports that the source is '127.0.0.1/32' instead of just '127.0.0.1'. Obviously, those two values are functional equivalents. A quick workaround is to simply set source to '127.0.0.1/32' in the resource. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
