Issue #16992 has been updated by Alex Antonov. Assignee set to Josh Cooper Target version set to 2.7.x
Sure. This manifest is for iptables module and it's taken from http://projects.puppetlabs.com/projects/1/wiki/Module_Iptables_Patterns # Handles iptables concerns. See also ipt_fragment definition define ipt_fragment($ensure) { case $ensure { absent: { file { "/etc/iptables.d/$name": ensure => absent, } } present: { file { "/etc/iptables.d/$name": source => "puppet://puppet/iptables/fragments/$name", notify => Exec[rebuild_iptables], } } } } class iptables { package { "iptables": ensure => present } exec { "rebuild_iptables": command => "/usr/sbin/rebuild-iptables", refreshonly => true, require => File["/usr/sbin/rebuild-iptables"], } file { "/etc/iptables.d": ensure => directory, purge => true, recurse => true, force => true, source => "puppet:///iptables/empty", notify => Exec["rebuild_iptables"]; "/usr/sbin/rebuild-iptables": source => "puppet://puppet/iptables/rebuild-iptables"; } } One moment here: i use puppet with foreman as ENS (as i already said above). I created separate classes for every iptables rule, so i can assign to nodes any rule in web interface. Class template looks like: class 001_in_web_webssl_public { include iptables ipt_fragment { [ "001_in_web_webssl_public" ] : ensure => present } } where "001_in_web_webssl_public" is the name of a fragment. The fragment itself looks like: # incoming web and web ssl public -A INPUT -p tcp -m tcp -d ip_address --dport 80 -m comment --comment "incoming web public" -j ACCEPT -A INPUT -p tcp -m tcp -d ip_address --dport 443 -m comment --comment "incoming web ssl public" -j ACCEPT ---------------------------------------- Bug #16992: Puppet agents do not appear to work properly on Centos 6.3 https://projects.puppetlabs.com/issues/16992#change-74923 Author: Alex Antonov Status: Needs More Information Priority: Normal Assignee: Josh Cooper Category: Target version: 2.7.x Affected Puppet version: 2.7.19 Keywords: Branch: Hi. I have the same issue as one described in ticket "Bug #15608". But I don't have rotate option in my /etc/resolv.conf. My puppet server system is: # uname -a Linux puppet 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 01:07:11 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux # lsb_release -a LSB Version: :core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.3 (Final) Release: 6.3 Codename: Final My package versions are: puppet-server-2.7.19-1.el6.noarch puppet-2.7.19-1.el6.noarch ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux] foreman-0.4.2-0.1.noarch Puppet server and foreman run on nginx 1.2.3 builded from sources with passenger passenger (3.0.17) Foreman runs as ENC. Agent run test trace: # puppet agent --test --debug ... err: /File[/etc/iptables.d/039_in_ssh_intranet]: Could not evaluate: getaddrinfo: Name or service not known Could not retrieve file metadata for puppet:///modules/iptables/fragments/039_in_ssh_intranet: getaddrinfo: Name or service not known at /etc/puppet/modules/iptables/manifests/init.pp:13 ... notice: /Stage[main]/Iptables/Exec[rebuild_iptables]: Dependency File[/etc/iptables.d/039_in_ssh_intranet] has failures: true warning: /Stage[main]/Iptables/Exec[rebuild_iptables]: Skipping because of failed dependencies ... I cannot reproduce this error on every puppet agent run. It appears from time to time. Downgrade of glibc packages doesn't seem to resolve the issue. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
