Cory Thank you very much!!! that was the issue... target prot opt source destination ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 /* 000 accept all icmp */ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* 001 accept all to lo interface */ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* 002 accept related established rules */ ctstate RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 80,443 /* 100 allow http and https access */ DROP all -- 0.0.0.0/0 0.0.0.0/0 /* 999 drop all */
Thank for your time and support Regards El miércoles, 2 de julio de 2014 06:23:46 UTC-3, Cory Stoker escribió: > > Hmm... > > Do you have plugin sync turned on in the agent config? Should see > something like pluginsync = true in your puppet.conf. The error > specified seems to be having an issue fining the type which is sync'ed > from the master to the agents through plugin sync. > > On Tue, Jul 1, 2014 at 1:50 PM, Pablo Morales <[email protected] > <javascript:>> wrote: > > If it helps this is what I see when running in debug mode: > > > > debug: /Stage[main]/My_fw::Post/Firewall[999 drop all]/require: requires > > Class[My_fw::Pre] > > debug: /Stage[main]/My_fw::Pre/Firewall[001 accept all to lo > > interface]/before: requires Firewall[002 accept related established > rules] > > debug: /Stage[main]/Firewall::Linux::Redhat/require: requires > > Package[iptables] > > debug: /Stage[main]/My_fw::Pre/Firewall[000 accept all icmp]/before: > > requires Firewall[001 accept all to lo interface] > > debug: /Stage[main]/My_fw::Pre/Firewall[100 allow http and https > > access]/before: requires Class[My_fw::Post] > > debug: /Stage[main]/My_fw::Pre/Firewall[002 accept related established > > rules]/before: requires Class[My_fw::Post] > > debug: /Stage[main]/Users/User[pepe]: Autorequiring Group[shame] > > debug: /Schedule[daily]: Skipping device resources because running on a > host > > debug: /Schedule[monthly]: Skipping device resources because running on > a > > host > > debug: /Schedule[hourly]: Skipping device resources because running on a > > host > > debug: /Schedule[never]: Skipping device resources because running on a > host > > debug: Prefetching yum resources for package > > debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm > --version' > > debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm -qa > > --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| > %{VERSION} > > %{RELEASE} %{ARCH} > > '' > > debug: Service[iptables](provider=redhat): Executing '/sbin/service > iptables > > status' > > debug: Puppet::Type::Service::ProviderRedhat: Executing '/sbin/chkconfig > > iptables' > > > > > > El martes, 1 de julio de 2014 16:17:30 UTC-3, Pablo Morales escribió: > >> > >> Hi there guys > >> I'm new to puppet I thinks it's a great tool and I'm trying to > configure > >> some task to perform automatically like users and some services which I > had > >> no > >> problems until now with iptables, this is what I'v got > >> > >> server and client: > >> CentOS release 6.5 (Final) > >> > >> On client: > >> puppet-2.7.25-2.el6.noarch > >> > >> On server: > >> puppet-server-3.6.2-1.el6.noarch > >> puppet-3.6.2-1.el6.noarch > >> > >> I'm following this: > >> https://forge.puppetlabs.com/puppetlabs/firewall > >> > >> My config on server: > >> /etc/puppet/modules/my_fw/manifests > >> post.pp > >> pre.pp > >> class my_fw::post { > >> firewall { '999 drop all': > >> proto => 'all', > >> action => 'drop', > >> before => undef, > >> } > >> } > >> > >> class my_fw::pre { > >> Firewall { > >> require => undef, > >> } > >> > >> # Default firewall rules > >> firewall { '000 accept all icmp': > >> proto => 'icmp', > >> action => 'accept', > >> }-> > >> firewall { '001 accept all to lo interface': > >> proto => 'all', > >> iniface => 'lo', > >> action => 'accept', > >> }-> > >> firewall { '002 accept related established rules': > >> proto => 'all', > >> ctstate => ['RELATED', 'ESTABLISHED'], > >> action => 'accept', > >> } > >> > >> firewall { '100 allow http and https access': > >> port => [80, 443], > >> proto => tcp, > >> action => accept, > >> } > >> > >> } > >> > >> /etc/puppet/manifests > >> site.pp > >> # tell puppet on which client to run the class > >> node slnxserver { > >> > >> include users > >> > >> #resources { "firewall": > >> #purge => true > >> #} > >> > >> Firewall { > >> before => Class['my_fw::post'], > >> require => Class['my_fw::pre'], > >> } > >> > >> class { ['my_fw::pre', 'my_fw::post']: } > >> class { 'firewall': } > >> } > >> > >> On the client I see the following: > >> tail -f /var/log/messages > >> Jul 1 16:01:09 slnxserver puppet-agent[16431]: Finished catalog run in > >> 0.35 seconds > >> Jul 1 16:02:41 slnxserver puppet-agent[16431]: Finished catalog run in > >> 0.33 seconds > >> Jul 1 16:04:13 slnxserver puppet-agent[16431]: Finished catalog run in > >> 0.30 seconds > >> Jul 1 16:05:45 slnxserver puppet-agent[16431]: Finished catalog run in > >> 0.28 seconds > >> Jul 1 16:07:17 slnxserver puppet-agent[16431]: Finished catalog run in > >> 0.29 seconds > >> > >> No problems reported, but it seems the iptables rules are not applied, > am > >> I missing somthing else? > >> > >> The 80:443 ports is not applied: > >> > >> iptables -nL > >> Chain INPUT (policy ACCEPT) > >> target prot opt source destination > >> > >> Chain FORWARD (policy ACCEPT) > >> target prot opt source destination > >> > >> Chain OUTPUT (policy ACCEPT) > >> target prot opt source destination > >> > >> If I uncomment the resource statement above I get: > >> puppet-agent[16431]: Failed to apply catalog: Parameter name failed on > >> Resources[firewall]: Could not find resource type 'firewall' at > >> /etc/puppet/manifests/site.pp:8 > >> > >> > >> Thanks for your time and support, any help appreciated. > >> Regards > >> > >> > >> > > -- > > You received this message because you are subscribed to the Google > Groups > > "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/puppet-users/29178a3d-d0ba-4601-9a8b-5af39276261f%40googlegroups.com. > > > > > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f243d66b-7548-4a9c-96f7-e880dd79d8e0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
