puppetlabs-firewall icon indicating copy to clipboard operation
puppetlabs-firewall copied to clipboard

Published 20 hours ago verified publisher icon puppetlabs

any reference to "firewall { .. }" causes puppet to fail in a kickstart with Rocky8.5

Open sandynomad opened this issue 3 years ago • 5 comments

With 'firewall { .. }' in a manifest in a kickstart the puppet run always fails with:

Error: Could not prefetch firewall provider 'iptables': Execution of '/sbin/iptables-save' returned 1: iptables-save/1.8.4 Failed to initialize nft: Protocol not supported
Error: Failed to apply catalog: Execution of '/sbin/iptables-save' returned 1: iptables-save/1.8.4 Failed to initialize nft: Protocol not supported

The primary reason for this is that none of the nft modules are loaded with the install kernel:

root@ci-00: / # uname -r
4.18.0-348.el8.0.2.x86_64
root@ci-00: / # lsmod | grep nft
root@ci-00: / #

Ideally puppet could throw an error and then continue running, or alternatively have a flag to ignore errors during the kickstart phase.

sandynomad avatar Mar 02 '22 05:03 sandynomad

This issue has been marked as stale because it has been open for a while and has had no recent activity. If this issue is still important to you please drop a comment below and we will add this to our backlog to complete. Otherwise, it will be closed in 7 days.

github-actions[bot] avatar May 09 '22 02:05 github-actions[bot]

The issue still persists. It's been worked around by placing conditionals (either "if" or using "tags") near the use of the firewall module.

The thing that makes this difficult to solve is there is no "one true way" to know if puppet is running in a kickstart environment (or not).

sandynomad avatar May 09 '22 07:05 sandynomad

Thanks for the update!

I've removed the label from this PR and it will remain in our backlog of work!

chelnak avatar May 09 '22 10:05 chelnak

Hello! 👋

This issue has been open for a while and has had no recent activity. We've labelled it with attention-needed so that we can get a clear view of which issues need our attention.

If you are waiting on a response from us we will try and address your comments on a future Community Day.

Alternatively, if it is no longer relevant to you please close the issue with a comment.

github-actions[bot] avatar Aug 08 '22 02:08 github-actions[bot]

"The issue still persists. It's been worked around by placing conditionals (either "if" or using "tags") near the use of the firewall module."

sandynomad avatar Aug 08 '22 06:08 sandynomad

Hello! 👋

This issue has been open for a while and has had no recent activity. We've labelled it with attention-needed so that we can get a clear view of which issues need our attention.

If you are waiting on a response from us we will try and address your comments on a future Community Day.

Alternatively, if it is no longer relevant to you please close the issue with a comment.

github-actions[bot] avatar Nov 07 '22 02:11 github-actions[bot]