puppetlabs-firewall
puppetlabs-firewall copied to clipboard
puppetlabs
Could not autoload puppet/provider/firewall/iptables: Firewall is not a class
Describe the Bug
Trying to build with the r10k and module of the version 7.0.2. I get the next output
Command: /opt/puppetlabs/bin/puppet generate types --environment upd --environmentpath /etc/puppetlabs/code/environments --config /etc/puppetlabs/puppet/puppet.conf
Stdout:
Notice: Generating Puppet resource types.
Stderr:
Error: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.9.0/lib/puppet/resource_api.rb:36: previous definition of Firewall was here
Error: Could not autoload puppet/provider/firewall/ip6tables: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.9.0/lib/puppet/resource_api.rb:36: previous definition of Firewall was here
Error: Failed to load custom type 'firewall' from '/etc/puppetlabs/code/environments/upd/modules/firewall/lib/puppet/type/firewall.rb': Could not autoload puppet/provider/firewall/ip6tables: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.9.0/lib/puppet/resource_api.rb:36: previous definition of Firewall was here
Error: Could not autoload puppet/provider/firewallchain/iptables_chain: uninitialized constant Puppet::Util::Firewall
Error: Failed to load custom type 'firewallchain' from '/etc/puppetlabs/code/environments/upd/modules/firewall/lib/puppet/type/firewallchain.rb': Could not autoload puppet/provider/firewallchain/iptables_chain: uninitialized constant Puppet::Util::Firewall
Expected Behavior
No error
Steps to Reproduce
Steps to reproduce the behavior:
- Use module of the version
7.0.2 - Build env
Environment
- module
7.0.2 - Puppet
8.2.1
Also seeing this but with Puppet 7.25.0:
Error: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.8.16/lib/puppet/resource_api.rb:36: previous definition of Firewall was here
Error: Could not autoload puppet/provider/firewall/ip6tables: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.8.16/lib/puppet/resource_api.rb:36: previous definition of Firewall was here
Error: Failed to load custom type 'firewall' from '/etc/puppetlabs/code/environments/feature_puppetfile/external-modules/firewall/lib/puppet/type/firewall.rb': Could not autoload puppet/provider/firewall/ip6tables: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.8.16/lib/puppet/resource_api.rb:36: previous definition of Firewall was here
Warning: Unknown feature detected: ["custom_generate"]
Error: Could not autoload puppet/provider/firewallchain/iptables_chain: uninitialized constant Puppet::Util::Firewall
Error: Failed to load custom type 'firewallchain' from '/etc/puppetlabs/code/environments/feature_puppetfile/external-modules/firewall/lib/puppet/type/firewallchain.rb': Could not autoload puppet/provider/firewallchain/iptables_chain: uninitialized constant Puppet::Util::Firewall
Hi,
I am seeing the same behavior using puppet 7.26.0 on Ubuntu 18.04, is anyone aware of any workaround? Thanks!
+1 Running into this as well after upgrading when testing via puppet apply locally and when trying to generate types on Puppet server as well
Notice: Generating Puppet resource types.
Error: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.9.0/lib/puppet/resource_api.rb:36: previous definition of Firewall was here
Error: Could not autoload puppet/provider/firewall/ip6tables: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.9.0/lib/puppet/resource_api.rb:36: previous definition of Firewall was here
Error: Failed to load custom type 'firewall' from '/etc/puppetlabs/code/puppet-control/iptables_module/modules/firewall/lib/puppet/type/firewall.rb': Could not autoload puppet/provider/firewall/ip6tables: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.9.0/lib/puppet/resource_api.rb:36: previous definition of Firewall was here
Error: Could not autoload puppet/provider/firewallchain/iptables_chain: uninitialized constant Puppet::Util::Firewall
Error: Failed to load custom type 'firewallchain' from '/etc/puppetlabs/code/puppet-control/iptables_module/modules/firewall/lib/puppet/type/firewallchain.rb': Could not autoload puppet/provider/firewallchain/iptables_chain: uninitialized constant Puppet::Util::Firewall
puppetlabs-firewall (v7.0.2) puppet-agent-7.26 puppetserver-7.13.0
This is also causing issues with deploying modules via r10k in isolated environments because type generation is failing. I cleared the resource_types cache for this environment, and regenerated via r10k to end up with a new error
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, No such file or directory - /etc/puppetlabs/code/puppet-control/dev/.resource_types/firewall.pp
Is there a workaround for this? We're trying to adopt 7.0.2 as part of a major Puppetfile overhaul.
Just ran into this as well, when trying to go from 6.0.0 to 7.0.x puppetserver version: 7.13.0
I thought this might be related to environment isolation or caching when deploying modules via r10k, and have tried removing other environments, restarting puppetserver, and removing each environment's .resource_types cache with no luck. If there is anything else worth trying, I'm happy to continue to debug.
I still get intermittent errors where a couple of runs will be successful, and every few runs will fail with one of a few errors:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Could not autoload puppet/type/firewall: Could not autoload puppet/provider/firewall/firewall: no such file to load -- puppet_x/puppetlabs/firewall/ipcidr (file: /etc/puppetlabs/code/puppet-control/dev/profile_modules/profile/manifests/user.pp, line: 41, column: 3) on node host.example.com
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Could not autoload puppet/type/firewallchain: Could not autoload puppet/provider/firewallchain/firewallchain: no such file to load -- puppet_x/puppetlabs/firewall/ipcidr (file: /etc/puppetlabs/code/puppet-control/dev/profile_modules/profile/manifests/example/sample.pp, line: 40, column: 3) on node host.example.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Type generation consistently failing after deploying the module as well
sudo puppet generate types --environment dev
Notice: Generating Puppet resource types.
Error: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.9.0/lib/puppet/resource_api.rb:36: previous definition of Firewall was here
Error: Could not autoload puppet/provider/firewall/ip6tables: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.9.0/lib/puppet/resource_api.rb:36: previous definition of Firewall was here
Error: Failed to load custom type 'firewall' from '/etc/puppetlabs/code/puppet-control/dev/modules/firewall/lib/puppet/type/firewall.rb': Could not autoload puppet/provider/firewall/ip6tables: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.9.0/lib/puppet/resource_api.rb:36: previous definition of Firewall was here
Error: Could not autoload puppet/provider/firewallchain/iptables_chain: uninitialized constant Puppet::Util::Firewall
Error: Failed to load custom type 'firewallchain' from '/etc/puppetlabs/code/puppet-control/dev/modules/firewall/lib/puppet/type/firewallchain.rb': Could not autoload puppet/provider/firewallchain/iptables_chain: uninitialized constant Puppet::Util::Firewall
I am running into the same issue with firewall module version 7.0.2 and puppet 7.26.0 and also the same on error with puppet 8.2.3.
Any news on this issue? We get similar issues with firewall module 7.0.2 and puppet 7.27.0.
We do not get errors during execution of "puppet generate types" on the r10k created environment, but we get following errors afterwards:
Error: Could not autoload puppet/type/firewall: cannot load such file -- puppet/resource_api
Did you mean? puppet/resource
Error: Failed to apply catalog: Could not autoload puppet/type/firewall: cannot load such file -- puppet/resource_api
Did you mean? puppet/resource
If we remove the .resource_types folder from the environment again, we get following errors:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: no parameter named 'protocol' (file: /etc/puppetlabs/code/environments/develop/site/manifests/firewall/pre.pp, line: 28) on Firewall[004 accept all icmp (v6)] (file: /etc/puppetlabs/code/environments/develop/site/manifests/firewall/pre.pp, line: 28) on node node01.example.org
Got a workaround for this. On the (*nix) puppetserver search for files regarding firewall module in the Cache directory (vardir)
find $(puppet config print vardir) -ipath '*firewall*' -type f
and delete them
find $(puppet config print vardir) -ipath '*firewall*' -type f -delete
Then re-generate types:
puppet generate types --environment <environment>
Helped for me.
Any news on this issue? We get similar issues with firewall module 7.0.2 and puppet 7.27.0.
We do not get errors during execution of "puppet generate types" on the r10k created environment, but we get following errors afterwards:
Error: Could not autoload puppet/type/firewall: cannot load such file -- puppet/resource_api Did you mean? puppet/resource Error: Failed to apply catalog: Could not autoload puppet/type/firewall: cannot load such file -- puppet/resource_api Did you mean? puppet/resourceIf we remove the
.resource_typesfolder from the environment again, we get following errors:Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: no parameter named 'protocol' (file: /etc/puppetlabs/code/environments/develop/site/manifests/firewall/pre.pp, line: 28) on Firewall[004 accept all icmp (v6)] (file: /etc/puppetlabs/code/environments/develop/site/manifests/firewall/pre.pp, line: 28) on node node01.example.org
Same code with 6.0.0 version, replacing jump with action works fine (puppet 7.23.0), i was facing same error "Could not autoload puppet/type/firewall: cannot load such file -- puppet/resource_api"
+1 we have been plagued by this issue on every version of puppet7:
ERROR [puppetserver] Puppet Evaluation Error: Error while evaluating a Resource Statement, Could not autoload puppet/type/firewall: Could not autoload puppet/provider/firewall/firewall: no such file to load -- puppet_x/puppetlabs/firewall/ipcidr
FYI we were able to "solve" by hard coding the absolute path in the following files:
lib/puppet/provider/firewall/firewall.rb
lib/puppet/provider/firewallchain/firewallchain.rb
lib/puppet_x/puppetlabs/firewall/utility.rb
Example:
#require_relative '../../../puppet_x/puppetlabs/firewall/utility'
require '/opt/puppetlabs/puppet/cache/lib/puppet_x/puppetlabs/firewall/utility'
But I believe the actual problem is that this line should be relative in the utility lib:
#require 'puppet_x/puppetlabs/firewall/ipcidr'
should be:
require_relative 'ipcidr'
Issue present with agent 8.4.0 too while generating types:
[root@puppetmaster0 ~]# /opt/puppetlabs/bin/puppet generate types --environment development --force ... Error: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.9.0/lib/puppet/resource_api.rb:36: previous definition of Firewall was here Error: Could not autoload puppet/provider/firewall/ip6tables: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.9.0/lib/puppet/resource_api.rb:36: previous definition of Firewall was here Error: Failed to load custom type 'firewall' from '/etc/puppetlabs/code/environments/development/modules/firewall/lib/puppet/type/firewall.rb': Could not autoload puppet/provider/firewall/ip6tables: Could not autoload puppet/provider/firewall/iptables: Firewall is not a class /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppet-resource_api-1.9.0/lib/puppet/resource_api.rb:36: previous definition of Firewall was here Error: Could not autoload puppet/provider/firewallchain/iptables_chain: uninitialized constant Puppet::Util::Firewall Error: Failed to load custom type 'firewallchain' from '/etc/puppetlabs/code/environments/development/modules/firewall/lib/puppet/type/firewallchain.rb': Could not autoload puppet/provider/firewallchain/iptables_chain: uninitialized constant Puppet::Util::Firewall ... [root@puppetmaster0 ~]# /opt/puppetlabs/bin/puppet -V 8.4.0
Got a workaround for this. On the (*nix) puppetserver search for files regarding firewall module in the Cache directory (vardir)
find $(puppet config print vardir) -ipath '*firewall*' -type fand delete them
find $(puppet config print vardir) -ipath '*firewall*' -type f -deleteThen re-generate types:
puppet generate types --environment <environment>Helped for me.
This worked for me, serverversion 7.15.0 and agent 7.28.0
puppet generate types --environment <environment>Helped for me.
I tried this workaround and added the command in the r10k postrun hook. Unfortunately this creates another flaw. It takes a couple of seconds to regenerate the types and during this time the Puppetserver doesn't find these types. This leads to failed catalog compiles on our fairly busy Puppetserver (~800 clients) until the type generation is finished.
For me the whole issue is not yet fixed.
FYI we were able to "solve" by hard coding the absolute path in the following files:
lib/puppet/provider/firewall/firewall.rb lib/puppet/provider/firewallchain/firewallchain.rb lib/puppet_x/puppetlabs/firewall/utility.rbExample:
#require_relative '../../../puppet_x/puppetlabs/firewall/utility' require '/opt/puppetlabs/puppet/cache/lib/puppet_x/puppetlabs/firewall/utility'But I believe the actual problem is that this line should be relative in the utility lib:
#require 'puppet_x/puppetlabs/firewall/ipcidr'should be:
require_relative 'ipcidr'
I confirmed that with the modification inside the lib/puppet_x/puppetlabs/firewall/utility.rb file it works. we change
require 'puppet_x/puppetlabs/firewall/ipcidr'
by
require_relative 'ipcidr'
puppet generate types --environment <environment>Helped for me.
I tried this workaround and added the command in the r10k postrun hook. Unfortunately this creates another flaw. It takes a couple of seconds to regenerate the types and during this time the Puppetserver doesn't find these types. This leads to failed catalog compiles on our fairly busy Puppetserver (~800 clients) until the type generation is finished.
For me the whole issue is not yet fixed.
You don't need a hook for that. You only need it once when changing the version. No issues after single run of find $(puppet config print vardir) -ipath '*firewall*' -type f -delete and generate types.
puppet generate types --environment <environment>Helped for me.
I tried this workaround and added the command in the r10k postrun hook. Unfortunately this creates another flaw. It takes a couple of seconds to regenerate the types and during this time the Puppetserver doesn't find these types. This leads to failed catalog compiles on our fairly busy Puppetserver (~800 clients) until the type generation is finished. For me the whole issue is not yet fixed.
You don't need a hook for that. You only need it once when changing the version. No issues after single run of
find $(puppet config print vardir) -ipath '*firewall*' -type f -deleteand generate types.
That is correct. You only need to do it once. As far as i understand main problem is with an old providers that was left from the previous version. Cleaning up firewall cache and regenerating types fixes it. But you need to change path to ipcidr class or type generation will fail.
I will open PR soon with that fix, along with another 10-ish bug fixes that i encountered after upgrading from 3.1 to the latest version.
Okay, so i think this problem is not with this module in particular but is related to puppetserver itself or puppet-resource_api which new version is based on.
Notice: /File[/opt/puppetlabs/puppet/cache/lib/puppet/type/firewallchain.rb]/content: content changed '{sha256}1f0667056d636c6dec5ff0c1a4152e18bff95437e938774376acd705d440ad31' to '{sha256}6db125086d989c37f95c4e507ef433c8d67d64efa5e5f1566ab8fdbb0245c5ae'
Notice: /File[/opt/puppetlabs/puppet/cache/lib/puppet/util/firewall.rb]/ensure: removed
Notice: /File[/opt/puppetlabs/puppet/cache/lib/puppet/util/ipcidr.rb]/ensure: removed
Notice: /File[/opt/puppetlabs/puppet/cache/lib/puppet_x/puppetlabs/firewall]/ensure: created
Notice: /File[/opt/puppetlabs/puppet/cache/lib/puppet_x/puppetlabs/firewall/ipcidr.rb]/ensure: defined content as '{sha256}b7837181a5bfe4523afef521c253935a9e2f686733b54a775fdf05c04d8e73ce'
Notice: /File[/opt/puppetlabs/puppet/cache/lib/puppet_x/puppetlabs/firewall/utility.rb]/ensure: defined content as '{sha256}d89e07f887913849eac165c3ccdb72f82b14dc0a75396557e471227430b9ac92'
Info: Loading facts
Notice: Requesting catalog from puppet-dev:8140
Notice: Catalog compiled by xxx.zzz
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: no parameter named 'protocol' (file: /etc/puppetlabs/code/environments/dev/modules/drive/manifests/firewall/common.pp, line: 112) on Firewall[999 drop all logged incoming [v6]] (file: /etc/puppetlabs/code/environments/dev/modules/drive/manifests/firewall/common.pp, line: 112) on node xxx.zzz
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
root@xxx:~# service puppetserver restart
root@xxx:~# puppet agent -t --server puppet-dev --no-report --environment dev --noop --debug > test1
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Type-Name, Could not autoload puppet/type/firewallchain: Could not autoload puppet/provider/firewallchain/iptables_chain: uninitialized constant Puppet::Util::Firewall (file: /etc/puppetlabs/code/environments/dev/manifests/defaults.pp, line: 18, column: 1) on node xxx.zzz
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
root@xxx:~# puppet agent -t --server puppet-dev --no-report --environment dev --noop --debug > test2
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Virtual Query, Could not autoload puppet/type/firewall: Could not autoload puppet/provider/firewall/iptables: no such file to load -- puppet/provider/firewall (file: /etc/puppetlabs/code/environments/dev/modules/drive/manifests/firewall/common.pp, line: 6, column: 39) on node xxx.zzz
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
root@xxx:~# puppet agent -t --server puppet-dev --no-report --environment dev --noop --debug > test3
Before server restart it will return the same error over and over (no parameter named 'protocol') so i assume it is some kind of cache on puppetserver side. After you restart the server you need to run agent 3 times until it eventually run smoothly (yes, you actually don't need to do resource generation and cache deletion)
Is there someone who knows puppet-resource_api to confirm that it's not related to it? @david22swan sorry for tagging you in 😅
P.S. If you restart the server again you will encounter the same problem until you run agent several times. I've got a feeling that this is related to the fact that all the testing happens in non-default environment and actual production environment has the old version of the module with different providers. I would assume (i can be wrong) that puppetserver after restart loads providers sequentially env1, env2, envX.