use firewall class for package and firewalld fix, CentOS7 #2
Conversation
|
Thanks @marcofl, I will try to test this out soon. I have been slow to migrate to CentOS 7 so I had not noticed any issues. I also need to look into this travis build failure. |
|
@andrewkroh I just tested this on ubuntu 14.04, this also fixes the installation of iptables-persistent and other packages handled by "puppetlabs-firewall" here. |
|
@marcofl I testing for regressions against centos 6 and it worked good. Once we get these tests passing and merge this I will update the supported OS matrix with RHEL/CentOS 7 and Ubuntu 14.04. I do not see what is causing the test to fail. It is failing both locally for me and on travis. The error is:
|
|
this error is coming from puppetlabs-firewall. It checks the kernel fact which has to be 'Linux' and this seems to be empty on travis tests? I don't no much about tests though... |
|
That was the same hypothesis I came to, but this unfortunately disproves it. Earlier I ran |
|
true, otherwise puppetlabs-firewall wouldn't pass either :-) |
as firewalld is the default in CentOS7 / RHEL7 now, there is no iptables-services and firewalld is controlling the firewall. puppetlabs-firewall does handle this but only if you call the "firewall" class before the firewall resources. that's what this change does.
the puppet run is still very unclean because firewalld is stopped which removes a lot of chains and rules and then firewall purge tries to delete those chains / rules. I think this is a known issue with puppetlabs-firewall, not sure though.