I just had this task as well, even after reading this page it was a nightmare to unravel what I thought that I needed to do.
Hello guys, Iām having hard times with this task
-
Task is asking me to install
puppet firewall module
but that module is related to iptables directly not to firewalld so Iām trying to solve it withpuppet firewalld module
as @andrzej said. (Task text is at the end) -
To achieve the task Iām trying to use the firewalld_port resource type as the example bellow for each class, but it seems not working.
Test 1: Curl from jump host to app server on specified port
Test 2: ssh to app server and checking usingfirewall-cmd --list-all
before and after runningpuppet agent --test
but there is no change at all even puppet command states successfully applied changes.
firewalld_port { 'Open port 8080 in the public zone':
ensure => present,
zone => 'public',
port => 8080,
protocol => 'tcp',
}
Any advise on what Iām doing wrong?, Thanks
Task:
OK, I have finally succeeded with this task.
Take care of this:
-
If your task is exactly the same as mine (see screenshot) it has an error: It is asking to use the āpuppet firewall moduleā (without ādā) but the correct module to use is the āpuppet firewalld moduleā (with ādā).
-
Watch examples of how to use the module, the āusageā section is important.
I hope this helps anyone having a hard time with this task.
Can you please let me know which resource type to use and what is the synatx ?
Also create a puppet programming file official.pp
under /etc/puppetlabs/code/environments/production/manifests
directory on puppet master node i.e on Jump Server and write code to perform below mention task.
- Install
puppet firewall module
onmaster
node i.e onJump Server
(you can install manually). - There are some different applications running on all three apps. One of the application is using port
6400
onApp server 1
,9006
onApp server 2
and8092
onApp server 3
. Complete below mentioned tasks:
a. Open all incoming connection for 6400/tcp
port on App Server 1
and zone should be public
.
b. Open all incoming connection for 9006/tcp
port on App Server 2
and zone should be public
.
c. Open all incoming connection for 8092/tcp
port on App Server 3
and zone should be public
.
@q69145 read my last two post as a guide and you will find how to use them in docs. It is not hard if you know the things to take care of.
@Inderpreetā¦Need your help. When I submitted this task I had 47 minutes left on the clock I had to wait for more than 3 -4 minutes to get the resultā¦I am not sure why I only got 180 bonus points instead of 300ā¦Also during the start, the description screen took 2 - 3 minutes to loadā¦Could you please check if the loading & validation is taking 5 - 6 minutes ? If so kindly update the points
@Inderpreet @Ayman @kodekloud-support3
or anyone else can help me out here? I am new to DevOps task.
when I run puppet agent -t, I got this error message
What I did wrong? Any tutorial I should read first to solve this task?
Thanks so much
Hello, tylorC
Have you tried with sudo. e.g. sudo puppet agent -tv
thanks sudo is working for it
Anyone can give some tips for my config?
If I set
node āstapp01.stratos.xfusioncorp.comā {
include firewall}
and the will open, but I believe the task will fail.
Helloā¦
I got task failed error:
- port ā8082ā is not found in firewall public zone on App Server 1
But this I had applied rich rule set:
[tony@stapp01 ~]$ sudo firewall-cmd --list-all --zone=public
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family=āipv4ā port port=ā8082ā protocol=ātcpā accept
curl from Jump host also workedā¦
curl http://172.16.238.10:8082
@Inderpreet @Ayman @mmumshad Can you please check⦠I checked all ports from just host and they worked.
So it seems i used [firewalld_rich_rule] instead of [firewalld_port]. This might have caused validation to fail but I dont think this was mentioned in the question.
Can you please check.
@salilpune1 We can mark it Pending
for you to give it an another try. Was this task assigned to you today itself ?
Hey @andrescaroc
what was the issue with this class function?
class firewall_node1 {
firewalld_port { āOpen port 6000 in the public zoneā:
ensure => present,
zone => āpublicā,
port => 6000,
protocol => ātcpā,
}
}
I am getting similar behaviours what you got before. puppet agent get the config applied with success, but there has been no change on the ports in public zone? how did you overcome that issue?
Iām also investigating this behavior.
I think it has to do with firewalld not reloading after manifest is deployed.
After pulling the manifest on Agent, try with firewall-cmd --reload and see if the port is now opened.
@nashwan Iām glad this tip helped.
This is mentioned among the lines in the doc shared by @andrzej https://forge.puppet.com/puppet/firewalld/readme
However, Itās not 100% clear to me the advise given there about this topic. If someone can help me to clarify it, Iād be good.
I was looking into Firewalld not reloading in 3.0 Ā· Issue #38 Ā· voxpupuli/puppet-firewalld Ā· GitHub. I found out that adding include firewalld inside the classes, at the beginning of each also works to solve this.
Hello @nashwan
The class function does not have issue, what I learned from docs is that you must declare the class { 'firewalld': }
specified in the usage section, this way:
class { 'firewalld': }
class firewall_node1 {
firewalld_port { 'Open port 6400 in the public zone':
ensure => present,
zone => 'public',
port => 6400,
protocol => 'tcp',
}
}
I hope this helps for everybody that is stuck with this task.
For sure, I think the documentation of this module could be better with an example of that āusageā statement within a code example, but this is what we have.
Regards