Puppet Setup Firewall Rules - Error on validation

Hi

I have successfully configured the puppet module for the puppet setup firewall rules but it seems that there is an issue on your side to check my code.

Thanks for your help

On master node (install module, start service and allow connection):

puppet module install puppet-firewalld --version 4.4.0
service puppet start
firewall-cmd --zone=public --add-port=8140/tcp  --permanent
firewall-cmd --reload

site.pp:

node default {}
node 'stapp01.stratos.xfusioncorp.com' {
  include firewall_node1 
}

node 'stapp02.stratos.xfusioncorp.com' {
  include firewall_node2
}

node 'stapp03.stratos.xfusioncorp.com' {
  include firewall_node3
}

news.pp:

class { 'firewalld': }

class firewall_node1 {
  firewalld_port { 'Open port 3001 for App Server 1':
    ensure   => present,
    zone     => 'public',
    port     => 3001,
    protocol => 'tcp',
  }
}

class firewall_node2 {
  firewalld_port { 'Open port 9008 in the public zone':
    ensure   => present,
    zone     => 'public',
    port     => 9008,
    protocol => 'tcp',
  }
}

class firewall_node3 {
  firewalld_port { 'Open port 8092 in the public zone':
    ensure   => present,
    zone     => 'public',
    port     => 8092,
    protocol => 'tcp',
  }
}

puppet parser validate site.pp
puppet parser validate news.pp
puppet apply site.pp
puppet apply news.pp

then on apps servers

puppet agent -tv

Check with telnet from master : OK, all good

Hi guys,
I thought I had to switch my content in both pp files but it doesnt fix the issue.
Still '- ‘app server 1’ is not reachable on port ‘XXXX’

hi @lionel, sorry for the issue, this is marked pending for you, please give it an another try.

Hi Rahul, thanks but same issue, all seems ok on my side. Pretty sure you still have a validation error on your side :

Hi, @lionel I think configuring the firewall in jump_host was not required and it may be in error with the validation. As per the task, you don’t have to install the firewall service (this is not the same as installing puppet firewall module). Give it another try.

Hi Mihsan

Thanks for your reply

As soon as I install firewalld module on master as requested, and run puppet apply XXX.pp (with firewalld classes) to apply my pp files : firewalld is started on the master (jumphost) with no access to it from apps server
Moreover Puppet service is stopped

@lionel Do not use puppet apply command. puppet apply is to apply the manifest locally. This will make the config run on the master which is not expected in the task. You should use only the validate to check the syntax validation in the master.

With this code it’s better (I dont need to add the firewall rule since I have commented first line)
But still an issue even if I can telnet ports…
Had to reload firewalld in my playbook to make apps reload their config.

I have just seen your reply
Please respond to my review and I will try again :slight_smile:

OK Sure Good Luck. :+1:

All good, thank you so much !
I have learned a lot on Puppet with this one :smiley:
I guess the main error on my side was the puppet apply (I thought it was mandatory even for slaves…)
My bad !
Thanks again
Take care Mihsan

Thank you for confirming @lionel
:+1: