Hi
I have successfully configured the puppet module for the puppet setup firewall rules but it seems that there is an issue on your side to check my code.
Thanks for your help
Hi
I have successfully configured the puppet module for the puppet setup firewall rules but it seems that there is an issue on your side to check my code.
Thanks for your help
On master node (install module, start service and allow connection):
puppet module install puppet-firewalld --version 4.4.0
service puppet start
firewall-cmd --zone=public --add-port=8140/tcp --permanent
firewall-cmd --reload
site.pp:
node default {}
node 'stapp01.stratos.xfusioncorp.com' {
include firewall_node1
}
node 'stapp02.stratos.xfusioncorp.com' {
include firewall_node2
}
node 'stapp03.stratos.xfusioncorp.com' {
include firewall_node3
}
news.pp:
class { 'firewalld': }
class firewall_node1 {
firewalld_port { 'Open port 3001 for App Server 1':
ensure => present,
zone => 'public',
port => 3001,
protocol => 'tcp',
}
}
class firewall_node2 {
firewalld_port { 'Open port 9008 in the public zone':
ensure => present,
zone => 'public',
port => 9008,
protocol => 'tcp',
}
}
class firewall_node3 {
firewalld_port { 'Open port 8092 in the public zone':
ensure => present,
zone => 'public',
port => 8092,
protocol => 'tcp',
}
}
puppet parser validate site.pp
puppet parser validate news.pp
puppet apply site.pp
puppet apply news.pp
then on apps servers
puppet agent -tv
Check with telnet from master : OK, all good
Hi guys,
I thought I had to switch my content in both pp files but it doesnt fix the issue.
Still '- ‘app server 1’ is not reachable on port ‘XXXX’
Hi Rahul, thanks but same issue, all seems ok on my side. Pretty sure you still have a validation error on your side :
Hi, @lionel I think configuring the firewall in jump_host was not required and it may be in error with the validation. As per the task, you don’t have to install the firewall service (this is not the same as installing puppet firewall module). Give it another try.
Hi Mihsan
Thanks for your reply
As soon as I install firewalld module on master as requested, and run puppet apply XXX.pp (with firewalld classes) to apply my pp files : firewalld is started on the master (jumphost) with no access to it from apps server
Moreover Puppet service is stopped
@lionel Do not use puppet apply command. puppet apply is to apply the manifest locally. This will make the config run on the master which is not expected in the task. You should use only the validate to check the syntax validation in the master.
With this code it’s better (I dont need to add the firewall rule since I have commented first line)
But still an issue even if I can telnet ports…
Had to reload firewalld in my playbook to make apps reload their config.
I have just seen your reply
Please respond to my review and I will try again
OK Sure Good Luck.
All good, thank you so much !
I have learned a lot on Puppet with this one
I guess the main error on my side was the puppet apply (I thought it was mandatory even for slaves…)
My bad !
Thanks again
Take care Mihsan