Expected Behavior
Runs without errors in Centos 6.9 (and later)
Actual Behavior
Repeatedly tries to downgrade iptables-1.4.7-16.el6.x86_64 to iptables-1.4.7.el6.x86_64 which generates an error in puppet 3.8 and so faile to restart iptables service because of a dependency failure
Steps to Reproduce the Problem
- Running puppet to install a very simple ip tables rule set under centos 6.9 and example42-firewall (2.1.3)
Specifications
Please add this info:
- Output of
facter -p on the failing node (at least the OS related facts)
rpm-qa.txt
facter-p.txt
- Version of Puppet and of the module
Puppet modules (from master):
/etc/puppet/modules
├── androidstudio (???)
├─┬ domcleal-augeasproviders (v1.2.0)
│ └── puppetlabs-stdlib (v4.2.2)
├── x2go (???)
├─┬ herculesteam-augeasproviders_shellvar (v2.2.1)
│ └── herculesteam-augeasproviders_core (v2.1.3)
├── maestrodev-wget (v1.7.0)
├── criticalupdate (???)
├─┬ csncl-cs42_firewall (v0.1.0)
│ └─┬ cs-example42_firewall (v2.1.3)
│ ├── example42-puppi (v2.1.10)
│ └─┬ example42-iptables (v2.1.15)
│ └── puppetlabs-concat (v2.1.0)
├── cs_auth3 (v1.9.0)
├─┬ csncl-cs_firewall (v0.1.0)
│ └── puppetlabs-firewall (v1.7.1)
├── cs_licenses (???)
├── csncl-cs_local_users (v0.1.0)
├── cs_motd (v0.1.0)
├── cs_sysctl (v0.5.0)
├── csncl-cssupportedit (v0.1.0)
├── stahnma-epel (v1.0.0)
├── weeklyupdate (???)
├── csncl-templatemodule (v0.1.0)
├── rohlfs-gconf (v0.0.6)
├── csncl-groups (v0.1.0)
├── hourlycron (???)
├── interfaces (???)
├── saz-resolv_conf (v3.0.5)
├── sessionm-puppet_r (v0.0.2)
├── helen-lightdm (v0.1.0)
├── puppetlabs-lvm (v0.9.0)
├── ncl-matlab (v0.1.0)
├── reboot (???)
├─┬ example42-network (v3.1.5)
│ └── example42-stdmod (v0.0.4)
├─┬ example42-nrpe (v2.0.12)
│ ├── UNMET DEPENDENCY example42-firewall (>= 2.0.0)
│ └── example42-monitor (v2.0.1)
├── puppetlabs-ntp (v1.0.0-rc1)
├── openstack (???)
├── thias-postfix (v0.3.3)
├── rcoleman-puppet_module (v0.0.3)
├── razorsedge-network (v3.4.0)
└── kdm (???)
- The relevant Puppet code and eventually Hiera data
I wonder if the following patch might address this issue - but only until the version of Centos is changed. I think something better is needed... Can someone (at least) explain why this version of the firewall needs to be pinned to a specific version of the iptables package?
--- modules/firewall/spec/unit/facter/iptables_spec.rb (revision 5641)
+++ modules/firewall/spec/unit/facter/iptables_spec.rb (working copy)
@@ -11,7 +11,7 @@
it {
allow(Facter::Util::Resolution).to receive(:exec).with('iptables --version').
and_return('iptables v1.4.7')
-
Facter.fact(:iptables_version).value.should == '1.4.7'
-
Facter.fact(:iptables_version).value.should =~ /^1\.4\.7\W/
end
@@ -18,6 +18,6 @@
describe 'ip6tables_version' do
before { allow(Facter::Util::Resolution).to receive(:exec).
with('ip6tables --version').and_return('ip6tables v1.4.7') }
- it { Facter.fact(:ip6tables_version).value.should == '1.4.7' }
- it { Facter.fact(:ip6tables_version).value.should =~ /^1.4.7\W/ }
end
end
Thanks.. Chris Ritson.
Expected Behavior
Runs without errors in Centos 6.9 (and later)
Actual Behavior
Repeatedly tries to downgrade iptables-1.4.7-16.el6.x86_64 to iptables-1.4.7.el6.x86_64 which generates an error in puppet 3.8 and so faile to restart iptables service because of a dependency failure
Steps to Reproduce the Problem
Specifications
Please add this info:
facter -pon the failing node (at least the OS related facts)rpm-qa.txt
facter-p.txt
Puppet modules (from master):
/etc/puppet/modules
├── androidstudio (???)
├─┬ domcleal-augeasproviders (v1.2.0)
│ └── puppetlabs-stdlib (v4.2.2)
├── x2go (???)
├─┬ herculesteam-augeasproviders_shellvar (v2.2.1)
│ └── herculesteam-augeasproviders_core (v2.1.3)
├── maestrodev-wget (v1.7.0)
├── criticalupdate (???)
├─┬ csncl-cs42_firewall (v0.1.0)
│ └─┬ cs-example42_firewall (v2.1.3)
│ ├── example42-puppi (v2.1.10)
│ └─┬ example42-iptables (v2.1.15)
│ └── puppetlabs-concat (v2.1.0)
├── cs_auth3 (v1.9.0)
├─┬ csncl-cs_firewall (v0.1.0)
│ └── puppetlabs-firewall (v1.7.1)
├── cs_licenses (???)
├── csncl-cs_local_users (v0.1.0)
├── cs_motd (v0.1.0)
├── cs_sysctl (v0.5.0)
├── csncl-cssupportedit (v0.1.0)
├── stahnma-epel (v1.0.0)
├── weeklyupdate (???)
├── csncl-templatemodule (v0.1.0)
├── rohlfs-gconf (v0.0.6)
├── csncl-groups (v0.1.0)
├── hourlycron (???)
├── interfaces (???)
├── saz-resolv_conf (v3.0.5)
├── sessionm-puppet_r (v0.0.2)
├── helen-lightdm (v0.1.0)
├── puppetlabs-lvm (v0.9.0)
├── ncl-matlab (v0.1.0)
├── reboot (???)
├─┬ example42-network (v3.1.5)
│ └── example42-stdmod (v0.0.4)
├─┬ example42-nrpe (v2.0.12)
│ ├── UNMET DEPENDENCY example42-firewall (>= 2.0.0)
│ └── example42-monitor (v2.0.1)
├── puppetlabs-ntp (v1.0.0-rc1)
├── openstack (???)
├── thias-postfix (v0.3.3)
├── rcoleman-puppet_module (v0.0.3)
├── razorsedge-network (v3.4.0)
└── kdm (???)
I wonder if the following patch might address this issue - but only until the version of Centos is changed. I think something better is needed... Can someone (at least) explain why this version of the firewall needs to be pinned to a specific version of the iptables package?
--- modules/firewall/spec/unit/facter/iptables_spec.rb (revision 5641)
+++ modules/firewall/spec/unit/facter/iptables_spec.rb (working copy)
@@ -11,7 +11,7 @@
it {
allow(Facter::Util::Resolution).to receive(:exec).with('iptables --version').
and_return('iptables v1.4.7')
end
@@ -18,6 +18,6 @@
describe 'ip6tables_version' do
before { allow(Facter::Util::Resolution).to receive(:exec).
with('ip6tables --version').and_return('ip6tables v1.4.7') }
end
end
Thanks.. Chris Ritson.