Don't worry too much about the "Failed Dependency"; that's a red-herring in this case. It's not saying that you missed some configuration, it's saying that firewalld::reload class failed because something it was dependent on (the port) failed.
Looks like the fix should be easy: your code has the port number quoted as a string. The documentation says that it should be an integer. Take the quotes off your port value, and give it another shot. On Wednesday, August 28, 2019 at 4:34:45 PM UTC-4, Jean Berthold wrote: > > Hello everyone, > > ’m currently learning about Puppet and I can’t see where is the error in > my configuration… > > > I tested The following module to manage the CentOS firewall, firewalld. > > I > > > > Ok, following the instructions in the webpage: > https://forge.puppet.com/crayfishx/firewalld > > > > I installed themodule on the server (without special configuration) > > I included the following configuration on my node : > > > > *[root@srv-eldpupet-02 manifests]# cat site.pp* > > *node 'centos7-dev01.xxxx.local' { # Applies only to mentioned node; if > nothing mentioned, applies to all.* > > *include snmp* > > *include firewalld* > > > > *firewalld_service { 'Close dhcpv6-client':* > > * ensure => 'absent',* > > * service => 'dhcpv6-client',* > > * zone => 'public',* > > *}* > > *[root@srv-eldpupet-02 manifests]#* > > > > This configuration works correctly, the snmp service/package and the > firewalld service/package are installed. > > And the service « dhcpv6-client is deactivated correctly, so the > firewalld_service function correctly. > > > > Now, following the documentation, if I try to use the « firewall_port » > instruction, I have the following error on the client and the configuration > defined for firewalld_port is not applied : > > > > è *Don’t work !!!* > > > > *firewalld_port { 'Open port 161 in the public zone':* > > * ensure => 'present',* > > * zone => 'public',* > > * port => '161',* > > * protocol => 'tcp',* > > *}* > > > > è (Ffor opening the port dedicated to snmp…) > > > > > > With this configuration, I have the following error on my client : > > > > *[root@centos7-dev01 ~]# puppet agent -tv* > > *Info: Using configured environment 'production'* > > *Info: Retrieving pluginfacts* > > *Info: Retrieving plugin* > > *Info: Retrieving locales* > > *Info: Loading facts* > > *Info: Caching catalog for centos7-dev01.eldora.local* > > *Info: Applying configuration version '1566830315'* > > */opt/puppetlabs/puppet/cache/lib/puppet/type/firewalld_zone.rb:148: > warning: key :port is duplicated and overwritten on line 150* > > *Info: Redefining firewalld_service in Puppet::Type* > > *Info: Redefining firewalld_port in Puppet::Type* > > *Error: Execution of '/usr/bin/firewall-cmd --permanent --zone public > --add-port /' returned 102: Error: INVALID_PORT* > > *Error: > /Stage[main]/Main/Node[centos7-dev01.eldora.local]/Firewalld_port[Open port > 161 in the public zone]/ensure: change from 'absent' to 'present' failed: > Execution of '/usr/bin/firewall-cmd --permanent --zone public --add-port /' > returned 102: Error: INVALID_PORT* > > *Notice: /Stage[main]/Firewalld/Exec[firewalld::reload]: Dependency > Firewalld_port[Open port 161 in the public zone] has failures: true* > > *Warning: /Stage[main]/Firewalld/Exec[firewalld::reload]: Skipping because > of failed dependencies* > > *Notice: Applied catalog in 1.85 seconds* > > *[root@centos7-dev01 ~]#* > > > > > > When the « *firewalld_service »* instruction works without more > configuration, the « firewall_port » instruction fail due to « failed > dependencies »… > > I’m sure this is a newbie question… but I don’t find any documentation > about that error ! > > > > When I try to open the port by command line, no problem: > > > > *[root@centos7-dev01 ~]# firewall-cmd --zone=public --add-port=161/udp > --permanent* > > *success* > > *[root@centos7-dev01 ~]# firewall-cmd --zone=public --add-port=161/tcp > --permanent* > > *success* > > *[root@centos7-dev01 ~]#* > > > > Is there something to configure in the module itself before using > « firewalld_port » instruction ? > > > > By advance, thanks for your help and have a nice day ! > > > > Jean > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d5d23291-9b4f-46a7-add9-107cc79d12ef%40googlegroups.com.
