Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

firewalld Service Duplicate Declaration #82

Open
valerahime opened this issue Apr 12, 2021 · 2 comments
Open

firewalld Service Duplicate Declaration #82

valerahime opened this issue Apr 12, 2021 · 2 comments

Comments

@valerahime
Copy link
Contributor

valerahime commented Apr 12, 2021
edited
Loading

I'm running into another issue with two dependencies on this module, puppetlabs-firewall and puppet-firewalld. After switching to the GitHub repo in my Puppetfile, I've consistently been getting errors with the two modules duplicating a service declaration for firewalld. I ran into this before with this module, but updating to 3.0.0 on the Puppet Forge fixed it.

Here's the error:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: Service[firewalld] is already declared at (file: /etc/puppetlabs/code/environments/development/modules/firewall/manifests/linux/redhat.pp, line: 54); cannot redeclare (file: /etc/puppetlabs/code/environments/development/modules/firewalld/manifests/init.pp, line: 78) (file: /etc/puppetlabs/code/environments/development/modules/firewalld/manifests/init.pp, line: 78, column: 3) on node [redacted]

I've tried disabling the ensure_firewalld_service_is_enabled_and_running rule as I think that's the main cause of the conflict, but haven't had any luck. A quick grep of the rest of the rules points to ensure_a_firewall_package_is_installed.pp as a potential problem, but I don't believe my code is triggering its else conditional.

    else {
      class { '::firewalld':
        default_zone              => 'drop',
        schedule                  => 'harden_schedule',
        purge_direct_rules        => true,
        purge_direct_chains       => true,
        purge_direct_passthroughs => true,
      }
    }
@valerahime
Copy link
Contributor Author

Disabling both ensure_firewalld_service_is_enabled_and_running and ensure_a_firewall_package_is_installed fixed this particular issue, however I also needed to disable the following rules to get a full Puppet run. All ran into duplicate declaration errors.

  • ensure_nftables_is_not_enabled (Service[nftables] in the firewall module)
  • ensure_iptables_is_not_enabled (Package[iptables-services] in the firewall module)
  • ensure_sudo_is_installed (Package[sudo] in the sudo module)

@bryanjbelanger
Copy link
Collaborator

I'll take a look this weekend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bryanjbelanger @valerahime