Puppetlabs-firewall Module isfragment Parser error

0
votes

I have successfully installed and tested Puppetlabs-firewall module 1.7.0 with puppetserver 1.0.8 and with two fresh nodes running rhel 6.6 and puppet agent 3.7.5

I took one of our existing rhel 6.6 boxes and tried running the agent on it but I'm getting the following error:

Error: /Stage[main]/Main/Resources[firewall]: Failed to generate additional resources using 'generate': Parser error: isfragment was meant to be a boolean but received value: 8.

I confirmed the version of iptables (1.4.7) was the same as my two test nodes.

Does anyone have any suggestions what else could be causing this error?

Here's the output of puppet resource firewall --debug --verbose:

Debug: Runtime environment: run_mode=user, ruby_version=1.8.7, puppet_version=3.7.5
Debug: Puppet::Type::Firewall::ProviderIptables: [instances]
Debug: Executing '/sbin/iptables-save'
Error: Could not run: Parser error: isfragment was meant to be a boolean but received value: 8.
1
puppetiptablesrhel6
Can you paste the iptables-save output somewhere and link it to the question? - Felix Frank
Your comment prompted me to turn off iptables and try running the agent again. Something in the existing rules was causing the problem. Thank you! - jacoulter
Could you try and reproduce the original conditions though? Sounds like a bug in the type/provider. - Felix Frank
I don't know how I could do that without publishing my employer's firewall rules and I'd rather not do that. I'll try to figure what in the existing rules was causing the parse error and file a bug report. - jacoulter

1 Answers

0
votes

Something in the existing rules caused the error.

I executed service iptables stop and reran the puppet agent. The new rules were installed without errors.

I believe the firewall module parses the output of iptables-save and that was causing the problem.