- RHEL 5.1 - Puppet 0.24.7 - Puppetmaster and client on the same host This is all puppet-code for node "mynode" : node ''mynode'' { service { iptables: ensure => stopped, } service { crond: ensure => stopped, } } [root@mynode]# service iptables start Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] Applying iptables firewall rules: [ OK ] [root@mynode# service crond start Starting crond: [ OK ] [root@mynode]# puppetd --server mynode --test info: Caching catalog at /var/lib/puppet/localconfig.yaml notice: Starting catalog run notice: //Node[mynode]/Service[crond]/ensure: ensure changed ''running'' to ''stopped'' notice: Finished catalog run in 0.37 seconds [root@mynode]# service crond status crond is stopped [root@mynode]# service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 Chain FORWARD (policy DROP) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination [root@mynode]# As you can see I first start crond and iptables, then execute puppet, and finally check the result. Crond stops, but not iptables even if that is what I (think I) specified in the manifest. Do you have any suggetions for how I can solve this? Thanks, Erling Erling --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Thomas Bellman
2009-Jan-22 14:01 UTC
[Puppet Users] Re: RHEL 5.1 + Puppet 0.24.7, iptables not stopping
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ere wrote: | As you can see I first start crond and iptables, then execute puppet, | and finally check the result. | Crond stops, but not iptables even if that is what I (think I) | specified in the manifest. The problem is that by default the service type doesn''t use the init script to check the service''s status. Instead it look in the process table for a process named "iptables", and if it doesn''t find it, it will assume the service is stopped. You need to specify ''hasstatus => true'' for it to work the right way. /Thomas Bellman -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkl4fDUACgkQDGpP8Cv3aqLjNQCdGTRN2V+K2Uciau0QqS8Vhz2B FjcAn1FMXWOGX6stIgkXMG9UvZdoIqzS =qpX2 -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
ere
2009-Jan-22 14:10 UTC
[Puppet Users] Re: RHEL 5.1 + Puppet 0.24.7, iptables not stopping
On 22 Jan, 15:01, Thomas Bellman <bell...@nsc.liu.se> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ere wrote: > > | As you can see I first start crond and iptables, then execute puppet, > | and finally check the result. > | Crond stops, but not iptables even if that is what I (think I) > | specified in the manifest. > > The problem is that by default the service type doesn''t use the init > script to check the service''s status. Instead it look in the process > table for a process named "iptables", and if it doesn''t find it, it > will assume the service is stopped. > > You need to specify ''hasstatus => true'' for it to work the right way.Thanks for your reply. My manifest works now. What confused me was the different behavior for two services. I also read in the type reference, but did not realize that the hasstatus attribute applied to my problem. Thanks, Erling --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---