I am using the puppetlabs firewall module and i get the following error on
the agent
once i downloaded the puppet module i created another module called my*fw
for pre and post.pp files my*fw/manifests/pre.pp my_fw/manifests/post.pp
and in my site.pp i included these lines
resources { "firewall":
purge => true}Firewall {
before => Class[''my_fw::post''],
require => Class[''my_fw::pre''],}class {
[''my_fw::pre'', ''my_fw::post'']: }class {
''firewall'': }
i see this error on the daemon.log of the agent machine
Aug 28 17:11:07 dev2-db puppet-agent[5154]:
(/Stage[main]//Node[dev2-db]/Resources[firewall]) Failed to generate additional
resources using ''generate'': Invalid address from IPAddr.new:
!Aug 28 17:11:08 dev2-db puppet-agent[5154]: Could not prefetch firewall
provider ''iptables'': Invalid address from IPAddr.new: !Aug 28
17:11:08 dev2-db puppet-agent[5154]: (/Firewall[000 accept all icmp]) Could not
evaluate: Invalid address from IPAddr.new: !
Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo
interface]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28
17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface])
Skipping because of failed dependencies
Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related
established rules]) Dependency Firewall[000 accept all icmp] has failures:
trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related
established rules]) Skipping because of failed dependencies
Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Dependency
Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db
puppet-agent[5154]: (/Firewall[999 drop all]) Skipping because of failed
dependenciesAug 28 17:11:08 dev2-db puppet-agent[5154]: Finished catalog run in
1.19 seconds
if anyone has any prior experience with this, please let me know
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Ashley Penney
2013-Aug-29 12:34 UTC
Re: [Puppet Users] pupplet-labs/firewall module errors
On Thu, Aug 29, 2013 at 12:57 AM, Amol Kedar <ajkedar@gmail.com> wrote:> i see this error on the daemon.log of the agent machine > > Aug 28 17:11:07 dev2-db puppet-agent[5154]: (/Stage[main]//Node[dev2-db]/Resources[firewall]) Failed to generate additional resources using ''generate'': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: Could not prefetch firewall provider ''iptables'': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[000 accept all icmp]) Could not evaluate: Invalid address from IPAddr.new: ! > Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Skipping because of failed dependencies > Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Skipping because of failed dependencies > Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Skipping because of failed dependenciesAug 28 17:11:08 dev2-db puppet-agent[5154]: Finished catalog run in 1.19 seconds > > if anyone has any prior experience with this, please let me know >I haven''t seen this before but - can you show me a full iptables from an existing client, a full ifconfig, and maybe even the result of: $ irb irb(main):002:0> require ''ipaddr'' => true irb(main):003:0> IPAddr.new => #<IPAddr: IPv6:0000:0000:0000:0000:0000:0000:0000:0000/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff> That''s what I get for a plain call to IPAddr.new, I''m wondering what you''re getting. -- Ashley Penney ashley.penney@puppetlabs.com Module Engineer *Join us at PuppetConf 2014, September 23-24 in San Francisco* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
I''m getting this same error, but for me it shows up from a basic puppet
resource firewall;
root@drawer:/etc/puppet/environments/development/modules# puppet resource
firewall
Error: Could not run: Invalid address from IPAddr.new: !
root@drawer:/etc/puppet/environments/development/modules# irb
irb(main):001:0> require ''ipaddr''
=> true
irb(main):002:0> IPAddr.new
=> #<IPAddr:
IPv6:0000:0000:0000:0000:0000:0000:0000:0000/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff>
My ip config;
root@drawer:/etc/puppet/environments/development/modules# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP qlen 1000
link/ether 00:25:90:a7:98:79 brd ff:ff:ff:ff:ff:ff
inet 208.115.208.242/29 brd 208.115.208.247 scope global eth0
inet6 fe80::225:90ff:fea7:9879/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP qlen 1000
link/ether 00:25:90:a7:98:78 brd ff:ff:ff:ff:ff:ff
inet 10.4.16.194/30 brd 10.4.16.195 scope global eth1
inet6 fe80::225:90ff:fea7:9878/64 scope link
valid_lft forever preferred_lft forever
On Thursday, August 29, 2013 5:34:34 AM UTC-7, Ashley Penney
wrote:>
> On Thu, Aug 29, 2013 at 12:57 AM, Amol Kedar
<ajk...@gmail.com<javascript:>
> > wrote:
>
>> i see this error on the daemon.log of the agent machine
>>
>> Aug 28 17:11:07 dev2-db puppet-agent[5154]:
(/Stage[main]//Node[dev2-db]/Resources[firewall]) Failed to generate additional
resources using ''generate'': Invalid address from IPAddr.new:
!Aug 28 17:11:08 dev2-db puppet-agent[5154]: Could not prefetch firewall
provider ''iptables'': Invalid address from IPAddr.new: !Aug 28
17:11:08 dev2-db puppet-agent[5154]: (/Firewall[000 accept all icmp]) Could not
evaluate: Invalid address from IPAddr.new: !
>> Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all
to lo interface]) Dependency Firewall[000 accept all icmp] has failures: trueAug
28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo
interface]) Skipping because of failed dependencies
>> Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept
related established rules]) Dependency Firewall[000 accept all icmp] has
failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept
related established rules]) Skipping because of failed dependencies
>> Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all])
Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08
dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Skipping because of failed
dependenciesAug 28 17:11:08 dev2-db puppet-agent[5154]: Finished catalog run in
1.19 seconds
>>
>> if anyone has any prior experience with this, please let me know
>>
> I haven''t seen this before but - can you show me a full iptables
from an
> existing client, a full ifconfig, and maybe even the result of:
>
> $ irb
> irb(main):002:0> require ''ipaddr''
> => true
> irb(main):003:0> IPAddr.new
> => #<IPAddr:
>
IPv6:0000:0000:0000:0000:0000:0000:0000:0000/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff>
>
> That''s what I get for a plain call to IPAddr.new, I''m
wondering what
> you''re getting.
>
> --
> Ashley Penney
> ashley...@puppetlabs.com <javascript:>
> Module Engineer
>
> *Join us at PuppetConf 2014, September 23-24 in San Francisco*
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5e4c10a6-a405-4bb9-bbe9-0996ec0cd577%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
I''m getting the same error. Any progress on this? Thanks, Tomas On Tuesday, 5 November 2013 21:42:26 UTC+1, James Loosli wrote:> > I''m getting this same error, but for me it shows up from a basic puppet > resource firewall; > > root@drawer:/etc/puppet/environments/development/modules# puppet resource > firewall > > Error: Could not run: Invalid address from IPAddr.new: ! > > root@drawer:/etc/puppet/environments/development/modules# irb > > irb(main):001:0> require ''ipaddr'' > > => true > > irb(main):002:0> IPAddr.new > > => #<IPAddr: > IPv6:0000:0000:0000:0000:0000:0000:0000:0000/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff> > > My ip config; > > root@drawer:/etc/puppet/environments/development/modules# ip addr > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN > > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > inet 127.0.0.1/8 scope host lo > > inet6 ::1/128 scope host > > valid_lft forever preferred_lft forever > > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state > UP qlen 1000 > > link/ether 00:25:90:a7:98:79 brd ff:ff:ff:ff:ff:ff > > inet 208.115.208.242/29 brd 208.115.208.247 scope global eth0 > > inet6 fe80::225:90ff:fea7:9879/64 scope link > > valid_lft forever preferred_lft forever > > 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state > UP qlen 1000 > > link/ether 00:25:90:a7:98:78 brd ff:ff:ff:ff:ff:ff > > inet 10.4.16.194/30 brd 10.4.16.195 scope global eth1 > > inet6 fe80::225:90ff:fea7:9878/64 scope link > > valid_lft forever preferred_lft forever > > > On Thursday, August 29, 2013 5:34:34 AM UTC-7, Ashley Penney wrote: >> >> On Thu, Aug 29, 2013 at 12:57 AM, Amol Kedar <ajk...@gmail.com> wrote: >> >>> i see this error on the daemon.log of the agent machine >>> >>> Aug 28 17:11:07 dev2-db puppet-agent[5154]: (/Stage[main]//Node[dev2-db]/Resources[firewall]) Failed to generate additional resources using ''generate'': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: Could not prefetch firewall provider ''iptables'': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[000 accept all icmp]) Could not evaluate: Invalid address from IPAddr.new: ! >>> Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Skipping because of failed dependencies >>> Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Skipping because of failed dependencies >>> Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Skipping because of failed dependenciesAug 28 17:11:08 dev2-db puppet-agent[5154]: Finished catalog run in 1.19 seconds >>> >>> if anyone has any prior experience with this, please let me know >>> >> I haven''t seen this before but - can you show me a full iptables from an >> existing client, a full ifconfig, and maybe even the result of: >> >> $ irb >> irb(main):002:0> require ''ipaddr'' >> => true >> irb(main):003:0> IPAddr.new >> => #<IPAddr: >> IPv6:0000:0000:0000:0000:0000:0000:0000:0000/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff> >> >> That''s what I get for a plain call to IPAddr.new, I''m wondering what >> you''re getting. >> >> -- >> Ashley Penney >> ashley...@puppetlabs.com >> Module Engineer >> >> *Join us at PuppetConf 2014, September 23-24 in San Francisco* >> >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e1fa4f9d-cbae-45c3-8c84-2481169a0422%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.