Search code examples
centos7devopspuppetdevops-services

How to apply the different firewall rules on multiple agents from Puppet master?

Network Topology:

Puppet Toplogy

Using puppet, I am trying to apply different firewall rules on agents.

In Puppet master have nodes.pp files contain info about all agents:

node 'agent1.com' {
  include firewall_node1
}

node 'agent2.com' {
  include firewall_node2
}

node 'agent3.com' {
  include firewall_node3
}

And have 3 classes to defined following firewall rules in rules.pp:

a. Open all incoming connection for 8083/tcp port on Agent1 and zone as public. 
b. Open all incoming connection for 9007/tcp port on Agent2 and zone as public. 
c. Open all incoming connection for 8097/tcp port on Agent3 and zone as public.

Classes are :

class firewall_node1 {
 firewalld_rich_rule { 'Open all incoming connection for 8083/tcp port on Agent1':
  ensure => present,
  zone   => 'public',
  log => {
    'level' => 'debug',
    'prefix' => 'puppetFirewallD'
  },
  port => {
   'port' => 8083,
   'protocol' => 'tcp'
  },
  action  => 'accept',
 }
}

class firewall_node2 {
 firewalld_rich_rule { 'Open all incoming connection for 9007/tcp port on Agent2':
  ensure => present,
  zone   => 'public',
  log => {
    'level' => 'debug',
    'prefix' => 'puppetFirewallD'
  },
  port => {
   'port' => 9007,
   'protocol' => 'tcp'
  },
  action  => 'accept',
 }
}
class firewall_node3 {
 firewalld_rich_rule { 'Open all incoming connection for 8097/tcp port on Agent3':
  ensure => present,
  zone   => 'public',
  log => {
    'level' => 'debug',
    'prefix' => 'puppetFirewallD'
  },
  port => {
   'port' => 8097,
   'protocol' => 'tcp'
  },
  action  => 'accept',
 }
}

When try to apply the above firewall rules, I am seeing below error:

root@agent1]# puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Unknown resource type: 'firewalld_rich_rule' (file: /etc/puppetlabs/code/environments/production/manifests/ruls.pp, line: 2, column: 2) on node agent1.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
[root@agent1]#

And idea this on to trobleshoot please?

Solution

  • Error: Unknown resource type: 'firewalld_rich_rule'

    After following this link: https://forge.puppet.com/puppet/firewalld/readme

    Found that 'puppet firewalld module' itself not installed.

    After installing this using 'puppet module install puppet-firewalld --version 4.3.0' command, able to apply firewall rules using puppet successfully.