fail2ban::mode is not used as default for mode in fail2ban::jail resulting in a broken jail config in EL

[cruelsmith]

Under EL the changed $filter = '%(__name__)s[mode=%(mode)s]' from the 4.0.0 release created broken fail2ban::jail configs because it does not apply the default $fail2ban::mode. It also does not set it via the jail.conf like under Debian: https://github.com/lelutin/puppet-fail2ban/blob/321582b6e070db6803ce5de0acfee48edcc2e6b1/templates/debian/jail.conf.epp#L173-L174

Code refernces: https://github.com/lelutin/puppet-fail2ban/blob/86a14c438d67089ea11de39599e8369c17fbe490/manifests/init.pp#L79-L85 https://github.com/lelutin/puppet-fail2ban/blob/86a14c438d67089ea11de39599e8369c17fbe490/manifests/init.pp#L179 https://github.com/lelutin/puppet-fail2ban/blob/86a14c438d67089ea11de39599e8369c17fbe490/manifests/jail.pp#L160

Current workaround: Apply manual the mode to each fail2ban::jail or change the filter back to $filter = '%(__name__)s'

[lelutin]

thanks @cruelsmith for the bug report! and also @TwizzyDizzy for confirmation with emojis.

I should probably set myself up with an RHEL VM to check that up. and better still eventually it would be nice to have integration tests that run on the different supported distros in CI.

debian's configuration follows what's coming from upstream, e.g.

https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf#L161-L167

Do most filter files deployed with fail2ban on EL now contain the mode parameter?

a simple solution would be to add the definition of $mode to templates/redhat/jail.conf.epp so that there is a global value defined. This would remove the error that you see by default and it would be effectively the same as your workaround but defined only in one place. and if the filter files in EL support the mode param then it adds this config lever to users.

[lelutin]

I've just merged !68 to fix this issue. Thanks to @minorOffense for the fix!

I'll try and get around to making a release soon on forge