Fix CentOS error

[frostyslav]

When executing on CentOS I get the following error:

iptables-restore v1.4.7: Can't set policy `INPUT' on `ACCEPT' line 4: Bad built-in chain name

On the following line: :INPUT ACCEPT [0:0] in the *nat table.

This commit should fix this.

[rtkrruvinskiy]

Could you tell us what CentOS version and kernel version you're seeing this with? I wonder if the kernel version check needs to be modified.

[frostyslav]

cat /etc/issue
CentOS release 6.5 (Final)

cat /proc/sys/kernel/osrelease
2.6.32-431.11.2.el6.x86_64

[rtkrruvinskiy]

Thanks for the information! The kernel version check on the line above the one where you made the change should have been sufficient, but for some reason it wasn't.

irb(main):009:0> Gem::Version.new(/\d+(\.\d+(.\d+)?)?/.match("2.6.32-431.11.2.el6.x86_64")[0]) > Gem::Version.new("2.6.35")
=> false

Could you run ohai and send us the value of kernel.release? Also, what Chef version and executable are you using (chef-client vs. chef-solo)?

[frostyslav]

Just want to thank you, I really appreciate your help.

ohai | less
  "kernel": {
    "name": "Linux",
    "release": "2.6.32-431.11.2.el6.x86_64",

chef-client --version
Chef: 11.10.4

[rtkrruvinskiy]

Thanks for your information. The if statement on line 3 should, as far as I can tell, work for you. When you were seeing the error, were you running the latest version of the cookbook? If you were, can you try replacing the Gem::Version if condition on that line with the following:

<% if Gem::Version.new(/\d+(\.\d+(.\d+)?)?/.match("2.6.32-431.11.2.el6.x86_64")[0]) > Gem::Version.new("2.6.35") -%>

and see if that makes it work for you? If that works, try verifying what node["kernel"]["release"] evaluates to during the Chef run?

[frostyslav]

Seems like the issue was somewhere on my side. I've bootstrapped the same node again with the same cookbooks and everything worked as it should. Thanks.