search

voxpupuli / puppet-firewalld

Puppet module for managing firewalld
Apache License 2.0
39 stars 77 forks source link

Server Error: no parameter named 'icmp_block_inversion' #365

Closed landrypm closed 7 months ago

landrypm commented 7 months ago

Affected Puppet, Ruby, OS and module versions/distributions

How to reproduce (e.g Puppet code you use)

Via Class:

firewalld_zone { 'ucss-test':
                ensure => 'present',
                target => '%%REJECT%%',
                purge_rich_rules => true,
                purge_services => true,
                purge_ports => true,
                icmp_blocks => 'echo-request',
                icmp_block_inversion => true,
}

Via Hieradata:

firewalld::zones:
  ucss-test:
    ensure: 'present'
    target: '%%REJECT%%'
    purge_rich_rules: true
    purge_services: true
    purge_ports: true
    icmp_blocks: 'echo-request'
    icmp_block_inversion: true

What are you seeing

Error on Server:

2024-02-06T15:40:17.500-06:00 ERROR [qtp140731776-51054] [puppetserver] Puppet no parameter named 'icmp_block_inversion' (file: /etc/puppetlabs/code/environments/cismodule/modules/profile/manifests/base_firewall.pp, line: 7) on Firewalld_zone[ucss-test] (file: /etc/puppetlabs/code/environments/cismodule/modules/profile/manifests/base_firewall.pp, line: 7) on node testing-cis-module.ucs.louisiana.edu
2024-02-06T15:40:17.501-06:00 ERROR [qtp140731776-51054] [puppetserver] Puppet Server Error: no parameter named 'icmp_block_inversion' (file: /etc/puppetlabs/code/environments/cismodule/modules/profile/manifests/base_firewall.pp, line: 7) on Firewalld_zone[ucss-test] (file: /etc/puppetlabs/code/environments/cismodule/modules/profile/manifests/base_firewall.pp, line: 7) on node testing-cis-module.ucs.louisiana.edu

Error on client: Server Error: no parameter named 'icmp_block_inversion'

Output log

Puppet Server Log:

2024-02-06T15:40:13.837-06:00 WARN  [qtp140731776-51054] [puppetserver] Puppet /etc/puppetlabs/code/environments/cismodule/hieradata/nodes/testing-cis-module.ucs.louisiana.edu.yaml: file does not contain a valid yaml hash
2024-02-06T15:40:17.499-06:00 ERROR [qtp140731776-51054] [puppetserver] Puppet no parameter named 'icmp_block_inversion' (file: /etc/puppetlabs/code/environments/cismodule/modules/profile/manifests/base_firewall.pp, line: 7) on Firewalld_zone[ucss-test] (file: /etc/puppetlabs/code/environments/cismodule/modules/profile/manifests/base_firewall.pp, line: 7) on node testing-cis-module.ucs.louisiana.edu
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource.rb:535:in `validate_parameter'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/resource.rb:334:in `block in validate'
org/jruby/RubyHash.java:1519:in `each'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/resource.rb:334:in `validate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/resource.rb:116:in `finish'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:448:in `block in finish'
org/jruby/RubyArray.java:1865:in `each'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:435:in `finish'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:144:in `block in compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:144:in `block in compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:62:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:289:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:123:in `compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:34:in `compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:328:in `block in compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:326:in `block in compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:245:in `block in benchmark'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/benchmark.rb:308:in `realtime'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:244:in `benchmark'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:324:in `compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:68:in `block in find'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/node/environment.rb:440:in `with_text_domain'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:64:in `find'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:223:in `find'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/api/indirected_routes.rb:120:in `do_find'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/api/indirected_routes.rb:53:in `block in call'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:62:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:289:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/api/indirected_routes.rb:52:in `call'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/api/server/v3.rb:17:in `block in wrap'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:82:in `block in process'
org/jruby/RubyArray.java:1865:in `each'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:81:in `process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:88:in `process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:88:in `process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:86:in `block in process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:69:in `block in with_request_profiling'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:65:in `with_request_profiling'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:85:in `block in process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:92:in `respond_to_errors'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:84:in `process'
uri:classloader:/puppetserver-lib/puppet/server/master.rb:69:in `block in handleRequest'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:62:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:289:in `override'
uri:classloader:/puppetserver-lib/puppet/server/master.rb:68:in `handleRequest'
2024-02-06T15:40:17.500-06:00 ERROR [qtp140731776-51054] [puppetserver] Puppet no parameter named 'icmp_block_inversion' (file: /etc/puppetlabs/code/environments/cismodule/modules/profile/manifests/base_firewall.pp, line: 7) on Firewalld_zone[ucss-test] (file: /etc/puppetlabs/code/environments/cismodule/modules/profile/manifests/base_firewall.pp, line: 7) on node testing-cis-module.ucs.louisiana.edu
2024-02-06T15:40:17.501-06:00 ERROR [qtp140731776-51054] [puppetserver] Puppet Server Error: no parameter named 'icmp_block_inversion' (file: /etc/puppetlabs/code/environments/cismodule/modules/profile/manifests/base_firewall.pp, line: 7) on Firewalld_zone[ucss-test] (file: /etc/puppetlabs/code/environments/cismodule/modules/profile/manifests/base_firewall.pp, line: 7) on node testing-cis-module.ucs.louisiana.edu
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource.rb:535:in `validate_parameter'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/resource.rb:334:in `block in validate'
org/jruby/RubyHash.java:1519:in `each'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/resource.rb:334:in `validate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/resource.rb:116:in `finish'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:448:in `block in finish'
org/jruby/RubyArray.java:1865:in `each'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:435:in `finish'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:144:in `block in compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:144:in `block in compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:62:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:289:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:123:in `compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:34:in `compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:328:in `block in compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:326:in `block in compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:245:in `block in benchmark'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/benchmark.rb:308:in `realtime'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:244:in `benchmark'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:324:in `compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:68:in `block in find'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/node/environment.rb:440:in `with_text_domain'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:64:in `find'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:223:in `find'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/api/indirected_routes.rb:120:in `do_find'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/api/indirected_routes.rb:53:in `block in call'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:62:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:289:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/api/indirected_routes.rb:52:in `call'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/api/server/v3.rb:17:in `block in wrap'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:82:in `block in process'
org/jruby/RubyArray.java:1865:in `each'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:81:in `process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:88:in `process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:88:in `process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:86:in `block in process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:69:in `block in with_request_profiling'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:65:in `with_request_profiling'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:85:in `block in process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:92:in `respond_to_errors'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:84:in `process'
uri:classloader:/puppetserver-lib/puppet/server/master.rb:69:in `block in handleRequest'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:62:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:289:in `override'
uri:classloader:/puppetserver-lib/puppet/server/master.rb:68:in `handleRequest'
Agent Via Class:
`Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: no parameter named 'icmp_block_inversion' (file: /etc/puppetlabs/code/environments/cismodule/modules/profile/manifests/base_firewall.pp, line: 7) on Firewalld_zone[ucss-test] (file: /etc/puppetlabs/code/environments/cismodule/modules/profile/manifests/base_firewall.pp, line: 7) on node testing-cis-module.ucs.louisiana.edu`

Agent Via Hieradata:

Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: no parameter named 'icmp_block_inversion' (file: /etc/puppetlabs/code/environments/cismodule/modules/firewalld/manifests/init.pp, line: 199) on Firewalld_zone[ucss-test] (file: /etc/puppetlabs/code/environments/cismodule/modules/firewalld/manifests/init.pp, line: 199) on node testing-cis-module.ucs.louisiana.edu
## What behaviour did you expect instead

Any additional information you'd like to impart

I feel like I might be getting something really basic incorrect.

jcpunk commented 7 months ago

Do you have environment isolation enabled? That feels like type information leakage...

landrypm commented 7 months ago

No, I do not. Thanks. I will investigate tomorrow.

landrypm commented 7 months ago

Environment Isolation was, indeed, the issue. Thanks for the pointer. Much appreciated.