The notification to rebuild-iptables in iptables_rule isn't delayed
daften opened this issue · comments
Cookbook version
2.2.0
Chef-client version
12.13.27
Platform Details
Centos 7.2
Scenario:
Just adding some iptable rules (>4) with the iptable_rule resource.
Steps to Reproduce:
Just add 5 or more iptable rules with the resource.
Expected Result:
At the end of the chef run, rebuild-iptables is executed
Actual Result:
It is executed at the end of each resource statement:
==> default: * iptables_rule[11_ping] action enable
==> default: * execute[rebuild-iptables] action nothing (skipped due to action :nothing)
==> default: * template[/etc/iptables.d/11_ping] action create[2016-09-21T19:44:41+00:00] INFO: template[/etc/iptables.d/11_ping] created file /etc/iptables.d/11_ping
==> default:
==> default: - create new file /etc/iptables.d/11_ping[2016-09-21T19:44:41+00:00] INFO: template[/etc/iptables.d/11_ping] updated file contents /etc/iptables.d/11_ping
==> default:
==> default: - update content in file /etc/iptables.d/11_ping from none to 689b1e
==> default: --- /etc/iptables.d/11_ping 2016-09-21 19:44:41.831375999 +0000
==> default: +++ /etc/iptables.d/.chef-11_ping20160921-12337-pscywv 2016-09-21 19:44:41.831375999 +0000
==> default: @@ -1 +1,2 @@
==> default: +-A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT[2016-09-21T19:44:41+00:00] INFO: template[/etc/iptables.d/11_ping] mode changed to 644
==> default:
==> default: - change mode from '' to '0644'
==> default:
==> default: - restore selinux security context
==> default: [2016-09-21T19:44:41+00:00] INFO: template[/etc/iptables.d/11_ping] sending run action to execute[rebuild-iptables] (delayed)
==> default: * execute[rebuild-iptables] action run
==> default:
==> default: [execute] Redirecting to /bin/systemctl restart iptables.service
==> default: [2016-09-21T19:44:42+00:00] INFO: execute[rebuild-iptables] ran successfully
==> default: - execute /usr/sbin/rebuild-iptables
==> default:
==> default: * iptables_rule[20_http] action enable
==> default: * execute[rebuild-iptables] action nothing (skipped due to action :nothing)
==> default: * template[/etc/iptables.d/20_http] action create[2016-09-21T19:44:42+00:00] INFO: template[/etc/iptables.d/20_http] created file /etc/iptables.d/20_http
==> default:
==> default: - create new file /etc/iptables.d/20_http[2016-09-21T19:44:42+00:00] INFO: template[/etc/iptables.d/20_http] updated file contents /etc/iptables.d/20_http
==> default:
==> default: - update content in file /etc/iptables.d/20_http from none to 1f494a
==> default: --- /etc/iptables.d/20_http 2016-09-21 19:44:42.046483500 +0000
==> default: +++ /etc/iptables.d/.chef-20_http20160921-12337-1xw2vft 2016-09-21 19:44:42.046483500 +0000
==> default: @@ -1 +1,2 @@
==> default: +-A INPUT -p tcp --dport 80 -m limit --limit 100/minute --limit-burst 100 -m state --state NEW,ESTABLISHED -j ACCEPT[2016-09-21T19:44:42+00:00] INFO: template[/etc/iptables.d/20_http] mode changed to 644
==> default:
==> default: - change mode from '' to '0644'
==> default:
==> default: - restore selinux security context
==> default: [2016-09-21T19:44:42+00:00] INFO: template[/etc/iptables.d/20_http] sending run action to execute[rebuild-iptables] (delayed)
==> default: * execute[rebuild-iptables] action run
==> default:
==> default: [execute] Redirecting to /bin/systemctl restart iptables.service
==> default: Job for iptables.service failed because start of the service was attempted too often. See "systemctl status iptables.service" and "journalctl -xe" for details.
==> default: To force a start use "systemctl reset-failed iptables.service" followed by "systemctl start iptables.service" again.
==> default: [2016-09-21T19:44:42+00:00] INFO: execute[rebuild-iptables] ran successfully
==> default: - execute /usr/sbin/rebuild-iptables