Can't start iptables cookbook on host without ipv6 support

Question

Can't start iptables cookbook on host without ipv6 support

YoshiStan opened this issue 5 years ago · comments

Ivan Iostman commented 5 years ago

Cookbook version

4.5.0

Chef-client version

12.17.44

Platform Details

RHEL 7.6.1810

Scenario:

Hi.
I've faced with next problem: If I use cookbook on host without ipv6 it fail to start on run ip6tables step.

Reason: The installed iptables-services package installed file /etc/sysconfig/ip6tables with default sample configuration. After install it try to start ip6tables service but can't do that because no support for ipv6 on host. 'default' recipe cant't replace it to empty file (actually it just create empty file only if it missing).

Steps to Reproduce:

Just use it on host without ipv6.

Expected Result:

It can make check for ipv6 support or just replace /etc/sysconfig/ip6tables file.

Actual Result:

It fail to start on start ip6tables step.

WelcomeBot · Answer 1 · Thu Mar 07 2019 21:01:39 GMT+0800 (China Standard Time)

Hey There
It looks like this is the first issue you've filed against the chef-cookbooks project. I'm here to offer you a bit of extra help to make sure we can quickly get back to you.
Make sure you've filled out all the fields in our issue template. Make sure you've provided us with the version of chef-client you're running, your operating system and the version of the cookbook. If you're not using the most up to date version of the cookbook then please make sure to update first. Lots of things change between versions even if you're issue isn't listed in the changelog. Finally please give us a detailed description of the issue you're having. The more we know about what you're trying to do, what actually happens, and how you can reproduce the problem, the better.

If you're looking for more immediate troubleshooting help make sure to check out #general on the Chef Community Slack. There's plenty of folks there willing to lend a helping hand. Thanks for the first issue. We hope we can get back to you soon with a solution.

Michael Patalano · Answer 2 · Thu May 30 2019 03:47:06 GMT+0800 (China Standard Time)

Same problem, it works with 4.3.4, but fails starting with 4.4.0. The logic in default.rb needs to be updated to only enable/start the ip6tables if it exists. (Possibly additional changes as well)

Barrow Kwan · Answer 3 · Sat Nov 07 2020 05:41:16 GMT+0800 (China Standard Time)

this is like over a year but still haven't been addressed....

Jason Field · Answer 4 · Sun Dec 20 2020 19:56:56 GMT+0800 (China Standard Time)

Version 7 lets you specify the service you want to start through the resources

https://github.com/chef-cookbooks/iptables/blob/master/documentation/iptables_service.md