Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doesn't ensure that ufw stays enabled #214

Open
dnrce opened this issue Jun 9, 2019 · 5 comments
Open

Doesn't ensure that ufw stays enabled #214

dnrce opened this issue Jun 9, 2019 · 5 comments
Labels
Priority: Medium Will bring visible benefit to the project

Comments

@dnrce
Copy link

dnrce commented Jun 9, 2019

Cookbook version

2.7.0

Chef-client version

14.10.9

Platform Details

Ubuntu 18.04

Scenario:

Chef should enable UFW if it is disabled.

Steps to Reproduce:

Recipe:

firewall 'default'

Steps:

  1. # chef-client
  2. # ufw disable
  3. # chef-client

Expected Result:

# ufw status
Status: active

Actual Result:

# ufw status
Status: inactive
@welcomebot
Copy link

Hey There
It looks like this is the first issue you've filed against the chef-cookbooks project. I'm here to offer you a bit of extra help to make sure we can quickly get back to you.
Make sure you've filled out all the fields in our issue template. Make sure you've provided us with the version of chef-client you're running, your operating system and the version of the cookbook. If you're not using the most up to date version of the cookbook then please make sure to update first. Lots of things change between versions even if you're issue isn't listed in the changelog. Finally please give us a detailed description of the issue you're having. The more we know about what you're trying to do, what actually happens, and how you can reproduce the problem, the better.

If you're looking for more immediate troubleshooting help make sure to check out #general on the Chef Community Slack. There's plenty of folks there willing to lend a helping hand. Thanks for the first issue. We hope we can get back to you soon with a solution.

@martinb3
Copy link
Contributor

Hi there -- indeed, the default action for the firewall resource is :install, which doesn't ensure ufw is running. As I understand it, Ubuntu doesn't (or didn't when we wrote this) ship a service that we can reference using Chef's builtin service resource. I'd be glad to review/merge/release code that supported the functionality you're looking for, but it isn't there today.

If you'd like, we do ensure the service is started and running when using iptables on Ubuntu.

@martinb3 martinb3 added Aspect: Packaging Priority: Medium Will bring visible benefit to the project labels Jun 10, 2019
@dnrce
Copy link
Author

dnrce commented Jun 11, 2019

Thanks for the context!

Would something like what's in the :restart action not work?

ufw_enable! unless ufw_active?

@martinb3
Copy link
Contributor

I think it'd need to be in the install action, as well. I'd take a look at one of the other providers and see where it ensures :enabled, :running on the services they cover. And then do the same for ufw. Thanks!

@dnrce
Copy link
Author

dnrce commented Jun 13, 2019

Yeah, I was asking if you saw anything wrong with copying the logic from :restart into :install or if that seems like roughly the right direction.

@tas50 tas50 removed the Size: M label Jan 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: Medium Will bring visible benefit to the project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@martinb3 @tas50 @dnrce @welcomebot @xorimabot