How to apply the different firewall rules on multiple agents from Puppet master?

Question

Network Topology:

Using puppet, I am trying to apply different firewall rules on agents.

In Puppet master have nodes.pp files contain info about all agents:

node 'agent1.com' {
  include firewall_node1
}

node 'agent2.com' {
  include firewall_node2
}

node 'agent3.com' {
  include firewall_node3
}

And have 3 classes to defined following firewall rules in rules.pp:

a. Open all incoming connection for 8083/tcp port on Agent1 and zone as public. 
b. Open all incoming connection for 9007/tcp port on Agent2 and zone as public. 
c. Open all incoming connection for 8097/tcp port on Agent3 and zone as public.

Classes are :

class firewall_node1 {
 firewalld_rich_rule { 'Open all incoming connection for 8083/tcp port on Agent1':
  ensure => present,
  zone   => 'public',
  log => {
    'level' => 'debug',
    'prefix' => 'puppetFirewallD'
  },
  port => {
   'port' => 8083,
   'protocol' => 'tcp'
  },
  action  => 'accept',
 }
}

class firewall_node2 {
 firewalld_rich_rule { 'Open all incoming connection for 9007/tcp port on Agent2':
  ensure => present,
  zone   => 'public',
  log => {
    'level' => 'debug',
    'prefix' => 'puppetFirewallD'
  },
  port => {
   'port' => 9007,
   'protocol' => 'tcp'
  },
  action  => 'accept',
 }
}
class firewall_node3 {
 firewalld_rich_rule { 'Open all incoming connection for 8097/tcp port on Agent3':
  ensure => present,
  zone   => 'public',
  log => {
    'level' => 'debug',
    'prefix' => 'puppetFirewallD'
  },
  port => {
   'port' => 8097,
   'protocol' => 'tcp'
  },
  action  => 'accept',
 }
}

When try to apply the above firewall rules, I am seeing below error:

root@agent1]# puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Unknown resource type: 'firewalld_rich_rule' (file: /etc/puppetlabs/code/environments/production/manifests/ruls.pp, line: 2, column: 2) on node agent1.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
[root@agent1]#

And idea this on to trobleshoot please?

Answer 1

Error: Unknown resource type: 'firewalld_rich_rule'

After following this link: https://forge.puppet.com/puppet/firewalld/readme

Found that 'puppet firewalld module' itself not installed.

After installing this using 'puppet module install puppet-firewalld --version 4.3.0' command, able to apply firewall rules using puppet successfully.

Answer 2

Your classes are trying to use a resource type named firewalld_rich_rule, but the master disavows any knowledge of such a resource type. This is plausible, as no such resource type is included in core Puppet.

I'm unsure which firewalld_rich_rule you're trying to use, but my first guess would be that it's the one from the puppet/firewalld module. Whichever one it is, you'll need to install the module containing it into your Puppet master. If you're using an environment other than the default, "production", then be sure to install the module into the correct environment.