Project

General

Profile

Actions
Copy link

Bug #22857

open

Service enabled test doesn't seem to work for service iptables on Debian 11

Added by Michel BOUISSOU over 1 year ago. Updated 3 months ago.

Status:
Discussion
Priority:
N/A
Assignee:
Alexis Mousset
Category:
Generic methods
Target version:
7.3.17
Pull Request:
Severity:
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

Hello,

Both methods : “Service enabled at boot” and “Service action” with the “is-enabled” action seem to return “success” for service “iptables” (which loads iptables rules previously saved into /etc/iptables) on Debian 11, even though the service has been manually disabled.

After disabling the service and rebooting the machine, iptables rules will not be restored (which is expected), but Rudder still believes the service is enabled.

root@lab_test_1_agent1:/# systemctl disable iptables
Removed

root@lab_test_1_agent1:/# rudder agent run -I

2023-06-08T08:33:49+00:00 R: [INFO] Executing is-enabled on iptables using the systemctl method
A| compliant iptables_basic Enable iptables service iptables Ensure service iptables is enabled at boot was correct

Please also see attached image and relevant parts of a Rudder agent run log.

Files

Download all files
Screenshot_20230608_103308.png (57.6 KB) Screenshot_20230608_103308.png iptables service is disabled Michel BOUISSOU, 2023-06-08 10:39
runlog.txt (87 KB) runlog.txt Relevant parts of verbose agent execution log Michel BOUISSOU, 2023-06-08 10:41
clipboard-202307061635-xtez2.png (187 KB) clipboard-202307061635-xtez2.png Alexis Mousset, 2023-07-06 16:35
Actions
Copy link

Also available in: Atom PDF