From 120a15ef71cb7bd66901ad5322d9074c575b5170 Mon Sep 17 00:00:00 2001 From: Sharif Nassar Date: Fri, 20 Jan 2012 17:22:16 -0800 Subject: [PATCH] (#14590) Fix for when iptables-save spews out "FATAL" errors. On some broken Virtuozzo containers, /lib/modules/$(uname -r)/modules.dep is absent. This causes iptables-save to give some "FATAL" errors. This patch fixes the parser to ignore them instead of generating garbage rules that make for errors in the puppet agent run. --- lib/puppet/provider/firewall/iptables.rb | 2 +- spec/unit/puppet/provider/iptables_spec.rb | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb index e5f3afe..f4de354 100644 --- a/lib/puppet/provider/firewall/iptables.rb +++ b/lib/puppet/provider/firewall/iptables.rb @@ -96,7 +96,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir # String#lines would be nice, but we need to support Ruby 1.8.5 iptables_save.split("\n").each do |line| - unless line =~ /^\#\s+|^\:\S+|^COMMIT/ + unless line =~ /^\#\s+|^\:\S+|^COMMIT|^FATAL/ if line =~ /^\*/ table = line.sub(/\*/, "") else diff --git a/spec/unit/puppet/provider/iptables_spec.rb b/spec/unit/puppet/provider/iptables_spec.rb index e01dab6..b06d214 100644 --- a/spec/unit/puppet/provider/iptables_spec.rb +++ b/spec/unit/puppet/provider/iptables_spec.rb @@ -68,6 +68,12 @@ describe 'iptables provider' do end end + it 'should ignore lines with fatal errors' do + provider.expects(:execute).with(['/sbin/iptables-save']).returns("FATAL: Could not load /lib/modules/2.6.18-028stab095.1/modules.dep: No such file or directory") + + provider.instances.length.should == 0 + end + # Load in ruby hash for test fixtures. load 'spec/fixtures/iptables/conversion_hash.rb' -- 2.45.2