salt: salt.state.iptables.append and salt.state.iptables.insert keeps inserting duplicate rules with each state run

I have seen issues regarding this earlier and there has been suggested fixes. I’m still having this problem because of which using these state functions to append or insert an iptable rule seems useless.

Here’s relevant information:

Master:

[root@nitin-saltmaster ~]# salt --versions-report
           Salt: 2014.7.0rc6-2571-g0d6e33a
         Python: 2.6.6 (r266:84292, Nov 21 2013, 10:50:32)
         Jinja2: 2.2.1
       M2Crypto: 0.20.2
 msgpack-python: 0.1.13
   msgpack-pure: Not Installed
       pycrypto: 2.0.1
        libnacl: Not Installed
         PyYAML: 3.10
          ioflo: Not Installed
          PyZMQ: 14.3.1
           RAET: Not Installed
            ZMQ: 4.0.4
           Mako: Not Installed
[root@nitin-saltmaster ~]#

Minion:

[root@nitin-saltmaster ~]# salt '*jenkins' test.versions_report
nitin-jenkins:
               Salt: 2014.1.13
             Python: 2.6.6 (r266:84292, Sep  4 2013, 07:46:00)
             Jinja2: 2.2.1
           M2Crypto: 0.20.2
     msgpack-python: 0.1.13
       msgpack-pure: Not Installed
           pycrypto: 2.0.1
             PyYAML: 3.10
              PyZMQ: 14.3.1
                ZMQ: 3.2.4
[root@nitin-saltmaster ~]#

Both my master and minion are RHEL 6.5

About this issue

Original URL
State: closed
Created 10 years ago
Comments: 25 (20 by maintainers)

Most upvoted comments

@garethgreenaway Here’s snippet of the state:

Open port 8080:
  iptables.insert:
    - name: jenkins
    - position: 1
    - table: filter
    - chain: INPUT
    - jump: ACCEPT
    - match: state
    - connstate: NEW
    - dport: 8080
    - proto: tcp

Here’s the workaround i’m using for the time being:

Open port 8080:
  cmd.run:
    - name: |
        lokkit -p 8080:tcp
    - unless: iptables -L | grep webcache

No i haven’t tried the state on 2014.7 branch. I will try it and let you know if i see any changes in the behavior.

@rallytime No problem! 😄

nmadhok on Nov 6, 2014