Reload, rather than restart, the FirewallD service
This commit is contained in:
Adam Mendlik
parent
112580daa1
commit
103afc0a18
@ -19,8 +19,6 @@ provisioner:
|
||||
firewalld.sls:
|
||||
firewalld:
|
||||
enabled: True
|
||||
IndividualCalls: 'no'
|
||||
LogDenied: 'off'
|
||||
services:
|
||||
glusterfs:
|
||||
short: glusterfs
|
||||
|
||||
@ -12,8 +12,6 @@ directory_firewalld:
|
||||
- mode: 750
|
||||
- require:
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- listen_in:
|
||||
- module: service_firewalld # restart service
|
||||
|
||||
config_firewalld:
|
||||
file.managed:
|
||||
@ -26,6 +24,7 @@ config_firewalld:
|
||||
- require:
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- file: directory_firewalld
|
||||
- listen_in:
|
||||
- module: service_firewalld # restart service
|
||||
|
||||
- require_in:
|
||||
- service: service_firewalld
|
||||
- watch_in:
|
||||
- cmd: reload_firewalld # reload firewalld config
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
|
||||
# == Define: firewalld.direct
|
||||
#
|
||||
# This defines a configuration for permanent direct chains,
|
||||
# This defines a configuration for permanent direct chains,
|
||||
# rules and passtthroughs, see firewalld.direct (5) man page.
|
||||
|
||||
{%- if firewalld.get('direct', False) %}
|
||||
@ -21,8 +21,10 @@
|
||||
- require:
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- file: directory_firewalld
|
||||
- listen_in:
|
||||
- module: service_firewalld # restart service
|
||||
- require_in:
|
||||
- service: service_firewalld
|
||||
- watch_in:
|
||||
- cmd: reload_firewalld # reload firewalld config
|
||||
- context:
|
||||
direct: {{ firewalld.direct|json }}
|
||||
{%- endif %}
|
||||
|
||||
@ -17,7 +17,7 @@ include:
|
||||
iptables:
|
||||
service.disabled:
|
||||
- enable: False
|
||||
|
||||
|
||||
ip6tables:
|
||||
service.disabled:
|
||||
- enable: False
|
||||
@ -26,7 +26,7 @@ package_firewalld:
|
||||
pkg.installed:
|
||||
- name: {{ firewalld.package }}
|
||||
|
||||
service_firewalld_running:
|
||||
service_firewalld:
|
||||
service.running:
|
||||
- name: {{ firewalld.service }}
|
||||
- enable: True # start on boot
|
||||
@ -36,18 +36,14 @@ service_firewalld_running:
|
||||
- service: iptables # ensure it's stopped
|
||||
- service: ip6tables # ensure it's stopped
|
||||
|
||||
service_firewalld:
|
||||
module.wait:
|
||||
- name: service.restart
|
||||
- m_name: {{ firewalld.service }}
|
||||
reload_firewalld:
|
||||
cmd.wait:
|
||||
- name: 'firewall-cmd --reload'
|
||||
- require:
|
||||
- pkg: package_firewalld
|
||||
- file: config_firewalld
|
||||
- service: iptables # ensure it's stopped
|
||||
- service: ip6tables # ensure it's stopped
|
||||
- service: service_firewalld
|
||||
|
||||
{% else %}
|
||||
service_firewalld_dead:
|
||||
service_firewalld:
|
||||
service.dead:
|
||||
- name: {{ firewalld.service }}
|
||||
- enable: False # don't start on boot
|
||||
|
||||
@ -17,8 +17,10 @@ directory_firewalld_ipsets:
|
||||
- mode: 750
|
||||
- require:
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- listen_in:
|
||||
- module: service_firewalld # restart service
|
||||
- require_in:
|
||||
- service: service_firewalld
|
||||
- watch_in:
|
||||
- cmd: reload_firewalld # reload firewalld config
|
||||
|
||||
# == Define: firewalld.ipsets
|
||||
#
|
||||
@ -38,8 +40,10 @@ directory_firewalld_ipsets:
|
||||
- require:
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- file: directory_firewalld_ipsets
|
||||
- listen_in:
|
||||
- module: service_firewalld # restart service
|
||||
- require_in:
|
||||
- service: service_firewalld
|
||||
- watch_in:
|
||||
- cmd: reload_firewalld # reload firewalld config
|
||||
- context:
|
||||
name: {{ z_name }}
|
||||
ipset: {{ v }}
|
||||
|
||||
@ -12,8 +12,10 @@ directory_firewalld_services:
|
||||
- mode: 750
|
||||
- require:
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- listen_in:
|
||||
- module: service_firewalld # restart service
|
||||
- require_in:
|
||||
- service: service_firewalld
|
||||
- watch_in:
|
||||
- cmd: reload_firewalld # reload firewalld config
|
||||
|
||||
|
||||
# == Define: firewalld.services
|
||||
@ -36,8 +38,10 @@ directory_firewalld_services:
|
||||
- require:
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- file: directory_firewalld_services
|
||||
- listen_in:
|
||||
- module: service_firewalld # restart service
|
||||
- require_in:
|
||||
- service: service_firewalld
|
||||
- watch_in:
|
||||
- cmd: reload_firewalld # reload firewalld config
|
||||
- context:
|
||||
name: {{ s_name }}
|
||||
service: {{ v|json }}
|
||||
|
||||
@ -12,8 +12,10 @@ directory_firewalld_zones:
|
||||
- mode: 750
|
||||
- require:
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- listen_in:
|
||||
- module: service_firewalld # restart service
|
||||
- require_in:
|
||||
- service: service_firewalld
|
||||
- watch_in:
|
||||
- cmd: reload_firewalld # reload firewalld config
|
||||
|
||||
# == Define: firewalld.zones
|
||||
#
|
||||
@ -33,8 +35,10 @@ directory_firewalld_zones:
|
||||
- require:
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- file: directory_firewalld_zones
|
||||
- listen_in:
|
||||
- module: service_firewalld # restart service
|
||||
- require_in:
|
||||
- service: service_firewalld
|
||||
- watch_in:
|
||||
- cmd: reload_firewalld # reload firewalld config
|
||||
- context:
|
||||
name: {{ z_name }}
|
||||
zone: {{ v|json }}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user