Reload, rather than restart, the FirewallD service
This commit is contained in:
Adam Mendlik
parent
112580daa1
commit
103afc0a18
@ -19,8 +19,6 @@ provisioner:
|
|||||||
firewalld.sls:
|
firewalld.sls:
|
||||||
firewalld:
|
firewalld:
|
||||||
enabled: True
|
enabled: True
|
||||||
IndividualCalls: 'no'
|
|
||||||
LogDenied: 'off'
|
|
||||||
services:
|
services:
|
||||||
glusterfs:
|
glusterfs:
|
||||||
short: glusterfs
|
short: glusterfs
|
||||||
|
|||||||
@ -12,8 +12,6 @@ directory_firewalld:
|
|||||||
- mode: 750
|
- mode: 750
|
||||||
- require:
|
- require:
|
||||||
- pkg: package_firewalld # make sure package is installed
|
- pkg: package_firewalld # make sure package is installed
|
||||||
- listen_in:
|
|
||||||
- module: service_firewalld # restart service
|
|
||||||
|
|
||||||
config_firewalld:
|
config_firewalld:
|
||||||
file.managed:
|
file.managed:
|
||||||
@ -26,6 +24,7 @@ config_firewalld:
|
|||||||
- require:
|
- require:
|
||||||
- pkg: package_firewalld # make sure package is installed
|
- pkg: package_firewalld # make sure package is installed
|
||||||
- file: directory_firewalld
|
- file: directory_firewalld
|
||||||
- listen_in:
|
- require_in:
|
||||||
- module: service_firewalld # restart service
|
- service: service_firewalld
|
||||||
|
- watch_in:
|
||||||
|
- cmd: reload_firewalld # reload firewalld config
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
# == Define: firewalld.direct
|
# == Define: firewalld.direct
|
||||||
#
|
#
|
||||||
# This defines a configuration for permanent direct chains,
|
# This defines a configuration for permanent direct chains,
|
||||||
# rules and passtthroughs, see firewalld.direct (5) man page.
|
# rules and passtthroughs, see firewalld.direct (5) man page.
|
||||||
|
|
||||||
{%- if firewalld.get('direct', False) %}
|
{%- if firewalld.get('direct', False) %}
|
||||||
@ -21,8 +21,10 @@
|
|||||||
- require:
|
- require:
|
||||||
- pkg: package_firewalld # make sure package is installed
|
- pkg: package_firewalld # make sure package is installed
|
||||||
- file: directory_firewalld
|
- file: directory_firewalld
|
||||||
- listen_in:
|
- require_in:
|
||||||
- module: service_firewalld # restart service
|
- service: service_firewalld
|
||||||
|
- watch_in:
|
||||||
|
- cmd: reload_firewalld # reload firewalld config
|
||||||
- context:
|
- context:
|
||||||
direct: {{ firewalld.direct|json }}
|
direct: {{ firewalld.direct|json }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|||||||
@ -17,7 +17,7 @@ include:
|
|||||||
iptables:
|
iptables:
|
||||||
service.disabled:
|
service.disabled:
|
||||||
- enable: False
|
- enable: False
|
||||||
|
|
||||||
ip6tables:
|
ip6tables:
|
||||||
service.disabled:
|
service.disabled:
|
||||||
- enable: False
|
- enable: False
|
||||||
@ -26,7 +26,7 @@ package_firewalld:
|
|||||||
pkg.installed:
|
pkg.installed:
|
||||||
- name: {{ firewalld.package }}
|
- name: {{ firewalld.package }}
|
||||||
|
|
||||||
service_firewalld_running:
|
service_firewalld:
|
||||||
service.running:
|
service.running:
|
||||||
- name: {{ firewalld.service }}
|
- name: {{ firewalld.service }}
|
||||||
- enable: True # start on boot
|
- enable: True # start on boot
|
||||||
@ -36,18 +36,14 @@ service_firewalld_running:
|
|||||||
- service: iptables # ensure it's stopped
|
- service: iptables # ensure it's stopped
|
||||||
- service: ip6tables # ensure it's stopped
|
- service: ip6tables # ensure it's stopped
|
||||||
|
|
||||||
service_firewalld:
|
reload_firewalld:
|
||||||
module.wait:
|
cmd.wait:
|
||||||
- name: service.restart
|
- name: 'firewall-cmd --reload'
|
||||||
- m_name: {{ firewalld.service }}
|
|
||||||
- require:
|
- require:
|
||||||
- pkg: package_firewalld
|
- service: service_firewalld
|
||||||
- file: config_firewalld
|
|
||||||
- service: iptables # ensure it's stopped
|
|
||||||
- service: ip6tables # ensure it's stopped
|
|
||||||
|
|
||||||
{% else %}
|
{% else %}
|
||||||
service_firewalld_dead:
|
service_firewalld:
|
||||||
service.dead:
|
service.dead:
|
||||||
- name: {{ firewalld.service }}
|
- name: {{ firewalld.service }}
|
||||||
- enable: False # don't start on boot
|
- enable: False # don't start on boot
|
||||||
|
|||||||
@ -17,8 +17,10 @@ directory_firewalld_ipsets:
|
|||||||
- mode: 750
|
- mode: 750
|
||||||
- require:
|
- require:
|
||||||
- pkg: package_firewalld # make sure package is installed
|
- pkg: package_firewalld # make sure package is installed
|
||||||
- listen_in:
|
- require_in:
|
||||||
- module: service_firewalld # restart service
|
- service: service_firewalld
|
||||||
|
- watch_in:
|
||||||
|
- cmd: reload_firewalld # reload firewalld config
|
||||||
|
|
||||||
# == Define: firewalld.ipsets
|
# == Define: firewalld.ipsets
|
||||||
#
|
#
|
||||||
@ -38,8 +40,10 @@ directory_firewalld_ipsets:
|
|||||||
- require:
|
- require:
|
||||||
- pkg: package_firewalld # make sure package is installed
|
- pkg: package_firewalld # make sure package is installed
|
||||||
- file: directory_firewalld_ipsets
|
- file: directory_firewalld_ipsets
|
||||||
- listen_in:
|
- require_in:
|
||||||
- module: service_firewalld # restart service
|
- service: service_firewalld
|
||||||
|
- watch_in:
|
||||||
|
- cmd: reload_firewalld # reload firewalld config
|
||||||
- context:
|
- context:
|
||||||
name: {{ z_name }}
|
name: {{ z_name }}
|
||||||
ipset: {{ v }}
|
ipset: {{ v }}
|
||||||
|
|||||||
@ -12,8 +12,10 @@ directory_firewalld_services:
|
|||||||
- mode: 750
|
- mode: 750
|
||||||
- require:
|
- require:
|
||||||
- pkg: package_firewalld # make sure package is installed
|
- pkg: package_firewalld # make sure package is installed
|
||||||
- listen_in:
|
- require_in:
|
||||||
- module: service_firewalld # restart service
|
- service: service_firewalld
|
||||||
|
- watch_in:
|
||||||
|
- cmd: reload_firewalld # reload firewalld config
|
||||||
|
|
||||||
|
|
||||||
# == Define: firewalld.services
|
# == Define: firewalld.services
|
||||||
@ -36,8 +38,10 @@ directory_firewalld_services:
|
|||||||
- require:
|
- require:
|
||||||
- pkg: package_firewalld # make sure package is installed
|
- pkg: package_firewalld # make sure package is installed
|
||||||
- file: directory_firewalld_services
|
- file: directory_firewalld_services
|
||||||
- listen_in:
|
- require_in:
|
||||||
- module: service_firewalld # restart service
|
- service: service_firewalld
|
||||||
|
- watch_in:
|
||||||
|
- cmd: reload_firewalld # reload firewalld config
|
||||||
- context:
|
- context:
|
||||||
name: {{ s_name }}
|
name: {{ s_name }}
|
||||||
service: {{ v|json }}
|
service: {{ v|json }}
|
||||||
|
|||||||
@ -12,8 +12,10 @@ directory_firewalld_zones:
|
|||||||
- mode: 750
|
- mode: 750
|
||||||
- require:
|
- require:
|
||||||
- pkg: package_firewalld # make sure package is installed
|
- pkg: package_firewalld # make sure package is installed
|
||||||
- listen_in:
|
- require_in:
|
||||||
- module: service_firewalld # restart service
|
- service: service_firewalld
|
||||||
|
- watch_in:
|
||||||
|
- cmd: reload_firewalld # reload firewalld config
|
||||||
|
|
||||||
# == Define: firewalld.zones
|
# == Define: firewalld.zones
|
||||||
#
|
#
|
||||||
@ -33,8 +35,10 @@ directory_firewalld_zones:
|
|||||||
- require:
|
- require:
|
||||||
- pkg: package_firewalld # make sure package is installed
|
- pkg: package_firewalld # make sure package is installed
|
||||||
- file: directory_firewalld_zones
|
- file: directory_firewalld_zones
|
||||||
- listen_in:
|
- require_in:
|
||||||
- module: service_firewalld # restart service
|
- service: service_firewalld
|
||||||
|
- watch_in:
|
||||||
|
- cmd: reload_firewalld # reload firewalld config
|
||||||
- context:
|
- context:
|
||||||
name: {{ z_name }}
|
name: {{ z_name }}
|
||||||
zone: {{ v|json }}
|
zone: {{ v|json }}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user