improvements to formula with defaults.yaml
This commit is contained in:
Niels Abspoel
parent
d55b767b91
commit
5fc2f58b0c
@ -1,29 +0,0 @@
|
||||
# == State: firewalld._config
|
||||
#
|
||||
# This state configures firewalld.
|
||||
#
|
||||
|
||||
/etc/firewalld/:
|
||||
file.directory: # make sure this is a directory
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 750
|
||||
- require:
|
||||
- pkg: firewalld # make sure package is installed
|
||||
- watch_in:
|
||||
- service: firewalld # restart service
|
||||
|
||||
/etc/firewalld/firewalld.conf:
|
||||
file:
|
||||
- managed
|
||||
- name: /etc/firewalld/firewalld.conf
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 640
|
||||
- source: salt://firewalld/files/firewalld.conf
|
||||
- template: jinja
|
||||
- require:
|
||||
- pkg: firewalld # make sure package is installed
|
||||
- watch_in:
|
||||
- service: firewalld # restart service
|
||||
|
||||
31
firewalld/config.sls
Normal file
31
firewalld/config.sls
Normal file
@ -0,0 +1,31 @@
|
||||
# == State: firewalld._config
|
||||
#
|
||||
# This state configures firewalld.
|
||||
#
|
||||
{% from "firewalld/map.jinja" import firewalld with context %}
|
||||
|
||||
directory_firewalld:
|
||||
file.directory: # make sure this is a directory
|
||||
- name: /etc/firewalld
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 750
|
||||
- require:
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- listen_in:
|
||||
- service: service_firewalld # restart service
|
||||
|
||||
config_firewalld:
|
||||
file.managed:
|
||||
- name: /etc/firewalld/firewalld.conf
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 640
|
||||
- source: salt://firewalld/files/firewalld.conf
|
||||
- template: jinja
|
||||
- require:
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- file: directory_firewalld
|
||||
- listen_in:
|
||||
- service: service_firewalld # restart service
|
||||
|
||||
6
firewalld/defaults.yaml
Normal file
6
firewalld/defaults.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
firewalld:
|
||||
package: firewalld
|
||||
service: firewalld
|
||||
config: /etc/firewalld.conf
|
||||
@ -3,39 +3,39 @@
|
||||
#
|
||||
# This state installs/runs firewalld.
|
||||
#
|
||||
|
||||
{% from "firewalld/map.jinja" import firewalld with context %}
|
||||
|
||||
{% if salt['pillar.get']('firewalld:enabled') %}
|
||||
include:
|
||||
- firewalld._config
|
||||
- firewalld._service
|
||||
- firewalld._zone
|
||||
- firewalld.config
|
||||
- firewalld.services
|
||||
- firewalld.zones
|
||||
|
||||
# iptables service that comes with rhel/centos
|
||||
iptables:
|
||||
service:
|
||||
- disabled
|
||||
service.disabled:
|
||||
- enable: False
|
||||
|
||||
ip6tables:
|
||||
service:
|
||||
- disabled
|
||||
service.disabled:
|
||||
- enable: False
|
||||
|
||||
firewalld:
|
||||
pkg:
|
||||
- installed
|
||||
service:
|
||||
- running # ensure it's running
|
||||
package_firewalld:
|
||||
pkg.installed:
|
||||
- name: {{ firewalld.package }}
|
||||
|
||||
service_firewalld:
|
||||
service.running:
|
||||
- name: {{ firewalld.service }}
|
||||
- enable: True # start on boot
|
||||
- require:
|
||||
- pkg: firewalld
|
||||
- file: /etc/firewalld/firewalld.conf # require this file
|
||||
- service: iptables # ensure it's stopped
|
||||
- service: ip6tables # ensure it's stopped
|
||||
- pkg: package_firewalld
|
||||
- file: config_firewalld
|
||||
- service: iptables # ensure it's stopped
|
||||
- service: ip6tables # ensure it's stopped
|
||||
{% else %}
|
||||
firewalld:
|
||||
service:
|
||||
- dead # ensure it's not running
|
||||
- enable: False # don't start on boot
|
||||
{% endif %}
|
||||
service_firewalld:
|
||||
service.dead:
|
||||
- name: {{ firewalld.service }}
|
||||
- enable: False # don't start on boot
|
||||
{% endif %}
|
||||
|
||||
26
firewalld/map.jinja
Normal file
26
firewalld/map.jinja
Normal file
@ -0,0 +1,26 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=jinja
|
||||
|
||||
{## Start with defaults from defaults.yaml ##}
|
||||
{% import_yaml "firewalld/defaults.yaml" as default_settings %}
|
||||
|
||||
{##
|
||||
Setup variable using grains['os_family'] based logic, only add key:values here
|
||||
that differ from whats in defaults.yaml
|
||||
##}
|
||||
{% set os_family_map = salt['grains.filter_by']({
|
||||
'Debian': {},
|
||||
'RedHat': {},
|
||||
'Arch': {},
|
||||
}, grain='os_family', merge=salt['pillar.get']('firewalld:lookup'))
|
||||
%}
|
||||
|
||||
{## Merge the flavor_map to the default settings ##}
|
||||
{% do default_settings.firewalld.update(os_family_map) %}
|
||||
|
||||
{## Merge in salt:lookup pillar ##}
|
||||
{% set firewalld = salt['pillar.get'](
|
||||
'firewalld',
|
||||
default=default_settings.firewalld,
|
||||
merge=True)
|
||||
%}
|
||||
@ -1,19 +1,22 @@
|
||||
# == State: firewalld._service
|
||||
# == State: firewalld.services
|
||||
#
|
||||
# This state ensures that /etc/firewalld/services/ exists.
|
||||
#
|
||||
/etc/firewalld/services:
|
||||
{% from "firewalld/map.jinja" import firewalld with context %}
|
||||
|
||||
directory_firewalld_services:
|
||||
file.directory: # make sure this is a directory
|
||||
- name: /etc/firewalld/services
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 750
|
||||
- require:
|
||||
- pkg: firewalld # make sure package is installed
|
||||
- watch_in:
|
||||
- service: firewalld # restart service
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- listen_in:
|
||||
- service: service_firewalld # restart service
|
||||
|
||||
|
||||
# == Define: firewalld._service
|
||||
# == Define: firewalld.services
|
||||
#
|
||||
# This defines a service configuration, see firewalld.service (5) man page.
|
||||
# You usually don't need this, you can simply add ports to zone.
|
||||
@ -31,9 +34,10 @@
|
||||
- source: salt://firewalld/files/service.xml
|
||||
- template: jinja
|
||||
- require:
|
||||
- pkg: firewalld # make sure package is installed
|
||||
- watch_in:
|
||||
- service: firewalld # restart service
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- file: directory_firewalld_services
|
||||
- listen_in:
|
||||
- service: service_firewalld # restart service
|
||||
- context:
|
||||
name: {{ s_name }}
|
||||
service: {{ v }}
|
||||
@ -1,19 +1,22 @@
|
||||
# == State: firewalld._zone
|
||||
# == State: firewalld.zones
|
||||
#
|
||||
# This state ensures that /etc/firewalld/zones/ exists.
|
||||
#
|
||||
/etc/firewalld/zones:
|
||||
{% from "firewalld/map.jinja" import firewalld with context %}
|
||||
|
||||
directory_firewalld_zones:
|
||||
file.directory: # make sure this is a directory
|
||||
- name: /etc/firewalld/zones
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 750
|
||||
- require:
|
||||
- pkg: firewalld # make sure package is installed
|
||||
- watch_in:
|
||||
- service: firewalld # restart service
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- listen_in:
|
||||
- service: service_firewalld # restart service
|
||||
|
||||
|
||||
# == Define: firewalld._zone
|
||||
# == Define: firewalld.zones
|
||||
#
|
||||
# This defines a zone configuration, see firewalld.zone (5) man page.
|
||||
#
|
||||
@ -21,8 +24,7 @@
|
||||
{% set z_name = v.name|default(k) %}
|
||||
|
||||
/etc/firewalld/zones/{{ z_name }}.xml:
|
||||
file:
|
||||
- managed
|
||||
file.managed:
|
||||
- name: /etc/firewalld/zones/{{ z_name }}.xml
|
||||
- user: root
|
||||
- group: root
|
||||
@ -30,9 +32,10 @@
|
||||
- source: salt://firewalld/files/zone.xml
|
||||
- template: jinja
|
||||
- require:
|
||||
- pkg: firewalld # make sure package is installed
|
||||
- watch_in:
|
||||
- service: firewalld # restart service
|
||||
- pkg: package_firewalld # make sure package is installed
|
||||
- file: directory_firewalld_zones
|
||||
- listen_in:
|
||||
- service: service_firewalld # restart service
|
||||
- context:
|
||||
name: {{ z_name }}
|
||||
zone: {{ v }}
|
||||
Loading…
x
Reference in New Issue
Block a user