improvements to formula with defaults.yaml

This commit is contained in:
Niels Abspoel 2016-01-19 22:15:08 +01:00
parent d55b767b91
commit 5fc2f58b0c
7 changed files with 112 additions and 71 deletions

View File

@ -1,29 +0,0 @@
# == State: firewalld._config
#
# This state configures firewalld.
#
/etc/firewalld/:
file.directory: # make sure this is a directory
- user: root
- group: root
- mode: 750
- require:
- pkg: firewalld # make sure package is installed
- watch_in:
- service: firewalld # restart service
/etc/firewalld/firewalld.conf:
file:
- managed
- name: /etc/firewalld/firewalld.conf
- user: root
- group: root
- mode: 640
- source: salt://firewalld/files/firewalld.conf
- template: jinja
- require:
- pkg: firewalld # make sure package is installed
- watch_in:
- service: firewalld # restart service

31
firewalld/config.sls Normal file
View File

@ -0,0 +1,31 @@
# == State: firewalld._config
#
# This state configures firewalld.
#
{% from "firewalld/map.jinja" import firewalld with context %}
directory_firewalld:
file.directory: # make sure this is a directory
- name: /etc/firewalld
- user: root
- group: root
- mode: 750
- require:
- pkg: package_firewalld # make sure package is installed
- listen_in:
- service: service_firewalld # restart service
config_firewalld:
file.managed:
- name: /etc/firewalld/firewalld.conf
- user: root
- group: root
- mode: 640
- source: salt://firewalld/files/firewalld.conf
- template: jinja
- require:
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld
- listen_in:
- service: service_firewalld # restart service

6
firewalld/defaults.yaml Normal file
View File

@ -0,0 +1,6 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
firewalld:
package: firewalld
service: firewalld
config: /etc/firewalld.conf

View File

@ -3,39 +3,39 @@
# #
# This state installs/runs firewalld. # This state installs/runs firewalld.
# #
{% from "firewalld/map.jinja" import firewalld with context %}
{% if salt['pillar.get']('firewalld:enabled') %} {% if salt['pillar.get']('firewalld:enabled') %}
include: include:
- firewalld._config - firewalld.config
- firewalld._service - firewalld.services
- firewalld._zone - firewalld.zones
# iptables service that comes with rhel/centos # iptables service that comes with rhel/centos
iptables: iptables:
service: service.disabled:
- disabled
- enable: False - enable: False
ip6tables: ip6tables:
service: service.disabled:
- disabled
- enable: False - enable: False
firewalld: package_firewalld:
pkg: pkg.installed:
- installed - name: {{ firewalld.package }}
service:
- running # ensure it's running service_firewalld:
service.running:
- name: {{ firewalld.service }}
- enable: True # start on boot - enable: True # start on boot
- require: - require:
- pkg: firewalld - pkg: package_firewalld
- file: /etc/firewalld/firewalld.conf # require this file - file: config_firewalld
- service: iptables # ensure it's stopped - service: iptables # ensure it's stopped
- service: ip6tables # ensure it's stopped - service: ip6tables # ensure it's stopped
{% else %} {% else %}
firewalld: service_firewalld:
service: service.dead:
- dead # ensure it's not running - name: {{ firewalld.service }}
- enable: False # don't start on boot - enable: False # don't start on boot
{% endif %} {% endif %}

26
firewalld/map.jinja Normal file
View File

@ -0,0 +1,26 @@
# -*- coding: utf-8 -*-
# vim: ft=jinja
{## Start with defaults from defaults.yaml ##}
{% import_yaml "firewalld/defaults.yaml" as default_settings %}
{##
Setup variable using grains['os_family'] based logic, only add key:values here
that differ from whats in defaults.yaml
##}
{% set os_family_map = salt['grains.filter_by']({
'Debian': {},
'RedHat': {},
'Arch': {},
}, grain='os_family', merge=salt['pillar.get']('firewalld:lookup'))
%}
{## Merge the flavor_map to the default settings ##}
{% do default_settings.firewalld.update(os_family_map) %}
{## Merge in salt:lookup pillar ##}
{% set firewalld = salt['pillar.get'](
'firewalld',
default=default_settings.firewalld,
merge=True)
%}

View File

@ -1,19 +1,22 @@
# == State: firewalld._service # == State: firewalld.services
# #
# This state ensures that /etc/firewalld/services/ exists. # This state ensures that /etc/firewalld/services/ exists.
# #
/etc/firewalld/services: {% from "firewalld/map.jinja" import firewalld with context %}
directory_firewalld_services:
file.directory: # make sure this is a directory file.directory: # make sure this is a directory
- name: /etc/firewalld/services
- user: root - user: root
- group: root - group: root
- mode: 750 - mode: 750
- require: - require:
- pkg: firewalld # make sure package is installed - pkg: package_firewalld # make sure package is installed
- watch_in: - listen_in:
- service: firewalld # restart service - service: service_firewalld # restart service
# == Define: firewalld._service # == Define: firewalld.services
# #
# This defines a service configuration, see firewalld.service (5) man page. # This defines a service configuration, see firewalld.service (5) man page.
# You usually don't need this, you can simply add ports to zone. # You usually don't need this, you can simply add ports to zone.
@ -31,9 +34,10 @@
- source: salt://firewalld/files/service.xml - source: salt://firewalld/files/service.xml
- template: jinja - template: jinja
- require: - require:
- pkg: firewalld # make sure package is installed - pkg: package_firewalld # make sure package is installed
- watch_in: - file: directory_firewalld_services
- service: firewalld # restart service - listen_in:
- service: service_firewalld # restart service
- context: - context:
name: {{ s_name }} name: {{ s_name }}
service: {{ v }} service: {{ v }}

View File

@ -1,19 +1,22 @@
# == State: firewalld._zone # == State: firewalld.zones
# #
# This state ensures that /etc/firewalld/zones/ exists. # This state ensures that /etc/firewalld/zones/ exists.
# #
/etc/firewalld/zones: {% from "firewalld/map.jinja" import firewalld with context %}
directory_firewalld_zones:
file.directory: # make sure this is a directory file.directory: # make sure this is a directory
- name: /etc/firewalld/zones
- user: root - user: root
- group: root - group: root
- mode: 750 - mode: 750
- require: - require:
- pkg: firewalld # make sure package is installed - pkg: package_firewalld # make sure package is installed
- watch_in: - listen_in:
- service: firewalld # restart service - service: service_firewalld # restart service
# == Define: firewalld._zone # == Define: firewalld.zones
# #
# This defines a zone configuration, see firewalld.zone (5) man page. # This defines a zone configuration, see firewalld.zone (5) man page.
# #
@ -21,8 +24,7 @@
{% set z_name = v.name|default(k) %} {% set z_name = v.name|default(k) %}
/etc/firewalld/zones/{{ z_name }}.xml: /etc/firewalld/zones/{{ z_name }}.xml:
file: file.managed:
- managed
- name: /etc/firewalld/zones/{{ z_name }}.xml - name: /etc/firewalld/zones/{{ z_name }}.xml
- user: root - user: root
- group: root - group: root
@ -30,9 +32,10 @@
- source: salt://firewalld/files/zone.xml - source: salt://firewalld/files/zone.xml
- template: jinja - template: jinja
- require: - require:
- pkg: firewalld # make sure package is installed - pkg: package_firewalld # make sure package is installed
- watch_in: - file: directory_firewalld_zones
- service: firewalld # restart service - listen_in:
- service: service_firewalld # restart service
- context: - context:
name: {{ z_name }} name: {{ z_name }}
zone: {{ v }} zone: {{ v }}