improvements to formula with defaults.yaml

This commit is contained in:
Niels Abspoel 2016-01-19 22:15:08 +01:00
parent d55b767b91
commit 5fc2f58b0c
7 changed files with 112 additions and 71 deletions

View File

@ -1,29 +0,0 @@
# == State: firewalld._config
#
# This state configures firewalld.
#
/etc/firewalld/:
file.directory: # make sure this is a directory
- user: root
- group: root
- mode: 750
- require:
- pkg: firewalld # make sure package is installed
- watch_in:
- service: firewalld # restart service
/etc/firewalld/firewalld.conf:
file:
- managed
- name: /etc/firewalld/firewalld.conf
- user: root
- group: root
- mode: 640
- source: salt://firewalld/files/firewalld.conf
- template: jinja
- require:
- pkg: firewalld # make sure package is installed
- watch_in:
- service: firewalld # restart service

31
firewalld/config.sls Normal file
View File

@ -0,0 +1,31 @@
# == State: firewalld._config
#
# This state configures firewalld.
#
{% from "firewalld/map.jinja" import firewalld with context %}
directory_firewalld:
file.directory: # make sure this is a directory
- name: /etc/firewalld
- user: root
- group: root
- mode: 750
- require:
- pkg: package_firewalld # make sure package is installed
- listen_in:
- service: service_firewalld # restart service
config_firewalld:
file.managed:
- name: /etc/firewalld/firewalld.conf
- user: root
- group: root
- mode: 640
- source: salt://firewalld/files/firewalld.conf
- template: jinja
- require:
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld
- listen_in:
- service: service_firewalld # restart service

6
firewalld/defaults.yaml Normal file
View File

@ -0,0 +1,6 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
firewalld:
package: firewalld
service: firewalld
config: /etc/firewalld.conf

View File

@ -3,39 +3,39 @@
#
# This state installs/runs firewalld.
#
{% from "firewalld/map.jinja" import firewalld with context %}
{% if salt['pillar.get']('firewalld:enabled') %}
include:
- firewalld._config
- firewalld._service
- firewalld._zone
- firewalld.config
- firewalld.services
- firewalld.zones
# iptables service that comes with rhel/centos
iptables:
service:
- disabled
service.disabled:
- enable: False
ip6tables:
service:
- disabled
service.disabled:
- enable: False
firewalld:
pkg:
- installed
service:
- running # ensure it's running
package_firewalld:
pkg.installed:
- name: {{ firewalld.package }}
service_firewalld:
service.running:
- name: {{ firewalld.service }}
- enable: True # start on boot
- require:
- pkg: firewalld
- file: /etc/firewalld/firewalld.conf # require this file
- service: iptables # ensure it's stopped
- service: ip6tables # ensure it's stopped
- pkg: package_firewalld
- file: config_firewalld
- service: iptables # ensure it's stopped
- service: ip6tables # ensure it's stopped
{% else %}
firewalld:
service:
- dead # ensure it's not running
- enable: False # don't start on boot
{% endif %}
service_firewalld:
service.dead:
- name: {{ firewalld.service }}
- enable: False # don't start on boot
{% endif %}

26
firewalld/map.jinja Normal file
View File

@ -0,0 +1,26 @@
# -*- coding: utf-8 -*-
# vim: ft=jinja
{## Start with defaults from defaults.yaml ##}
{% import_yaml "firewalld/defaults.yaml" as default_settings %}
{##
Setup variable using grains['os_family'] based logic, only add key:values here
that differ from whats in defaults.yaml
##}
{% set os_family_map = salt['grains.filter_by']({
'Debian': {},
'RedHat': {},
'Arch': {},
}, grain='os_family', merge=salt['pillar.get']('firewalld:lookup'))
%}
{## Merge the flavor_map to the default settings ##}
{% do default_settings.firewalld.update(os_family_map) %}
{## Merge in salt:lookup pillar ##}
{% set firewalld = salt['pillar.get'](
'firewalld',
default=default_settings.firewalld,
merge=True)
%}

View File

@ -1,19 +1,22 @@
# == State: firewalld._service
# == State: firewalld.services
#
# This state ensures that /etc/firewalld/services/ exists.
#
/etc/firewalld/services:
{% from "firewalld/map.jinja" import firewalld with context %}
directory_firewalld_services:
file.directory: # make sure this is a directory
- name: /etc/firewalld/services
- user: root
- group: root
- mode: 750
- require:
- pkg: firewalld # make sure package is installed
- watch_in:
- service: firewalld # restart service
- pkg: package_firewalld # make sure package is installed
- listen_in:
- service: service_firewalld # restart service
# == Define: firewalld._service
# == Define: firewalld.services
#
# This defines a service configuration, see firewalld.service (5) man page.
# You usually don't need this, you can simply add ports to zone.
@ -31,9 +34,10 @@
- source: salt://firewalld/files/service.xml
- template: jinja
- require:
- pkg: firewalld # make sure package is installed
- watch_in:
- service: firewalld # restart service
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld_services
- listen_in:
- service: service_firewalld # restart service
- context:
name: {{ s_name }}
service: {{ v }}

View File

@ -1,19 +1,22 @@
# == State: firewalld._zone
# == State: firewalld.zones
#
# This state ensures that /etc/firewalld/zones/ exists.
#
/etc/firewalld/zones:
{% from "firewalld/map.jinja" import firewalld with context %}
directory_firewalld_zones:
file.directory: # make sure this is a directory
- name: /etc/firewalld/zones
- user: root
- group: root
- mode: 750
- require:
- pkg: firewalld # make sure package is installed
- watch_in:
- service: firewalld # restart service
- pkg: package_firewalld # make sure package is installed
- listen_in:
- service: service_firewalld # restart service
# == Define: firewalld._zone
# == Define: firewalld.zones
#
# This defines a zone configuration, see firewalld.zone (5) man page.
#
@ -21,8 +24,7 @@
{% set z_name = v.name|default(k) %}
/etc/firewalld/zones/{{ z_name }}.xml:
file:
- managed
file.managed:
- name: /etc/firewalld/zones/{{ z_name }}.xml
- user: root
- group: root
@ -30,9 +32,10 @@
- source: salt://firewalld/files/zone.xml
- template: jinja
- require:
- pkg: firewalld # make sure package is installed
- watch_in:
- service: firewalld # restart service
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld_zones
- listen_in:
- service: service_firewalld # restart service
- context:
name: {{ z_name }}
zone: {{ v }}