saltstack-formulas/firewalld-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #10 from amendlik/service-reload

Browse Source 
Reload service rather than restart
This commit is contained in:
Javier Bértoli 2017-03-13 07:10:42 -03:00 committed by GitHub
commit f5093495bc
9 changed files with 86 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -4,3 +4,5 @@ metadata.json
*.swp
*.tmp
/.project
.kitchen/
.kitchen.local.yml

38
.kitchen.yml Normal file
View File

@ -0,0 +1,38 @@
---
driver:
name: vagrant
platforms:
- name: centos-7.2
provisioner:
name: salt_solo
salt_install: bootstrap
salt_bootstrap_url: https://bootstrap.saltstack.com
salt_version: latest
formula: firewalld
pillars:
top.sls:
base:
'*':
- firewalld
firewalld.sls:
firewalld:
enabled: True
services:
glusterfs:
short: glusterfs
description: 'GlusterFS network filesystem'
ports:
tcp:
- 24007-24008
- 49152-49200
suites:
- name: default
provisioner:
salt_bootstrap_options: -X -d
state_top:
base:
'*':
- firewalld

9
firewalld/config.sls
View File

@ -12,8 +12,6 @@ directory_firewalld:
- mode: 750
- require:
- pkg: package_firewalld # make sure package is installed
- listen_in:
- module: service_firewalld # restart service
config_firewalld:
file.managed:
@ -26,6 +24,7 @@ config_firewalld:
- require:
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config

8
firewalld/direct.sls
View File

@ -5,7 +5,7 @@
# == Define: firewalld.direct
#
# This defines a configuration for permanent direct chains,
# This defines a configuration for permanent direct chains,
# rules and passtthroughs, see firewalld.direct (5) man page.
{%- if firewalld.get('direct', False) %}
@ -21,8 +21,10 @@
- require:
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
- context:
direct: {{ firewalld.direct|json }}
{%- endif %}

18
firewalld/init.sls
View File

@ -17,7 +17,7 @@ include:
iptables:
service.disabled:
- enable: False
ip6tables:
service.disabled:
- enable: False
@ -26,7 +26,7 @@ package_firewalld:
pkg.installed:
- name: {{ firewalld.package }}
service_firewalld_running:
service_firewalld:
service.running:
- name: {{ firewalld.service }}
- enable: True # start on boot
@ -36,18 +36,14 @@ service_firewalld_running:
- service: iptables # ensure it's stopped
- service: ip6tables # ensure it's stopped
service_firewalld:
module.wait:
- name: service.restart
- m_name: {{ firewalld.service }}
reload_firewalld:
cmd.wait:
- name: 'firewall-cmd --reload'
- require:
- pkg: package_firewalld
- file: config_firewalld
- service: iptables # ensure it's stopped
- service: ip6tables # ensure it's stopped
- service: service_firewalld
{% else %}
service_firewalld_dead:
service_firewalld:
service.dead:
- name: {{ firewalld.service }}
- enable: False # don't start on boot

12
firewalld/ipsets.sls
View File

@ -17,8 +17,10 @@ directory_firewalld_ipsets:
- mode: 750
- require:
- pkg: package_firewalld # make sure package is installed
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
# == Define: firewalld.ipsets
#
@ -38,8 +40,10 @@ directory_firewalld_ipsets:
- require:
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld_ipsets
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
- context:
name: {{ z_name }}
ipset: {{ v }}

12
firewalld/services.sls
View File

@ -12,8 +12,10 @@ directory_firewalld_services:
- mode: 750
- require:
- pkg: package_firewalld # make sure package is installed
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
# == Define: firewalld.services
@ -36,8 +38,10 @@ directory_firewalld_services:
- require:
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld_services
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
- context:
name: {{ s_name }}
service: {{ v|json }}

12
firewalld/zones.sls
View File

@ -12,8 +12,10 @@ directory_firewalld_zones:
- mode: 750
- require:
- pkg: package_firewalld # make sure package is installed
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
# == Define: firewalld.zones
#
@ -33,8 +35,10 @@ directory_firewalld_zones:
- require:
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld_zones
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
- context:
name: {{ z_name }}
zone: {{ v|json }}

6
test/integration/default/serverspec/firewalld_server_spec.rb Normal file
View File

@ -0,0 +1,6 @@
require 'serverspec'
set :backend, :exec
describe service('firewalld') do
it { should be_running }
end