From 112580daa17a845d125b6a2cdf6c9b46015e71af Mon Sep 17 00:00:00 2001 From: Adam Mendlik Date: Fri, 10 Mar 2017 11:30:39 -0700 Subject: [PATCH 1/2] Add basic test suite --- .gitignore | 2 + .kitchen.yml | 40 +++++++++++++++++++ .../serverspec/firewalld_server_spec.rb | 6 +++ 3 files changed, 48 insertions(+) create mode 100644 .kitchen.yml create mode 100644 test/integration/default/serverspec/firewalld_server_spec.rb diff --git a/.gitignore b/.gitignore index 302fe24..d3ec1ee 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,5 @@ metadata.json *.swp *.tmp /.project +.kitchen/ +.kitchen.local.yml diff --git a/.kitchen.yml b/.kitchen.yml new file mode 100644 index 0000000..eaa7f3b --- /dev/null +++ b/.kitchen.yml @@ -0,0 +1,40 @@ +--- +driver: + name: vagrant + +platforms: + - name: centos-7.2 + +provisioner: + name: salt_solo + salt_install: bootstrap + salt_bootstrap_url: https://bootstrap.saltstack.com + salt_version: latest + formula: firewalld + pillars: + top.sls: + base: + '*': + - firewalld + firewalld.sls: + firewalld: + enabled: True + IndividualCalls: 'no' + LogDenied: 'off' + services: + glusterfs: + short: glusterfs + description: 'GlusterFS network filesystem' + ports: + tcp: + - 24007-24008 + - 49152-49200 + +suites: + - name: default + provisioner: + salt_bootstrap_options: -X -d + state_top: + base: + '*': + - firewalld diff --git a/test/integration/default/serverspec/firewalld_server_spec.rb b/test/integration/default/serverspec/firewalld_server_spec.rb new file mode 100644 index 0000000..dddd8dd --- /dev/null +++ b/test/integration/default/serverspec/firewalld_server_spec.rb @@ -0,0 +1,6 @@ +require 'serverspec' +set :backend, :exec + +describe service('firewalld') do + it { should be_running } +end From 103afc0a181efe3fa14854b0d2584d34d029c613 Mon Sep 17 00:00:00 2001 From: Adam Mendlik Date: Fri, 10 Mar 2017 12:14:51 -0700 Subject: [PATCH 2/2] Reload, rather than restart, the FirewallD service --- .kitchen.yml | 2 -- firewalld/config.sls | 9 ++++----- firewalld/direct.sls | 8 +++++--- firewalld/init.sls | 18 +++++++----------- firewalld/ipsets.sls | 12 ++++++++---- firewalld/services.sls | 12 ++++++++---- firewalld/zones.sls | 12 ++++++++---- 7 files changed, 40 insertions(+), 33 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index eaa7f3b..efd96c9 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -19,8 +19,6 @@ provisioner: firewalld.sls: firewalld: enabled: True - IndividualCalls: 'no' - LogDenied: 'off' services: glusterfs: short: glusterfs diff --git a/firewalld/config.sls b/firewalld/config.sls index 5030df0..dbf16cd 100644 --- a/firewalld/config.sls +++ b/firewalld/config.sls @@ -12,8 +12,6 @@ directory_firewalld: - mode: 750 - require: - pkg: package_firewalld # make sure package is installed - - listen_in: - - module: service_firewalld # restart service config_firewalld: file.managed: @@ -26,6 +24,7 @@ config_firewalld: - require: - pkg: package_firewalld # make sure package is installed - file: directory_firewalld - - listen_in: - - module: service_firewalld # restart service - + - require_in: + - service: service_firewalld + - watch_in: + - cmd: reload_firewalld # reload firewalld config diff --git a/firewalld/direct.sls b/firewalld/direct.sls index 21e8f24..9104898 100644 --- a/firewalld/direct.sls +++ b/firewalld/direct.sls @@ -5,7 +5,7 @@ # == Define: firewalld.direct # -# This defines a configuration for permanent direct chains, +# This defines a configuration for permanent direct chains, # rules and passtthroughs, see firewalld.direct (5) man page. {%- if firewalld.get('direct', False) %} @@ -21,8 +21,10 @@ - require: - pkg: package_firewalld # make sure package is installed - file: directory_firewalld - - listen_in: - - module: service_firewalld # restart service + - require_in: + - service: service_firewalld + - watch_in: + - cmd: reload_firewalld # reload firewalld config - context: direct: {{ firewalld.direct|json }} {%- endif %} diff --git a/firewalld/init.sls b/firewalld/init.sls index 180ec7c..a3bc80c 100644 --- a/firewalld/init.sls +++ b/firewalld/init.sls @@ -17,7 +17,7 @@ include: iptables: service.disabled: - enable: False - + ip6tables: service.disabled: - enable: False @@ -26,7 +26,7 @@ package_firewalld: pkg.installed: - name: {{ firewalld.package }} -service_firewalld_running: +service_firewalld: service.running: - name: {{ firewalld.service }} - enable: True # start on boot @@ -36,18 +36,14 @@ service_firewalld_running: - service: iptables # ensure it's stopped - service: ip6tables # ensure it's stopped -service_firewalld: - module.wait: - - name: service.restart - - m_name: {{ firewalld.service }} +reload_firewalld: + cmd.wait: + - name: 'firewall-cmd --reload' - require: - - pkg: package_firewalld - - file: config_firewalld - - service: iptables # ensure it's stopped - - service: ip6tables # ensure it's stopped + - service: service_firewalld {% else %} -service_firewalld_dead: +service_firewalld: service.dead: - name: {{ firewalld.service }} - enable: False # don't start on boot diff --git a/firewalld/ipsets.sls b/firewalld/ipsets.sls index 83995bb..1fba144 100644 --- a/firewalld/ipsets.sls +++ b/firewalld/ipsets.sls @@ -17,8 +17,10 @@ directory_firewalld_ipsets: - mode: 750 - require: - pkg: package_firewalld # make sure package is installed - - listen_in: - - module: service_firewalld # restart service + - require_in: + - service: service_firewalld + - watch_in: + - cmd: reload_firewalld # reload firewalld config # == Define: firewalld.ipsets # @@ -38,8 +40,10 @@ directory_firewalld_ipsets: - require: - pkg: package_firewalld # make sure package is installed - file: directory_firewalld_ipsets - - listen_in: - - module: service_firewalld # restart service + - require_in: + - service: service_firewalld + - watch_in: + - cmd: reload_firewalld # reload firewalld config - context: name: {{ z_name }} ipset: {{ v }} diff --git a/firewalld/services.sls b/firewalld/services.sls index 891714f..99e34c5 100644 --- a/firewalld/services.sls +++ b/firewalld/services.sls @@ -12,8 +12,10 @@ directory_firewalld_services: - mode: 750 - require: - pkg: package_firewalld # make sure package is installed - - listen_in: - - module: service_firewalld # restart service + - require_in: + - service: service_firewalld + - watch_in: + - cmd: reload_firewalld # reload firewalld config # == Define: firewalld.services @@ -36,8 +38,10 @@ directory_firewalld_services: - require: - pkg: package_firewalld # make sure package is installed - file: directory_firewalld_services - - listen_in: - - module: service_firewalld # restart service + - require_in: + - service: service_firewalld + - watch_in: + - cmd: reload_firewalld # reload firewalld config - context: name: {{ s_name }} service: {{ v|json }} diff --git a/firewalld/zones.sls b/firewalld/zones.sls index 4c454eb..220cc96 100644 --- a/firewalld/zones.sls +++ b/firewalld/zones.sls @@ -12,8 +12,10 @@ directory_firewalld_zones: - mode: 750 - require: - pkg: package_firewalld # make sure package is installed - - listen_in: - - module: service_firewalld # restart service + - require_in: + - service: service_firewalld + - watch_in: + - cmd: reload_firewalld # reload firewalld config # == Define: firewalld.zones # @@ -33,8 +35,10 @@ directory_firewalld_zones: - require: - pkg: package_firewalld # make sure package is installed - file: directory_firewalld_zones - - listen_in: - - module: service_firewalld # restart service + - require_in: + - service: service_firewalld + - watch_in: + - cmd: reload_firewalld # reload firewalld config - context: name: {{ z_name }} zone: {{ v|json }}