Browse Source

Reload, rather than restart, the FirewallD service

tags/v0.6.2
Adam Mendlik 7 years ago
parent
commit
103afc0a18
7 changed files with 40 additions and 33 deletions
  1. +0
    -2
      .kitchen.yml
  2. +4
    -5
      firewalld/config.sls
  3. +5
    -3
      firewalld/direct.sls
  4. +7
    -11
      firewalld/init.sls
  5. +8
    -4
      firewalld/ipsets.sls
  6. +8
    -4
      firewalld/services.sls
  7. +8
    -4
      firewalld/zones.sls

+ 0
- 2
.kitchen.yml View File

@@ -19,8 +19,6 @@ provisioner:
firewalld.sls:
firewalld:
enabled: True
IndividualCalls: 'no'
LogDenied: 'off'
services:
glusterfs:
short: glusterfs

+ 4
- 5
firewalld/config.sls View File

@@ -12,8 +12,6 @@ directory_firewalld:
- mode: 750
- require:
- pkg: package_firewalld # make sure package is installed
- listen_in:
- module: service_firewalld # restart service

config_firewalld:
file.managed:
@@ -26,6 +24,7 @@ config_firewalld:
- require:
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld
- listen_in:
- module: service_firewalld # restart service

- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config

+ 5
- 3
firewalld/direct.sls View File

@@ -5,7 +5,7 @@

# == Define: firewalld.direct
#
# This defines a configuration for permanent direct chains,
# This defines a configuration for permanent direct chains,
# rules and passtthroughs, see firewalld.direct (5) man page.

{%- if firewalld.get('direct', False) %}
@@ -21,8 +21,10 @@
- require:
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
- context:
direct: {{ firewalld.direct|json }}
{%- endif %}

+ 7
- 11
firewalld/init.sls View File

@@ -17,7 +17,7 @@ include:
iptables:
service.disabled:
- enable: False
ip6tables:
service.disabled:
- enable: False
@@ -26,7 +26,7 @@ package_firewalld:
pkg.installed:
- name: {{ firewalld.package }}

service_firewalld_running:
service_firewalld:
service.running:
- name: {{ firewalld.service }}
- enable: True # start on boot
@@ -36,18 +36,14 @@ service_firewalld_running:
- service: iptables # ensure it's stopped
- service: ip6tables # ensure it's stopped

service_firewalld:
module.wait:
- name: service.restart
- m_name: {{ firewalld.service }}
reload_firewalld:
cmd.wait:
- name: 'firewall-cmd --reload'
- require:
- pkg: package_firewalld
- file: config_firewalld
- service: iptables # ensure it's stopped
- service: ip6tables # ensure it's stopped
- service: service_firewalld

{% else %}
service_firewalld_dead:
service_firewalld:
service.dead:
- name: {{ firewalld.service }}
- enable: False # don't start on boot

+ 8
- 4
firewalld/ipsets.sls View File

@@ -17,8 +17,10 @@ directory_firewalld_ipsets:
- mode: 750
- require:
- pkg: package_firewalld # make sure package is installed
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config

# == Define: firewalld.ipsets
#
@@ -38,8 +40,10 @@ directory_firewalld_ipsets:
- require:
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld_ipsets
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
- context:
name: {{ z_name }}
ipset: {{ v }}

+ 8
- 4
firewalld/services.sls View File

@@ -12,8 +12,10 @@ directory_firewalld_services:
- mode: 750
- require:
- pkg: package_firewalld # make sure package is installed
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config


# == Define: firewalld.services
@@ -36,8 +38,10 @@ directory_firewalld_services:
- require:
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld_services
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
- context:
name: {{ s_name }}
service: {{ v|json }}

+ 8
- 4
firewalld/zones.sls View File

@@ -12,8 +12,10 @@ directory_firewalld_zones:
- mode: 750
- require:
- pkg: package_firewalld # make sure package is installed
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config

# == Define: firewalld.zones
#
@@ -33,8 +35,10 @@ directory_firewalld_zones:
- require:
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld_zones
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
- context:
name: {{ z_name }}
zone: {{ v|json }}

Loading…
Cancel
Save