Niels Abspoel
8 years ago
7 changed files with 112 additions and 71 deletions
+ 0
- 29
firewalld/_config.sls
View File
| @@ -1,29 +0,0 @@ | |||
| # == State: firewalld._config | |||
| # | |||
| # This state configures firewalld. | |||
| # | |||
| /etc/firewalld/: | |||
| file.directory: # make sure this is a directory | |||
| - user: root | |||
| - group: root | |||
| - mode: 750 | |||
| - require: | |||
| - pkg: firewalld # make sure package is installed | |||
| - watch_in: | |||
| - service: firewalld # restart service | |||
| /etc/firewalld/firewalld.conf: | |||
| file: | |||
| - managed | |||
| - name: /etc/firewalld/firewalld.conf | |||
| - user: root | |||
| - group: root | |||
| - mode: 640 | |||
| - source: salt://firewalld/files/firewalld.conf | |||
| - template: jinja | |||
| - require: | |||
| - pkg: firewalld # make sure package is installed | |||
| - watch_in: | |||
| - service: firewalld # restart service | |||
+ 31
- 0
firewalld/config.sls
View File
| @@ -0,0 +1,31 @@ | |||
| # == State: firewalld._config | |||
| # | |||
| # This state configures firewalld. | |||
| # | |||
| {% from "firewalld/map.jinja" import firewalld with context %} | |||
| directory_firewalld: | |||
| file.directory: # make sure this is a directory | |||
| - name: /etc/firewalld | |||
| - user: root | |||
| - group: root | |||
| - mode: 750 | |||
| - require: | |||
| - pkg: package_firewalld # make sure package is installed | |||
| - listen_in: | |||
| - service: service_firewalld # restart service | |||
| config_firewalld: | |||
| file.managed: | |||
| - name: /etc/firewalld/firewalld.conf | |||
| - user: root | |||
| - group: root | |||
| - mode: 640 | |||
| - source: salt://firewalld/files/firewalld.conf | |||
| - template: jinja | |||
| - require: | |||
| - pkg: package_firewalld # make sure package is installed | |||
| - file: directory_firewalld | |||
| - listen_in: | |||
| - service: service_firewalld # restart service | |||
+ 6
- 0
firewalld/defaults.yaml
View File
| @@ -0,0 +1,6 @@ | |||
| # -*- coding: utf-8 -*- | |||
| # vim: ft=yaml | |||
| firewalld: | |||
| package: firewalld | |||
| service: firewalld | |||
| config: /etc/firewalld.conf | |||
+ 22
- 22
firewalld/init.sls
View File
| @@ -3,39 +3,39 @@ | |||
| # | |||
| # This state installs/runs firewalld. | |||
| # | |||
| {% from "firewalld/map.jinja" import firewalld with context %} | |||
| {% if salt['pillar.get']('firewalld:enabled') %} | |||
| include: | |||
| - firewalld._config | |||
| - firewalld._service | |||
| - firewalld._zone | |||
| - firewalld.config | |||
| - firewalld.services | |||
| - firewalld.zones | |||
| # iptables service that comes with rhel/centos | |||
| iptables: | |||
| service: | |||
| - disabled | |||
| service.disabled: | |||
| - enable: False | |||
| ip6tables: | |||
| service: | |||
| - disabled | |||
| service.disabled: | |||
| - enable: False | |||
| firewalld: | |||
| pkg: | |||
| - installed | |||
| service: | |||
| - running # ensure it's running | |||
| package_firewalld: | |||
| pkg.installed: | |||
| - name: {{ firewalld.package }} | |||
| service_firewalld: | |||
| service.running: | |||
| - name: {{ firewalld.service }} | |||
| - enable: True # start on boot | |||
| - require: | |||
| - pkg: firewalld | |||
| - file: /etc/firewalld/firewalld.conf # require this file | |||
| - service: iptables # ensure it's stopped | |||
| - service: ip6tables # ensure it's stopped | |||
| - pkg: package_firewalld | |||
| - file: config_firewalld | |||
| - service: iptables # ensure it's stopped | |||
| - service: ip6tables # ensure it's stopped | |||
| {% else %} | |||
| firewalld: | |||
| service: | |||
| - dead # ensure it's not running | |||
| - enable: False # don't start on boot | |||
| {% endif %} | |||
| service_firewalld: | |||
| service.dead: | |||
| - name: {{ firewalld.service }} | |||
| - enable: False # don't start on boot | |||
| {% endif %} | |||
+ 26
- 0
firewalld/map.jinja
View File
| @@ -0,0 +1,26 @@ | |||
| # -*- coding: utf-8 -*- | |||
| # vim: ft=jinja | |||
| {## Start with defaults from defaults.yaml ##} | |||
| {% import_yaml "firewalld/defaults.yaml" as default_settings %} | |||
| {## | |||
| Setup variable using grains['os_family'] based logic, only add key:values here | |||
| that differ from whats in defaults.yaml | |||
| ##} | |||
| {% set os_family_map = salt['grains.filter_by']({ | |||
| 'Debian': {}, | |||
| 'RedHat': {}, | |||
| 'Arch': {}, | |||
| }, grain='os_family', merge=salt['pillar.get']('firewalld:lookup')) | |||
| %} | |||
| {## Merge the flavor_map to the default settings ##} | |||
| {% do default_settings.firewalld.update(os_family_map) %} | |||
| {## Merge in salt:lookup pillar ##} | |||
| {% set firewalld = salt['pillar.get']( | |||
| 'firewalld', | |||
| default=default_settings.firewalld, | |||
| merge=True) | |||
| %} | |||
firewalld/_service.sls → firewalld/services.sls
View File
| @@ -1,19 +1,22 @@ | |||
| # == State: firewalld._service | |||
| # == State: firewalld.services | |||
| # | |||
| # This state ensures that /etc/firewalld/services/ exists. | |||
| # | |||
| /etc/firewalld/services: | |||
| {% from "firewalld/map.jinja" import firewalld with context %} | |||
| directory_firewalld_services: | |||
| file.directory: # make sure this is a directory | |||
| - name: /etc/firewalld/services | |||
| - user: root | |||
| - group: root | |||
| - mode: 750 | |||
| - require: | |||
| - pkg: firewalld # make sure package is installed | |||
| - watch_in: | |||
| - service: firewalld # restart service | |||
| - pkg: package_firewalld # make sure package is installed | |||
| - listen_in: | |||
| - service: service_firewalld # restart service | |||
| # == Define: firewalld._service | |||
| # == Define: firewalld.services | |||
| # | |||
| # This defines a service configuration, see firewalld.service (5) man page. | |||
| # You usually don't need this, you can simply add ports to zone. | |||
| @@ -31,9 +34,10 @@ | |||
| - source: salt://firewalld/files/service.xml | |||
| - template: jinja | |||
| - require: | |||
| - pkg: firewalld # make sure package is installed | |||
| - watch_in: | |||
| - service: firewalld # restart service | |||
| - pkg: package_firewalld # make sure package is installed | |||
| - file: directory_firewalld_services | |||
| - listen_in: | |||
| - service: service_firewalld # restart service | |||
| - context: | |||
| name: {{ s_name }} | |||
| service: {{ v }} | |||
firewalld/_zone.sls → firewalld/zones.sls
View File
| @@ -1,19 +1,22 @@ | |||
| # == State: firewalld._zone | |||
| # == State: firewalld.zones | |||
| # | |||
| # This state ensures that /etc/firewalld/zones/ exists. | |||
| # | |||
| /etc/firewalld/zones: | |||
| {% from "firewalld/map.jinja" import firewalld with context %} | |||
| directory_firewalld_zones: | |||
| file.directory: # make sure this is a directory | |||
| - name: /etc/firewalld/zones | |||
| - user: root | |||
| - group: root | |||
| - mode: 750 | |||
| - require: | |||
| - pkg: firewalld # make sure package is installed | |||
| - watch_in: | |||
| - service: firewalld # restart service | |||
| - pkg: package_firewalld # make sure package is installed | |||
| - listen_in: | |||
| - service: service_firewalld # restart service | |||
| # == Define: firewalld._zone | |||
| # == Define: firewalld.zones | |||
| # | |||
| # This defines a zone configuration, see firewalld.zone (5) man page. | |||
| # | |||
| @@ -21,8 +24,7 @@ | |||
| {% set z_name = v.name|default(k) %} | |||
| /etc/firewalld/zones/{{ z_name }}.xml: | |||
| file: | |||
| - managed | |||
| file.managed: | |||
| - name: /etc/firewalld/zones/{{ z_name }}.xml | |||
| - user: root | |||
| - group: root | |||
| @@ -30,9 +32,10 @@ | |||
| - source: salt://firewalld/files/zone.xml | |||
| - template: jinja | |||
| - require: | |||
| - pkg: firewalld # make sure package is installed | |||
| - watch_in: | |||
| - service: firewalld # restart service | |||
| - pkg: package_firewalld # make sure package is installed | |||
| - file: directory_firewalld_zones | |||
| - listen_in: | |||
| - service: service_firewalld # restart service | |||
| - context: | |||
| name: {{ z_name }} | |||
| zone: {{ v }} | |||
Loading…