Quellcode durchsuchen
feat(zones): add purging option
This introduces a "purge_zones" toggle which, if enabled, ensures zones not managed using the firewalld pillar get deleted. Useful to enforce that only Salt managed zones exist and to clean up pre-Salt data. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>pull/59/head
Georg Pfuetzenreuter
vor 9 Monaten
2 geänderte Dateien mit 16 neuen und 0 gelöschten Zeilen
+ 13
- 0
firewalld/zones.sls
Datei anzeigen
| @@ -44,3 +44,16 @@ directory_firewalld_zones: | |||
| zone: {{ v|json }} | |||
| {% endfor %} | |||
| {%- if firewalld.get('purge_zones', False) %} | |||
| {%- for file in salt['file.find']('/etc/firewalld/zones', name='*.xml', print='name', type='f') %} | |||
| {%- if file.replace('.xml', '') not in firewalld.get('zones', {}).keys() %} | |||
| /etc/firewalld/zones/{{ file }}: | |||
| file.absent: | |||
| - watch_in: | |||
| - cmd: reload_firewalld | |||
| {%- endif %} | |||
| {%- endfor %} | |||
| {%- endif %} | |||
+ 3
- 0
pillar.example
Datei anzeigen
| @@ -99,6 +99,9 @@ firewalld: | |||
| entries: | |||
| - 2a01::1 | |||
| # Delete zones not defined under "zones" | |||
| purge_zones: False | |||
| zones: | |||
| public: | |||
| short: Public | |||
Laden…