Browse Source

Create all chains before any rules

If some rules references other chains that are not yet present
state fails. Make sure all chains are created before any rules by
configuring requirement constraint.

Change-Id: Iaf506919f330ff962891baab8132c3b46c49a47c
Closes-Bug: PROD-18821
pull/19/head
Sergio Lystopad 6 years ago
parent
commit
d22315fbb9
2 changed files with 6 additions and 1 deletions
  1. +5
    -1
      iptables/_rule.sls
  2. +1
    -0
      iptables/rules.sls

+ 5
- 1
iptables/_rule.sls View File

- position: {{ rule.position }} - position: {{ rule.position }}
{%- else %} {%- else %}
iptables.append: iptables.append:
{%- if loop.index != 1 %}
- require: - require:
{%- if loop.index != 1 %}
- iptables: iptables_{{ chain_name }}_{% if service_name is defined %}{{ service_name }}_{% endif %}{{ loop.index - 1 }} - iptables: iptables_{{ chain_name }}_{% if service_name is defined %}{{ service_name }}_{% endif %}{{ loop.index - 1 }}
{%- else %}
{%- for chain in chains %}
- iptables: iptables_{{ chain }}
{%- endfor %}
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}
- table: {{ rule.get('table', 'filter') }} - table: {{ rule.get('table', 'filter') }}

+ 1
- 0
iptables/rules.sls View File

{% from "iptables/map.jinja" import service with context %} {% from "iptables/map.jinja" import service with context %}
{%- if grains.get('virtual_subtype', None) not in ['Docker', 'LXC'] %} {%- if grains.get('virtual_subtype', None) not in ['Docker', 'LXC'] %}


{%- set chains = service.get('chain', {}).keys() %}
{%- for chain_name, chain in service.get('chain', {}).iteritems() %} {%- for chain_name, chain in service.get('chain', {}).iteritems() %}


iptables_{{ chain_name }}: iptables_{{ chain_name }}:

Loading…
Cancel
Save