|
|
|
|
|
|
|
|
================= |
|
|
|
|
|
|
|
|
.. _readme: |
|
|
|
|
|
|
|
|
firewalld-formula |
|
|
firewalld-formula |
|
|
================= |
|
|
================= |
|
|
|
|
|
|
|
|
Salt Stack Formula to set up and configure Firewalld, dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces |
|
|
|
|
|
|
|
|
|img_travis| |img_sr| |
|
|
|
|
|
|
|
|
|
|
|
.. |img_travis| image:: https://travis-ci.com/saltstack-formulas/firewalld-formula.svg?branch=master |
|
|
|
|
|
:alt: Travis CI Build Status |
|
|
|
|
|
:scale: 100% |
|
|
|
|
|
:target: https://travis-ci.com/saltstack-formulas/firewalld-formula |
|
|
|
|
|
.. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg |
|
|
|
|
|
:alt: Semantic Release |
|
|
|
|
|
:scale: 100% |
|
|
|
|
|
:target: https://github.com/semantic-release/semantic-release |
|
|
|
|
|
|
|
|
|
|
|
A SaltStack Formula to set up and configure Firewalld, a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces. |
|
|
|
|
|
|
|
|
|
|
|
.. contents:: **Table of Contents** |
|
|
|
|
|
|
|
|
|
|
|
General notes |
|
|
|
|
|
------------- |
|
|
|
|
|
|
|
|
.. image:: https://travis-ci.org/saltstack-formulas/firewalld-formula.svg?branch=master |
|
|
|
|
|
|
|
|
See the full `SaltStack Formulas installation and usage instructions |
|
|
|
|
|
<https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_. |
|
|
|
|
|
|
|
|
NOTICE BEFORE YOU USE |
|
|
|
|
|
===================== |
|
|
|
|
|
|
|
|
If you are interested in writing or contributing to formulas, please pay attention to the `Writing Formula Section |
|
|
|
|
|
<https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#writing-formulas>`_. |
|
|
|
|
|
|
|
|
* This formula aims to follow the conventions and recommendations described at http://docs.saltstack.com/topics/conventions/formulas.html |
|
|
|
|
|
|
|
|
If you want to use this formula, please pay attention to the ``FORMULA`` file and/or ``git tag``, |
|
|
|
|
|
which contains the currently released version. This formula is versioned according to `Semantic Versioning <http://semver.org/>`_. |
|
|
|
|
|
|
|
|
|
|
|
See `Formula Versioning Section <https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#versioning>`_ for more details. |
|
|
|
|
|
|
|
|
|
|
|
If you need (non-default) configuration, please pay attention to the ``pillar.example`` file and/or `Special notes`_ section. |
|
|
|
|
|
|
|
|
|
|
|
Contributing to this repo |
|
|
|
|
|
------------------------- |
|
|
|
|
|
|
|
|
|
|
|
**Commit message formatting is significant!!** |
|
|
|
|
|
|
|
|
|
|
|
Please see `How to contribute <https://github.com/saltstack-formulas/.github/blob/master/CONTRIBUTING.rst>`_ for more details. |
|
|
|
|
|
|
|
|
|
|
|
Special notes |
|
|
|
|
|
------------- |
|
|
|
|
|
|
|
|
|
|
|
None |
|
|
|
|
|
|
|
|
TODO |
|
|
TODO |
|
|
==== |
|
|
|
|
|
|
|
|
---- |
|
|
|
|
|
|
|
|
* configure local pre-commit hooks (code syntax check based on file extension, check for ugly *utf-8 mac os white space*) |
|
|
* configure local pre-commit hooks (code syntax check based on file extension, check for ugly *utf-8 mac os white space*) |
|
|
|
|
|
|
|
|
Instructions |
|
|
Instructions |
|
|
============ |
|
|
|
|
|
|
|
|
------------ |
|
|
|
|
|
|
|
|
1. Add this repository as a `GitFS <http://docs.saltstack.com/topics/tutorials/gitfs.html>`_ backend in your Salt master config. |
|
|
1. Add this repository as a `GitFS <http://docs.saltstack.com/topics/tutorials/gitfs.html>`_ backend in your Salt master config. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3. Include this Formula within another Formula or simply define your needed states within the Salt top file (``/srv/salt/top.sls``). |
|
|
3. Include this Formula within another Formula or simply define your needed states within the Salt top file (``/srv/salt/top.sls``). |
|
|
|
|
|
|
|
|
Available states |
|
|
|
|
|
================ |
|
|
|
|
|
|
|
|
|
|
|
.. contents:: |
|
|
|
|
|
:local: |
|
|
|
|
|
|
|
|
|
|
|
``firewalld`` |
|
|
|
|
|
------------- |
|
|
|
|
|
Manage firewalld |
|
|
|
|
|
|
|
|
|
|
|
Additional resources |
|
|
Additional resources |
|
|
==================== |
|
|
|
|
|
|
|
|
-------------------- |
|
|
|
|
|
|
|
|
None |
|
|
None |
|
|
|
|
|
|
|
|
Formula Dependencies |
|
|
Formula Dependencies |
|
|
==================== |
|
|
|
|
|
|
|
|
-------------------- |
|
|
|
|
|
|
|
|
None |
|
|
None |
|
|
|
|
|
|
|
|
Contributions |
|
|
Contributions |
|
|
============= |
|
|
|
|
|
|
|
|
------------- |
|
|
|
|
|
|
|
|
Contributions are always welcome. All development guidelines you have to know are |
|
|
Contributions are always welcome. All development guidelines you have to know are |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* update README.rst doc |
|
|
* update README.rst doc |
|
|
|
|
|
|
|
|
Salt Compatibility |
|
|
Salt Compatibility |
|
|
================== |
|
|
|
|
|
|
|
|
------------------ |
|
|
|
|
|
|
|
|
Tested with: |
|
|
Tested with: |
|
|
|
|
|
|
|
|
* 2018.3.x (will probably work too with 2017.x.x) |
|
|
* 2018.3.x (will probably work too with 2017.x.x) |
|
|
|
|
|
|
|
|
OS Compatibility |
|
|
OS Compatibility |
|
|
================ |
|
|
|
|
|
|
|
|
---------------- |
|
|
|
|
|
|
|
|
Tested with: |
|
|
Tested with: |
|
|
|
|
|
|
|
|
* CentOS 7 |
|
|
* CentOS 7 |
|
|
* Debian 9 |
|
|
* Debian 9 |
|
|
* Ubuntu 18.04 |
|
|
* Ubuntu 18.04 |
|
|
|
|
|
|
|
|
|
|
|
Available states |
|
|
|
|
|
---------------- |
|
|
|
|
|
|
|
|
|
|
|
.. contents:: |
|
|
|
|
|
:local: |
|
|
|
|
|
|
|
|
|
|
|
``firewalld`` |
|
|
|
|
|
^^^^^^^^^^^^^ |
|
|
|
|
|
|
|
|
|
|
|
Manage firewalld |
|
|
|
|
|
|
|
|
|
|
|
Testing |
|
|
|
|
|
------- |
|
|
|
|
|
|
|
|
|
|
|
Linux testing is done with ``kitchen-salt``. |
|
|
|
|
|
|
|
|
|
|
|
Requirements |
|
|
|
|
|
^^^^^^^^^^^^ |
|
|
|
|
|
|
|
|
|
|
|
* Ruby |
|
|
|
|
|
* Docker |
|
|
|
|
|
|
|
|
|
|
|
.. code-block:: bash |
|
|
|
|
|
|
|
|
|
|
|
$ gem install bundler |
|
|
|
|
|
$ bundle install |
|
|
|
|
|
$ bin/kitchen test [platform] |
|
|
|
|
|
|
|
|
|
|
|
Where ``[platform]`` is the platform name defined in ``kitchen.yml``, |
|
|
|
|
|
e.g. ``debian-9-2019-2-py3``. |
|
|
|
|
|
|
|
|
|
|
|
``bin/kitchen converge`` |
|
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^ |
|
|
|
|
|
|
|
|
|
|
|
Creates the docker instance and runs the ``firewalld`` main state, ready for testing. |
|
|
|
|
|
|
|
|
|
|
|
``bin/kitchen verify`` |
|
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^ |
|
|
|
|
|
|
|
|
|
|
|
Runs the ``inspec`` tests on the actual instance. |
|
|
|
|
|
|
|
|
|
|
|
``bin/kitchen destroy`` |
|
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^ |
|
|
|
|
|
|
|
|
|
|
|
Removes the docker instance. |
|
|
|
|
|
|
|
|
|
|
|
``bin/kitchen test`` |
|
|
|
|
|
^^^^^^^^^^^^^^^^^^^^ |
|
|
|
|
|
|
|
|
|
|
|
Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``. |
|
|
|
|
|
|
|
|
|
|
|
``bin/kitchen login`` |
|
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^ |
|
|
|
|
|
|
|
|
|
|
|
Gives you SSH access to the instance for manual testing. |