]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commitdiff
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: afe3359)
Removing Amazon from the list OSs that are grouped with Red Hat 7.
authorMike Lehner <mlehner616@gmail.com>
Fri, 16 Jan 2015 21:21:59 +0000 (13:21 -0800)
committerMike Lehner <mlehner616@gmail.com>
Thu, 22 Jan 2015 19:21:47 +0000 (11:21 -0800)
Red Hat 7 has diverged from the Amazon system architecture and Amazon
uses a different versioning scheme. It's possible Amazon may re-align
with Red Hat 7 in later releases. Additional logic may be required
when that happens.

Description: Adding an exception for Amazon as the conditions for
RH7 were incorrectly catching Amazon because the version YYYY.MM
will always evaluate to true

lib/puppet/util/firewall.rb patch | blob | history
manifests/linux/redhat.pp patch | blob | history
manifests/params.pp patch | blob | history

diff --git a/lib/puppet/util/firewall.rb b/lib/puppet/util/firewall.rb
index c5a78b859b5e410820c7cb157a2d4e94f8afc71d..34bcd4044935f5ee14cefd989680f4a94d28fdd8 100644 (file)
--- a/lib/puppet/util/firewall.rb
+++ b/lib/puppet/util/firewall.rb
@@ -169,7 +169,7 @@ module Puppet::Util::Firewall
     end
 
     # RHEL 7 and newer also use systemd to persist iptable rules
-    if os_key == 'RedHat' && ['RedHat','CentOS','Scientific','SL','SLC','Ascendos','CloudLinux','PSBM','OracleLinux','OVS','OEL','Amazon','XenServer'].include?(Facter.value(:operatingsystem)) && Facter.value(:operatingsystemrelease).to_i >= 7
+    if os_key == 'RedHat' && ['RedHat','CentOS','Scientific','SL','SLC','Ascendos','CloudLinux','PSBM','OracleLinux','OVS','OEL','XenServer'].include?(Facter.value(:operatingsystem)) && Facter.value(:operatingsystemrelease).to_i >= 7
       os_key = 'Fedora'
     end
 
diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
index b3db4b765e8973b2522dd37a60abb14e151750a7..21e509267941ce50953faebb33947624acada0d1 100644 (file)
--- a/manifests/linux/redhat.pp
+++ b/manifests/linux/redhat.pp
@@ -22,8 +22,9 @@ class firewall::linux::redhat (
   # RHEL 7 and later and Fedora 15 and later require the iptables-services
   # package, which provides the /usr/libexec/iptables/iptables.init used by
   # lib/puppet/util/firewall.rb.
-  if ($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
-  or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0) {
+  if ($::operatingsystem != 'Amazon')
+  and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
+  or  ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {
     service { 'firewalld':
       ensure => stopped,
       enable => false,
diff --git a/manifests/params.pp b/manifests/params.pp
index d990a1ae8f81c0d623f705327a0120ff77102d57..a5f1f61906052304133f8b5a8676afc906e64502 100644 (file)
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -2,6 +2,10 @@ class firewall::params {
   case $::osfamily {
     'RedHat': {
       case $::operatingsystem {
+        'Amazon': {
+          $service_name = 'iptables'
+          $package_name = undef
+        }
         'Archlinux': {
           $service_name = ['iptables','ip6tables']
           $package_name = undef