(CONT-256) Removing outdated code

Prior to this commit, the firewall modules had multiple instances of
outdated code.

This commit aims to clean-up some of that code to keep the module clean
and readable.

diff --git a/lib/facter/iptables_persistent_version.rb b/lib/facter/iptables_persistent_version.rb
index fc0d420deeb881c1ab66c7ae30c896e23543ebc7..5f3598cecc71d518cdd2006beb646b2056df841c 100644 (file)
--- a/lib/facter/iptables_persistent_version.rb
+++ b/lib/facter/iptables_persistent_version.rb
@@ -5,15 +5,7 @@ Facter.add(:iptables_persistent_version) do
   setcode do
     # Throw away STDERR because dpkg >= 1.16.7 will make some noise if the
     # package isn't currently installed.
-    os = Facter.value(:operatingsystem)
-    os_release = Facter.value(:operatingsystemrelease)
-    cmd = if (os == 'Debian' && (Puppet::Util::Package.versioncmp(os_release, '8.0') >= 0)) ||
-             (os == 'Ubuntu' && (Puppet::Util::Package.versioncmp(os_release, '14.10') >= 0)) ||
-             (os == 'Debian' && (Puppet::Util::Package.versioncmp(os_release, 'unstable') >= 0))
-            "dpkg-query -Wf '${Version}' netfilter-persistent 2>/dev/null"
-          else
-            "dpkg-query -Wf '${Version}' iptables-persistent 2>/dev/null"
-          end
+    cmd = "dpkg-query -Wf '${Version}' netfilter-persistent 2>/dev/null"
     version = Facter::Core::Execution.execute(cmd)
 
     if version.nil? || !version.match(%r{\d+\.\d+})

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index d19c3d4cdc053a19292ba28b3eb3d65112528ce2..d79066d9cc4a6cda875870135d25566d49556d36 100644 (file)
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -2342,12 +2342,9 @@ Puppet::Type.newtype(:firewall) do
     end
   end
 
-  # autobefore is only provided since puppet 4.0
-  if Puppet::Util::Package.versioncmp(Puppet.version, '4.0') >= 0
-    # On RHEL 7 this needs to be threaded correctly to manage SE Linux permissions after persisting the rules
-    autobefore(:file) do
-      ['/etc/sysconfig/iptables', '/etc/sysconfig/ip6tables']
-    end
+  # On RHEL 7 this needs to be threaded correctly to manage SE Linux permissions after persisting the rules
+  autobefore(:file) do
+    ['/etc/sysconfig/iptables', '/etc/sysconfig/ip6tables']
   end
 
   validate do

diff --git a/manifests/linux/debian.pp b/manifests/linux/debian.pp
index f6bf76d4ebc8bc15741ddb8f8b87b337b2dcaf0f..07f1c43ba9882fb7e79d5a2b6dd1a47f0d040d83 100644 (file)
--- a/manifests/linux/debian.pp
+++ b/manifests/linux/debian.pp
@@ -25,39 +25,16 @@ class firewall::linux::debian (
   $package_name   = $firewall::params::package_name,
   $package_ensure = $firewall::params::package_ensure,
 ) inherits ::firewall::params {
-  if $package_name {
-    #Fixes hang while installing iptables-persistent on debian 8
-    exec { 'iptables-persistent-debconf':
-      command     => "/bin/echo \"${package_name} ${package_name}/autosave_v4 boolean false\" |
-                      /usr/bin/debconf-set-selections && /bin/echo \"${package_name} ${package_name}/autosave_v6 boolean false\" |
-                      /usr/bin/debconf-set-selections",
+  ensure_packages([$package_name], {
+      ensure  => $package_ensure
+  })
 
-      refreshonly => true,
-    }
-    ensure_packages([$package_name], {
-        ensure  => $package_ensure,
-        require => Exec['iptables-persistent-debconf']
-    })
-  }
-
-  if($::operatingsystemrelease =~ /^6\./ and $enable == true and $::iptables_persistent_version
-  and versioncmp($::iptables_persistent_version, '0.5.0') < 0) {
-    # This fixes a bug in the iptables-persistent LSB headers in 6.x, without it
-    # we lose idempotency
-    exec { 'iptables-persistent-enable':
-      logoutput => on_failure,
-      command   => '/usr/sbin/update-rc.d iptables-persistent enable',
-      unless    => '/usr/bin/test -f /etc/rcS.d/S*iptables-persistent',
-      require   => Package[$package_name],
-    }
-  } else {
-    # This isn't a real service/daemon. The start action loads rules, so just
-    # needs to be called on system boot.
-    service { $service_name:
-      ensure    => undef,
-      enable    => $enable,
-      hasstatus => true,
-      require   => Package[$package_name],
-    }
+  # This isn't a real service/daemon. The start action loads rules, so just
+  # needs to be called on system boot.
+  service { $service_name:
+    ensure    => undef,
+    enable    => $enable,
+    hasstatus => true,
+    require   => Package[$package_name],
   }
 }

diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
index 36c455e6ee9025d34694ee73cbe676b7e53332c4..902dd990f7aeff2f7e786b3fe5b6d0ab2eff33bc 100644 (file)
--- a/manifests/linux/redhat.pp
+++ b/manifests/linux/redhat.pp
@@ -49,9 +49,7 @@ class firewall::linux::redhat (
   # RHEL 7 / CentOS 7 and later and Fedora 15 and later require the iptables-services
   # package, which provides the /usr/libexec/iptables/iptables.init used by
   # lib/puppet/util/firewall.rb.
-  if ($::operatingsystem != 'Amazon')
-  and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
-  or  ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {
+  if ($::operatingsystem != 'Amazon') {
     if $firewalld_manage {
       service { 'firewalld':
         ensure => stopped,
@@ -74,9 +72,7 @@ class firewall::linux::redhat (
     )
   }
 
-  if ($::operatingsystem != 'Amazon')
-  and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
-  or  ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {
+  if ($::operatingsystem != 'Amazon') {
     if $ensure == 'running' {
       exec { '/usr/bin/systemctl daemon-reload':
         require     => Package[$package_name],
@@ -134,13 +130,6 @@ class firewall::linux::redhat (
       }
     }
 
-    # Before puppet 4, the autobefore on the firewall type does not work - therefore
-    # we need to keep this workaround here
-    if versioncmp($::puppetversion, '4.0') <= 0 {
-      File<| title == "/etc/sysconfig/${service_name}" |> -> Service<| title == $service_name |>
-      File<| title == "/etc/sysconfig/${service_name_v6}" |> -> Service<| title == $service_name_v6 |>
-    }
-
     # Redhat 7 selinux user context for /etc/sysconfig/iptables is set to system_u
     # Redhat 7 selinux type context for /etc/sysconfig/iptables is set to system_conf_t
     case $::selinux {
@@ -149,11 +138,6 @@ class firewall::linux::redhat (
         case $::operatingsystem {
           'CentOS': {
             case $::operatingsystemrelease {
-              /^5\..*/: {
-                $seluser = 'system_u'
-                $seltype = 'etc_t'
-              }
-
               /^6\..*/: {
                 $seluser = 'unconfined_u'
                 $seltype = 'system_conf_t'

diff --git a/manifests/params.pp b/manifests/params.pp
index a0cb426cd915a146a5bdd6ab400b6b487d269b68..bbd0a56421f0b187015e2d6f65f77f936047fa99 100644 (file)
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -21,9 +21,6 @@ class firewall::params {
           if versioncmp($::operatingsystemrelease, '34') >= 0 {
             $package_name = 'iptables-services'
             $iptables_name = 'iptables-compat'
-          } elsif versioncmp($::operatingsystemrelease, '15') >= 0 {
-            $package_name = 'iptables-services'
-            $iptables_name = 'iptables'
           } else {
             $iptables_name = 'iptables'
             $package_name = undef