`chain` or `jump` parameters, the firewall resource will autorequire
those firewallchain resources.
- If Puppet is managing the iptables or iptables-persistent packages, and
- the provider is iptables or ip6tables, the firewall resource will
+ If Puppet is managing the iptables, iptables-persistent, or iptables-services packages,
+ and the provider is iptables or ip6tables, the firewall resource will
autorequire those packages to ensure that any required binaries are
installed.
EOS
autorequire(:package) do
case value(:provider)
when :iptables, :ip6tables
- %w{iptables iptables-persistent}
+ %w{iptables iptables-persistent iptables-services}
else
[]
end
allow it.
**Autorequires:**
- If Puppet is managing the iptables or iptables-persistent packages, and
- the provider is iptables_chain, the firewall resource will autorequire
+ If Puppet is managing the iptables, iptables-persistent, or iptables-services packages,
+ and the provider is iptables_chain, the firewall resource will autorequire
those packages to ensure that any required binaries are installed.
EOS
autorequire(:package) do
case value(:provider)
when :iptables_chain
- %w{iptables iptables-persistent}
+ %w{iptables iptables-persistent iptables-services}
else
[]
end
# RHEL 7 and later and Fedora 15 and later require the iptables-services
# package, which provides the /usr/libexec/iptables/iptables.init used by
# lib/puppet/util/firewall.rb.
- if $::operatingsystem == RedHat and $::operatingsystemrelease >= 7 {
- package { 'iptables-services':
- ensure => present,
+ if ($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
+ or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0) {
+ package { 'firewalld':
+ ensure => absent,
+ before => Package['iptables-services'],
}
- }
- if ($::operatingsystem == 'Fedora' and (( $::operatingsystemrelease =~ /^\d+/ and $::operatingsystemrelease >= 15 ) or $::operatingsystemrelease == "Rawhide")) {
package { 'iptables-services':
- ensure => present,
+ ensure => present,
+ before => Service['iptables'],
}
}
ensure => $ensure,
enable => $enable,
hasstatus => true,
+ require => File['/etc/sysconfig/iptables'],
+ }
+
+ file { '/etc/sysconfig/iptables':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0600',
}
}
require 'spec_helper'
describe 'firewall::linux::redhat', :type => :class do
- it { should contain_service('iptables').with(
- :ensure => 'running',
- :enable => 'true'
- )}
+ %w{RedHat CentOS Fedora}.each do |os|
+ oldreleases = (os == 'Fedora' ? ['14'] : ['6.5'])
+ newreleases = (os == 'Fedora' ? ['15','Rawhide'] : ['7.0.1406'])
- context 'ensure => stopped' do
- let(:params) {{ :ensure => 'stopped' }}
- it { should contain_service('iptables').with(
- :ensure => 'stopped'
- )}
- end
+ oldreleases.each do |osrel|
+ context "os #{os} and osrel #{osrel}" do
+ let(:facts) {{
+ :operatingsystem => os,
+ :operatingsystemrelease => osrel
+ }}
+
+ it { should_not contain_package('firewalld') }
+ it { should_not contain_package('iptables-services') }
+ end
+ end
+
+ newreleases.each do |osrel|
+ context "os #{os} and osrel #{osrel}" do
+ let(:facts) {{
+ :operatingsystem => os,
+ :operatingsystemrelease => osrel
+ }}
+
+ it { should contain_package('firewalld').with(
+ :ensure => 'absent',
+ :before => 'Package[iptables-services]'
+ )}
+
+ it { should contain_package('iptables-services').with(
+ :ensure => 'present',
+ :before => 'Service[iptables]'
+ )}
+ end
+ end
- context 'enable => false' do
- let(:params) {{ :enable => 'false' }}
- it { should contain_service('iptables').with(
- :enable => 'false'
- )}
+ describe 'ensure' do
+ context 'default' do
+ it { should contain_service('iptables').with(
+ :ensure => 'running',
+ :enable => 'true'
+ )}
+ end
+ context 'ensure => stopped' do
+ let(:params) {{ :ensure => 'stopped' }}
+ it { should contain_service('iptables').with(
+ :ensure => 'stopped'
+ )}
+ end
+ context 'enable => false' do
+ let(:params) {{ :enable => 'false' }}
+ it { should contain_service('iptables').with(
+ :enable => 'false'
+ )}
+ end
+ end
end
end
context 'RedHat like' do
%w{RedHat CentOS Fedora}.each do |os|
context "operatingsystem => #{os}" do
- releases = (os == 'Fedora' ? [14,15,'Rawhide'] : [6,7])
+ releases = (os == 'Fedora' ? ['14','15','Rawhide'] : ['6','7'])
releases.each do |osrel|
context "operatingsystemrelease => #{osrel}" do
let(:facts) { facts_default.merge({ :operatingsystem => os,
rel.target.ref.should == @resource.ref
end
- it "provider #{provider} should autorequire packages iptables and iptables-persistent" do
+ it "provider #{provider} should autorequire packages iptables, iptables-persistent, and iptables-services" do
@resource[:provider] = provider
@resource[:provider].should == provider
packages = [
Puppet::Type.type(:package).new(:name => 'iptables'),
- Puppet::Type.type(:package).new(:name => 'iptables-persistent')
+ Puppet::Type.type(:package).new(:name => 'iptables-persistent'),
+ Puppet::Type.type(:package).new(:name => 'iptables-services')
]
catalog = Puppet::Resource::Catalog.new
catalog.add_resource @resource
rel.target.ref.should == resource.ref
end
- it "provider iptables_chain should autorequire packages iptables and iptables-persistent" do
+ it "provider iptables_chain should autorequire packages iptables, iptables-persistent, and iptables-services" do
resource[:provider].should == :iptables_chain
packages = [
Puppet::Type.type(:package).new(:name => 'iptables'),
- Puppet::Type.type(:package).new(:name => 'iptables-persistent')
+ Puppet::Type.type(:package).new(:name => 'iptables-persistent'),
+ Puppet::Type.type(:package).new(:name => 'iptables-services')
]
catalog = Puppet::Resource::Catalog.new
catalog.add_resource resource
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff