From: Mike Lehner <mlehner616@gmail.com>
Date: Fri, 16 Jan 2015 21:21:59 +0000 (-0800)
Subject: Removing Amazon from the list OSs that are grouped with Red Hat 7.
X-Git-Tag: 1.4.0~9^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=16ab79d6248a72c89f5cf85edd96c21f9cf7a865;p=puppet-modules%2Fpuppetlabs-firewall.git

Removing Amazon from the list OSs that are grouped with Red Hat 7.
Red Hat 7 has diverged from the Amazon system architecture and Amazon
uses a different versioning scheme. It's possible Amazon may re-align
with Red Hat 7 in later releases. Additional logic may be required
when that happens.

Description: Adding an exception for Amazon as the conditions for
RH7 were incorrectly catching Amazon because the version YYYY.MM
will always evaluate to true
---

diff --git a/lib/puppet/util/firewall.rb b/lib/puppet/util/firewall.rb
index c5a78b8..34bcd40 100644
--- a/lib/puppet/util/firewall.rb
+++ b/lib/puppet/util/firewall.rb
@@ -169,7 +169,7 @@ module Puppet::Util::Firewall
     end
 
     # RHEL 7 and newer also use systemd to persist iptable rules
-    if os_key == 'RedHat' && ['RedHat','CentOS','Scientific','SL','SLC','Ascendos','CloudLinux','PSBM','OracleLinux','OVS','OEL','Amazon','XenServer'].include?(Facter.value(:operatingsystem)) && Facter.value(:operatingsystemrelease).to_i >= 7
+    if os_key == 'RedHat' && ['RedHat','CentOS','Scientific','SL','SLC','Ascendos','CloudLinux','PSBM','OracleLinux','OVS','OEL','XenServer'].include?(Facter.value(:operatingsystem)) && Facter.value(:operatingsystemrelease).to_i >= 7
       os_key = 'Fedora'
     end
 
diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
index b3db4b7..21e5092 100644
--- a/manifests/linux/redhat.pp
+++ b/manifests/linux/redhat.pp
@@ -22,8 +22,9 @@ class firewall::linux::redhat (
   # RHEL 7 and later and Fedora 15 and later require the iptables-services
   # package, which provides the /usr/libexec/iptables/iptables.init used by
   # lib/puppet/util/firewall.rb.
-  if ($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
-  or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0) {
+  if ($::operatingsystem != 'Amazon')
+  and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
+  or  ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {
     service { 'firewalld':
       ensure => stopped,
       enable => false,
diff --git a/manifests/params.pp b/manifests/params.pp
index d990a1a..a5f1f61 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -2,6 +2,10 @@ class firewall::params {
   case $::osfamily {
     'RedHat': {
       case $::operatingsystem {
+        'Amazon': {
+          $service_name = 'iptables'
+          $package_name = undef
+        }
         'Archlinux': {
           $service_name = ['iptables','ip6tables']
           $package_name = undef