From: david22swan Date: Thu, 16 Jun 2022 09:07:06 +0000 (+0100) Subject: (GH-cat-12) Fixes for RedHat 9 X-Git-Tag: v3.6.0~7^2 X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=7334e4172183117b2485fd3c5f0408b3d4608a68;p=puppet-modules%2Fpuppetlabs-firewall.git (GH-cat-12) Fixes for RedHat 9 --- diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp index 1049869..36c455e 100644 --- a/manifests/linux/redhat.pp +++ b/manifests/linux/redhat.pp @@ -41,7 +41,7 @@ class firewall::linux::redhat ( $package_name = $firewall::params::package_name, $package_ensure = $firewall::params::package_ensure, $sysconfig_manage = $firewall::params::sysconfig_manage, - $firewalld_manage = true, + $firewalld_manage = $firewall::params::firewalld_manage, ) inherits ::firewall::params { $_ensure_v6 = pick($ensure_v6, $ensure) $_enable_v6 = pick($enable_v6, $enable) diff --git a/manifests/params.pp b/manifests/params.pp index 3380106..a0cb426 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -13,6 +13,7 @@ class firewall::params { $package_name = undef $iptables_name = 'iptables' $sysconfig_manage = true + $firewalld_manage = true } 'Fedora': { $service_name = 'iptables' @@ -28,32 +29,37 @@ class firewall::params { $package_name = undef } $sysconfig_manage = true + $firewalld_manage = true } default: { if versioncmp($::operatingsystemrelease, '9') >= 0 { $service_name = 'nftables' - $service_name_v6 = undef + $service_name_v6 = 'ip6tables' $package_name = ['iptables-services', 'nftables', 'iptables-nft-services'] $iptables_name = 'iptables' $sysconfig_manage = false + $firewalld_manage = false } elsif versioncmp($::operatingsystemrelease, '8.0') >= 0 { $service_name = ['iptables', 'nftables'] $service_name_v6 = 'ip6tables' $package_name = ['iptables-services', 'nftables'] $iptables_name = 'iptables' $sysconfig_manage = false + $firewalld_manage = true } elsif versioncmp($::operatingsystemrelease, '7.0') >= 0 { $service_name = 'iptables' $service_name_v6 = 'ip6tables' $package_name = 'iptables-services' $iptables_name = 'iptables' $sysconfig_manage = true + $firewalld_manage = true } else { $service_name = 'iptables' $service_name_v6 = 'ip6tables' $package_name = 'iptables-ipv6' $iptables_name = 'iptables' $sysconfig_manage = true + $firewalld_manage = true } } } diff --git a/spec/acceptance/firewall_attributes_exceptions_spec.rb b/spec/acceptance/firewall_attributes_exceptions_spec.rb index 08af13c..921bd93 100644 --- a/spec/acceptance/firewall_attributes_exceptions_spec.rb +++ b/spec/acceptance/firewall_attributes_exceptions_spec.rb @@ -327,12 +327,18 @@ describe 'firewall basics', docker: true do describe 'mac_source' do context 'when 0A:1B:3C:4D:5E:6F' do + # On RHEL 9 this must be lower case, on all others it must be upper case + mac_source = if os[:family] == 'redhat' && os[:release].start_with?('9') + '0a:1b:3c:4d:5e:6f' + else + '0A:1B:3C:4D:5E:6F' + end pp88 = <<-PUPPETCODE class { '::firewall': } firewall { '610 - test': ensure => present, source => '10.1.5.28/32', - mac_source => '0A:1B:3C:4D:5E:6F', + mac_source => '#{mac_source}', chain => 'INPUT', } PUPPETCODE @@ -1015,7 +1021,7 @@ describe 'firewall basics', docker: true do end end - unless (os[:family] == 'redhat' && os[:release].start_with?('5', '6', '8')) || (os[:family] == 'sles') + unless (os[:family] == 'redhat' && os[:release].start_with?('5', '6', '8', '9')) || (os[:family] == 'sles') describe 'time tests' do context 'when set all time parameters' do pp1 = <<-PUPPETCODE diff --git a/spec/acceptance/firewall_attributes_ipv6_exceptions_spec.rb b/spec/acceptance/firewall_attributes_ipv6_exceptions_spec.rb index 216c981..3cf507c 100644 --- a/spec/acceptance/firewall_attributes_ipv6_exceptions_spec.rb +++ b/spec/acceptance/firewall_attributes_ipv6_exceptions_spec.rb @@ -220,7 +220,7 @@ describe 'firewall ipv6 attribute testing, exceptions' do end end - unless os[:family] == 'redhat' && os[:release].start_with?('8') + unless os[:family] == 'redhat' && os[:release].start_with?('8', '9') describe 'time tests' do context 'when set all time parameters' do pp1 = <<-PUPPETCODE diff --git a/spec/acceptance/firewall_attributes_ipv6_happy_path_spec.rb b/spec/acceptance/firewall_attributes_ipv6_happy_path_spec.rb index e2772f2..0515c5c 100644 --- a/spec/acceptance/firewall_attributes_ipv6_happy_path_spec.rb +++ b/spec/acceptance/firewall_attributes_ipv6_happy_path_spec.rb @@ -10,6 +10,13 @@ describe 'firewall attribute testing, happy path', unless: (os[:family] == 'redh describe 'attributes test' do before(:all) do + # On RHEL 9 this must be lower case, on all others it must be upper case + mac_source = if os[:family] == 'redhat' && os[:release].start_with?('9') + '0a:1b:3c:4d:5e:6f' + else + '0A:1B:3C:4D:5E:6F' + end + pp = <<-PUPPETCODE class { '::firewall': } firewall { '571 - hop_limit': @@ -101,7 +108,7 @@ describe 'firewall attribute testing, happy path', unless: (os[:family] == 'redh firewall { '604 - mac_source': ensure => present, source => '2001:db8::1/128', - mac_source => '0A:1B:3C:4D:5E:6F', + mac_source => '#{mac_source}', chain => 'INPUT', provider => 'ip6tables', }