From: Tim Skirvin <tskirvin@fnal.gov>
Date: Mon, 14 Feb 2022 16:23:02 +0000 (-0600)
Subject: CentOS Stream 9 Support (should include RHEL9 when that releases)
X-Git-Tag: v3.5.0~1^2~1
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=d141cbffdb783f6b86561f7d4038067f88c784d8;p=puppet-modules%2Fpuppetlabs-firewall.git

CentOS Stream 9 Support (should include RHEL9 when that releases)
---

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5e0d084..f3bde21 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## Uncommitted
+
+- Initial CentOS Stream 9/RHEL9 Support
+- Added a hook (not good enough yet) for deciding whether we try to remove
+  the firewalld package (we were removing it before, but it's necessary
+  on CS9/RHEL9 hosts)
+
 ## [v3.3.0](https://github.com/puppetlabs/puppetlabs-firewall/tree/v3.3.0) (2021-12-15)
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-firewall/compare/v3.2.0...v3.3.0)
diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
index 6945bbc..1049869 100644
--- a/manifests/linux/redhat.pp
+++ b/manifests/linux/redhat.pp
@@ -41,6 +41,7 @@ class firewall::linux::redhat (
   $package_name     = $firewall::params::package_name,
   $package_ensure   = $firewall::params::package_ensure,
   $sysconfig_manage = $firewall::params::sysconfig_manage,
+  $firewalld_manage = true,
 ) inherits ::firewall::params {
   $_ensure_v6 = pick($ensure_v6, $ensure)
   $_enable_v6 = pick($enable_v6, $enable)
@@ -51,10 +52,12 @@ class firewall::linux::redhat (
   if ($::operatingsystem != 'Amazon')
   and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
   or  ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {
-    service { 'firewalld':
-      ensure => stopped,
-      enable => false,
-      before => [Package[$package_name], Service[$service_name]],
+    if $firewalld_manage {
+      service { 'firewalld':
+        ensure => stopped,
+        enable => false,
+        before => [Package[$package_name], Service[$service_name]],
+      }
     }
   }
 
diff --git a/manifests/params.pp b/manifests/params.pp
index 4f4984d..3380106 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -1,5 +1,5 @@
-# @summary Provides defaults for the Apt module parameters.
-# 
+# @summary Provides defaults for the Apt module parameters
+#
 # @api private
 #
 class firewall::params {
@@ -30,7 +30,13 @@ class firewall::params {
           $sysconfig_manage = true
         }
         default: {
-          if versioncmp($::operatingsystemrelease, '8.0') >= 0 {
+          if versioncmp($::operatingsystemrelease, '9') >= 0 {
+            $service_name = 'nftables'
+            $service_name_v6 = undef
+            $package_name = ['iptables-services', 'nftables', 'iptables-nft-services']
+            $iptables_name = 'iptables'
+            $sysconfig_manage = false
+          } elsif versioncmp($::operatingsystemrelease, '8.0') >= 0 {
             $service_name = ['iptables', 'nftables']
             $service_name_v6 = 'ip6tables'
             $package_name = ['iptables-services', 'nftables']