]>
review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/log
Bryan Jen [Thu, 1 Dec 2016 00:44:11 +0000 (00:44 +0000)]
Fixes unit tests to pass in puppetversion fact.
David Schmitt [Mon, 28 Nov 2016 11:22:41 +0000 (11:22 +0000)]
Re-add RHEL7 SELinux support for puppet3
Eric Putnam [Sun, 20 Nov 2016 20:11:19 +0000 (12:11 -0800)]
Merge pull request #658 from DavidS/modules-4093-fix-iptables-sel-permissions-mgmt-on-rhel7
David Schmitt [Sat, 19 Nov 2016 14:25:35 +0000 (15:25 +0100)]
(MODULES-4093) Tighten SELinux permissions on persistent files
RHEL7's /usr/libexec/iptables/iptables.init creates the /etc/sysconfig/iptables
file with the wrong selinux parameters, causing spurious changes on the next
run:
[root@ns57zjx0zb7s0b5 ~]# rm -f /etc/sysconfig/iptables
[root@ns57zjx0zb7s0b5 ~]# ls -la /etc/sysconfig/iptables
ls: cannot access /etc/sysconfig/iptables: No such file or directory
[root@ns57zjx0zb7s0b5 ~]# iptables -A INPUT --source 8.8.8.8 -j REJECT
[root@ns57zjx0zb7s0b5 ~]# /usr/libexec/iptables/iptables.init save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@ns57zjx0zb7s0b5 ~]# ls -la /etc/sysconfig/iptables
-rw-------. 1 root root 259 Nov 19 06:02 /etc/sysconfig/iptables
[root@ns57zjx0zb7s0b5 ~]# /opt/puppetlabs/bin/puppet apply --verbose selinux.pp
Notice: Compiled catalog for ns57zjx0zb7s0b5.delivery.puppetlabs.net in environment production in 0.08 seconds
Info: Applying configuration version '
1479564151 '
Notice: /Stage[main]/Main/File[/etc/sysconfig/iptables]/seluser: seluser changed 'unconfined_u' to 'system_u'
Notice: /Stage[main]/Main/File[/etc/sysconfig/iptables]/seltype: seltype changed 'etc_t' to 'system_conf_t'
Notice: Applied catalog in 0.03 seconds
[root@ns57zjx0zb7s0b5 ~]# X Error of failed request: RenderBadPicture (invalid Picture parameter)
To fix this, this patch changes the order in which puppet checks the resources.
Instead of managing the persistence file before the service, now we manage the
file after all firewall rules. The firewall provider persists the rules to disk
causing the /etc/sysconfig/iptables file to be created. Managing its
permissions afterwards leads to one-run idempotency.
To see why this change is legal, consider the possible initial states for a
moment:
* fresh install: the /etc/sysconfig/iptables file does not exist
in the previous implementation, puppet would create it empty with the correct
permissions, only to have it overwritten when persisting the firewall rules
* fixed point: the /etc/sysconfig/iptables file already exists with the correct
permissions, and nothing has changed. The order of resource application is
irrelevant
* a firewall rule has changed: the firewall type will persist the rules
changing the permissions to a invalid state, puppet will fix it in the same
agent run.
* the /etc/sysconfig/iptables file is in an invalid state: this might be the
most annoying case. In the original version, puppet would have fixed the file
before touching the service. Now the service could arguably fail to start if
the permissions are really bad. Puppet will still fix the issue, and start
the service on the next run, so I do not consider this to be a big problem.
Eric Putnam [Thu, 10 Nov 2016 19:02:13 +0000 (11:02 -0800)]
Merge pull request #657 from puppetlabs/hunner_msync
Hunter Haugen [Wed, 9 Nov 2016 18:18:33 +0000 (10:18 -0800)]
(MODULES-3704) Update gemfile template to be identical
Eric Putnam [Wed, 2 Nov 2016 23:00:53 +0000 (16:00 -0700)]
mocha version update for test hanging issue
Helen [Thu, 27 Oct 2016 14:56:49 +0000 (15:56 +0100)]
Merge pull request #655 from puppetlabs/Paula_modulesync
Paula McMaw [Thu, 20 Oct 2016 08:47:34 +0000 (09:47 +0100)]
(MODULES-3983) Update parallel_tests for ruby 2.0.0
Bryan Jen [Mon, 17 Oct 2016 16:46:14 +0000 (09:46 -0700)]
Merge pull request #653 from HAIL9000/issue/master/add_oracle5_node_config_file
Hailee Kenney [Mon, 17 Oct 2016 16:09:09 +0000 (17:09 +0100)]
(maint) Add node yaml file for oracle5
Eric Putnam [Wed, 12 Oct 2016 05:03:32 +0000 (22:03 -0700)]
Merge pull request #651 from puppetlabs/modulesync
Update modulesync_config [
51f469d ]
David Schmitt [Mon, 10 Oct 2016 13:20:42 +0000 (14:20 +0100)]
Update modulesync_config [
51f469d ]
TP Honey [Tue, 30 Aug 2016 09:27:28 +0000 (10:27 +0100)]
Merge pull request #648 from puppetlabs/modulesync
Update modulesync_config [
a3fe424 ]
David Schmitt [Fri, 26 Aug 2016 07:28:58 +0000 (09:28 +0200)]
Update modulesync_config [
a3fe424 ]
TP Honey [Fri, 29 Jul 2016 10:29:35 +0000 (11:29 +0100)]
Merge pull request #645 from puppetlabs/update-modulesync
(MAINT) Update for modulesync_config
72d19f184
David Schmitt [Wed, 27 Jul 2016 14:43:52 +0000 (15:43 +0100)]
(MAINT) Update for modulesync_config
72d19f184
Hunter Haugen [Wed, 20 Jul 2016 21:28:19 +0000 (14:28 -0700)]
Merge pull request #644 from ianand0204/master
Ian Anderson [Thu, 14 Jul 2016 18:30:12 +0000 (11:30 -0700)]
Implemented paramters for NFQUEUE jump target
TP Honey [Fri, 8 Jul 2016 13:55:56 +0000 (14:55 +0100)]
Merge pull request #643 from DavidS/modulesync
(MODULES-3581) modulesync [
067d08a ]
David Schmitt [Fri, 8 Jul 2016 12:34:09 +0000 (13:34 +0100)]
(MODULES-3581) modulesync [
067d08a ]
David Schmitt [Thu, 30 Jun 2016 12:45:41 +0000 (13:45 +0100)]
Merge pull request #642 from puppetlabs/modulesync
{maint} modulesync
0794b2c
tphoney [Thu, 30 Jun 2016 12:18:19 +0000 (13:18 +0100)]
{maint} modulesync
0794b2c
Hunter Haugen [Fri, 10 Jun 2016 00:18:42 +0000 (17:18 -0700)]
Merge pull request #638 from bmjen/add-xenial
Bryan Jen [Fri, 10 Jun 2016 00:09:54 +0000 (17:09 -0700)]
(QENG-3973) Adds Xenial nodesets for aio and pe
Hunter Haugen [Wed, 1 Jun 2016 16:11:30 +0000 (09:11 -0700)]
Merge pull request #636 from puppetlabs/1.8.x
JT (Jonny) [Mon, 16 May 2016 12:41:51 +0000 (13:41 +0100)]
Merge pull request #615 from nabam/multiple-ipset
Bryan Jen [Wed, 11 May 2016 20:23:38 +0000 (13:23 -0700)]
Merge pull request #635 from hunner/prep_1.8.1
Hunter Haugen [Mon, 25 Apr 2016 17:49:35 +0000 (10:49 -0700)]
(maint) Remove nat flush
Bryan Jen [Wed, 11 May 2016 18:50:25 +0000 (11:50 -0700)]
Merge pull request #633 from hunner/prep_1.8.1
David Schmitt [Wed, 20 Apr 2016 13:56:35 +0000 (14:56 +0100)]
(maint) re-add the local nodesets
Bryan Jen [Mon, 9 May 2016 22:26:27 +0000 (15:26 -0700)]
Merge pull request #632 from hunner/prep_1.8.1
Hunter Haugen [Mon, 9 May 2016 20:59:39 +0000 (13:59 -0700)]
Prep 1.8.1
David Schmitt [Wed, 13 Apr 2016 19:49:43 +0000 (20:49 +0100)]
Update to newest modulesync_configs [
9ca280f ]
David Schmitt [Mon, 18 Apr 2016 18:10:21 +0000 (19:10 +0100)]
(maint) remove UNSUPPORTED_PLATFORMS filter and improve spec description
David Schmitt [Thu, 14 Apr 2016 09:58:21 +0000 (10:58 +0100)]
(maint) fix specs to run under STRICT_VARIABLES
Bryan Jen [Mon, 9 May 2016 21:02:59 +0000 (14:02 -0700)]
Merge pull request #631 from hunner/prep_1.8.1
Hunter Haugen [Mon, 9 May 2016 20:59:39 +0000 (13:59 -0700)]
Prep 1.8.1
jbondpdx [Wed, 27 Apr 2016 20:22:10 +0000 (13:22 -0700)]
DOC-2683: adding known issue
JT (Jonny) [Fri, 6 May 2016 11:09:51 +0000 (12:09 +0100)]
Merge pull request #627 from jbondpdx/master
Hunter Haugen [Thu, 5 May 2016 18:28:05 +0000 (11:28 -0700)]
Merge pull request #630 from shumbert/modules-3329
Simon Humbert [Thu, 5 May 2016 15:59:42 +0000 (11:59 -0400)]
update README.markdown and add tests in spec/fixtures/iptables/conversion_hash.rb
Simon Humbert [Tue, 3 May 2016 21:18:50 +0000 (17:18 -0400)]
adding iptables string matching extension
Simon Humbert [Tue, 3 May 2016 21:11:29 +0000 (17:11 -0400)]
update handling of length property
Simon Humbert [Tue, 3 May 2016 21:04:19 +0000 (17:04 -0400)]
adding iptables length extension
jbondpdx [Wed, 27 Apr 2016 20:22:10 +0000 (13:22 -0700)]
DOC-2683: adding known issue
Hunter Haugen [Mon, 25 Apr 2016 23:03:03 +0000 (16:03 -0700)]
Merge pull request #624 from broadinstitute/freebsd
Bryan Jen [Mon, 25 Apr 2016 19:59:56 +0000 (14:59 -0500)]
Merge pull request #625 from hunner/fix_flush
Hunter Haugen [Mon, 25 Apr 2016 17:49:35 +0000 (10:49 -0700)]
(maint) Remove nat flush
Riccardo Calixte [Fri, 8 Apr 2016 15:34:47 +0000 (11:34 -0400)]
allow FreeBSD when dependencies require this class
Greg Hardy [Wed, 20 Apr 2016 15:56:24 +0000 (16:56 +0100)]
Merge pull request #623 from DavidS/restore-local-nodesets
David Schmitt [Wed, 20 Apr 2016 13:56:35 +0000 (14:56 +0100)]
(maint) re-add the local nodesets
Greg Hardy [Tue, 19 Apr 2016 10:27:10 +0000 (11:27 +0100)]
Merge pull request #622 from puppetlabs/update-msync
Update to newest modulesync_configs [
9ca280f ]
David Schmitt [Wed, 13 Apr 2016 19:49:43 +0000 (20:49 +0100)]
Update to newest modulesync_configs [
9ca280f ]
David Schmitt [Mon, 18 Apr 2016 18:10:21 +0000 (19:10 +0100)]
(maint) remove UNSUPPORTED_PLATFORMS filter and improve spec description
David Schmitt [Thu, 14 Apr 2016 09:58:21 +0000 (10:58 +0100)]
(maint) fix specs to run under STRICT_VARIABLES
TP Honey [Thu, 7 Apr 2016 13:18:02 +0000 (14:18 +0100)]
Merge pull request #621 from mmckinst/align_text
Mark McKinstry [Thu, 7 Apr 2016 01:18:02 +0000 (21:18 -0400)]
align text properly
JT (Jonny) [Fri, 1 Apr 2016 10:02:37 +0000 (11:02 +0100)]
Merge pull request #619 from alexharv074/fix_up_rspec_deprecation_warnings
Alex Harvey [Wed, 30 Mar 2016 03:34:35 +0000 (14:34 +1100)]
Fix up all rspec deprecation warnings.
David Schmitt [Wed, 30 Mar 2016 14:58:06 +0000 (15:58 +0100)]
Merge pull request #620 from jonnytpuppet/rspec_puppet_pin
Jonathan Tripathy [Wed, 30 Mar 2016 13:36:27 +0000 (14:36 +0100)]
Pinned rspec_puppet to 2.3.2
Alex Harvey [Tue, 29 Mar 2016 15:32:37 +0000 (02:32 +1100)]
Add a test.
Hunter Haugen [Thu, 17 Mar 2016 16:00:30 +0000 (09:00 -0700)]
Merge pull request #617 from jpnc/master
James Pannacciulli [Mon, 14 Mar 2016 22:24:16 +0000 (15:24 -0700)]
Add VirtuozzoLinux to the RedHat family
Hunter Haugen [Fri, 11 Mar 2016 00:53:57 +0000 (16:53 -0800)]
Merge pull request #616 from mmckinst/align_more_arrows
Lev Popov [Tue, 8 Mar 2016 22:07:01 +0000 (01:07 +0300)]
support for multiple ipsets in a rule
Mark McKinstry [Tue, 8 Mar 2016 23:01:25 +0000 (18:01 -0500)]
align arrows
Hunter Haugen [Tue, 8 Mar 2016 18:26:30 +0000 (10:26 -0800)]
Merge pull request #614 from mmckinst/align_arrow
Mark McKinstry [Tue, 8 Mar 2016 17:45:28 +0000 (12:45 -0500)]
align arrows
Hunter Haugen [Thu, 3 Mar 2016 19:50:05 +0000 (11:50 -0800)]
Merge pull request #612 from pulecp/master
Pavel Pulec [Thu, 3 Mar 2016 16:08:43 +0000 (17:08 +0100)]
match rules with -m ttl
TP Honey [Thu, 18 Feb 2016 16:10:55 +0000 (16:10 +0000)]
Merge pull request #611 from puppetlabs/1.8.x
Hunter Haugen [Wed, 17 Feb 2016 18:06:51 +0000 (10:06 -0800)]
Merge pull request #610 from UNINETT/master
Morten Brekkevold [Wed, 17 Feb 2016 12:07:24 +0000 (13:07 +0100)]
Add ip protocol to puppetlabs-firewall
Morten Brekkevold [Wed, 17 Feb 2016 11:59:47 +0000 (12:59 +0100)]
Add pim protocol to puppetlabs-firewall
Hunter Haugen [Tue, 16 Feb 2016 22:04:00 +0000 (14:04 -0800)]
Merge pull request #609 from bmjen/fix-ver
Bryan Jen [Tue, 16 Feb 2016 22:02:56 +0000 (15:02 -0700)]
Fixes version in metadata
TP Honey [Tue, 16 Feb 2016 17:03:42 +0000 (17:03 +0000)]
Merge pull request #607 from DavidS/fm-4046-update-msync
(FM-4046) Update to current msync configs [
006831f ]
David Schmitt [Tue, 16 Feb 2016 16:00:12 +0000 (16:00 +0000)]
(FM-4046) Update to current msync configs [
006831f ]
This moves all copyright statements to the NOTICE file in accordance with the ASFs guidelines on applying the Apache-2.0 license.
Hunter Haugen [Thu, 11 Feb 2016 23:12:40 +0000 (15:12 -0800)]
Merge pull request #606 from aequitas/master
Johan Bloemberg [Thu, 11 Feb 2016 20:22:11 +0000 (21:22 +0100)]
Add support for goto argument.
Jonathan Tripathy [Tue, 9 Feb 2016 13:01:53 +0000 (13:01 +0000)]
Release Prep 1.8.0
Hunter Haugen [Wed, 10 Feb 2016 14:47:47 +0000 (06:47 -0800)]
Merge pull request #605 from jonnytpuppet/modules-2159
Jonathan Tripathy [Wed, 10 Feb 2016 14:31:20 +0000 (14:31 +0000)]
Updated acceptance test for modules-2159
JT (Jonny) [Wed, 10 Feb 2016 14:16:46 +0000 (14:16 +0000)]
Merge pull request #602 from uobnetops/MODULES-2159
TP Honey [Wed, 10 Feb 2016 10:57:31 +0000 (10:57 +0000)]
Merge pull request #604 from jonnytpuppet/facter_flush
Jonathan Tripathy [Wed, 10 Feb 2016 10:49:15 +0000 (10:49 +0000)]
Made Facter flushing specific to a single fact.
Hunter Haugen [Tue, 9 Feb 2016 16:53:04 +0000 (08:53 -0800)]
Merge pull request #603 from jonnytpuppet/modules-3032
Jonathan Tripathy [Tue, 9 Feb 2016 16:11:40 +0000 (16:11 +0000)]
(MODULES 3932) - We need to call Facter.flush to clear Facter cache to
TP Honey [Wed, 3 Feb 2016 15:48:59 +0000 (15:48 +0000)]
Merge pull request #583 from cristifalcas/update_iptables
Cristian Falcas [Wed, 25 Nov 2015 12:26:10 +0000 (14:26 +0200)]
allow iptables package to be updated
Paul Seward [Mon, 1 Feb 2016 12:05:39 +0000 (12:05 +0000)]
(MODULES-2159) ignore the --connlimit-saddr switch when parsing rules
Hunter Haugen [Wed, 27 Jan 2016 16:36:48 +0000 (08:36 -0800)]
Merge pull request #599 from DavidS/fm-4049-update-msync
David Schmitt [Mon, 25 Jan 2016 16:01:02 +0000 (16:01 +0000)]
(FM-4049) Update to current msync configs [
2c99161 ]
Helen [Fri, 22 Jan 2016 15:56:57 +0000 (15:56 +0000)]
Merge pull request #600 from jonnytpuppet/gem_version_workaround
Jonathan Tripathy [Fri, 22 Jan 2016 14:36:40 +0000 (14:36 +0000)]
Workaround for https://github.com/bundler/bundler/issues/3187
David Schmitt [Thu, 21 Jan 2016 15:54:56 +0000 (15:54 +0000)]
Merge pull request #598 from jonnytpuppet/add_debian_8_nodesets
Jonathan Tripathy [Thu, 21 Jan 2016 15:47:26 +0000 (15:47 +0000)]
Added Debian 8 nodesets
David Schmitt [Thu, 21 Jan 2016 14:54:33 +0000 (14:54 +0000)]
Merge pull request #597 from jonnytpuppet/rspec_core_update
Code Review / puppet-modules / puppetlabs-firewall.git / log