Browse Source

Don't manage iptables if we're in a choot

In chroots, as with diskimage-builder, managing service starts is
tricky. Also, we don't need to restart the service then, because
the service will get started on boot of the image.

Change-Id: Iaf90005039b8196ba3a0ac05c96d71e034f0b0b1
changes/39/151039/1
Monty Taylor 5 years ago
parent
commit
6ca8392c27
1 changed files with 18 additions and 9 deletions
  1. 18
    9
      manifests/init.pp

+ 18
- 9
manifests/init.pp View File

@@ -23,12 +23,21 @@ class iptables(
23 23
     name   => $::iptables::params::package_name,
24 24
   }
25 25
 
26
-  service { 'iptables':
27
-    name       => $::iptables::params::service_name,
28
-    require    => Package['iptables'],
29
-    hasstatus  => $::iptables::params::service_has_status,
30
-    status     => $::iptables::params::service_status_cmd,
31
-    hasrestart => $::iptables::params::service_has_restart,
26
+  if ($::in_chroot) {
27
+    notify { 'iptables in chroot':
28
+      message => 'Iptables not refreshed, running in chroot',
29
+    }
30
+    $notify_iptables = []
31
+  }
32
+  else {
33
+    service { 'iptables':
34
+      name       => $::iptables::params::service_name,
35
+      require    => Package['iptables'],
36
+      hasstatus  => $::iptables::params::service_has_status,
37
+      status     => $::iptables::params::service_status_cmd,
38
+      hasrestart => $::iptables::params::service_has_restart,
39
+    }
40
+    $notify_iptables = Service['iptables']
32 41
   }
33 42
 
34 43
   file { $::iptables::params::rules_dir:
@@ -49,7 +58,7 @@ class iptables(
49 58
       File[$::iptables::params::rules_dir],
50 59
     ],
51 60
     # When this file is updated, make sure the rules get reloaded.
52
-    notify  => Service['iptables'],
61
+    notify  => $notify_iptables,
53 62
   }
54 63
 
55 64
   file { $::iptables::params::ipv4_rules:
@@ -59,7 +68,7 @@ class iptables(
59 68
     mode    => '0640',
60 69
     target  => "${::iptables::params::rules_dir}/rules",
61 70
     require => File["${::iptables::params::rules_dir}/rules"],
62
-    notify  => Service['iptables'],
71
+    notify  => $notify_iptables,
63 72
   }
64 73
 
65 74
   file { $::iptables::params::ipv6_rules:
@@ -73,7 +82,7 @@ class iptables(
73 82
       File[$::iptables::params::rules_dir],
74 83
     ],
75 84
     # When this file is updated, make sure the rules get reloaded.
76
-    notify  => Service['iptables'],
85
+    notify  => $notify_iptables,
77 86
     replace => true,
78 87
   }
79 88
 }

Loading…
Cancel
Save