opendev/puppet-iptables
Code Issues Proposed changes

Ensure iptables service is running

Browse Source 
On Ubuntu, the iptables service starts running when it is installed. On
CentOS, that's not the case, and signaling a restart in puppet does not
actually start the service. The result is that while the iptables
service is stopped, `iptables -S` is empty. This patch adds ensure =>
running to the service resources so that iptables behaves the same on
CentOS and Ubuntu.

Change-Id: I0584c988bcebeee5133f85d55f8d389d78ebac70
This commit is contained in:
Colleen Murphy
2018-07-10 20:49:36 +02:00
parent ffe7e12145
commit aff15ad3da
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
manifests/init.pp
View File

@@ -86,6 +86,7 @@ class iptables(
status => $::iptables::params::service_status_cmd, status => $::iptables::params::service_status_cmd,
hasrestart => $::iptables::params::service_has_restart, hasrestart => $::iptables::params::service_has_restart,
enable => true, enable => true,
ensure => running,
} }
if ($::osfamily == 'RedHat') { if ($::osfamily == 'RedHat') {
@@ -98,6 +99,7 @@ class iptables(
status => $::iptables::params::service_status_cmd, status => $::iptables::params::service_status_cmd,
hasrestart => $::iptables::params::service_has_restart, hasrestart => $::iptables::params::service_has_restart,
enable => true, enable => true,
ensure => running,
subscribe => File["${::iptables::params::rules_dir}/rules"], subscribe => File["${::iptables::params::rules_dir}/rules"],
} }
} }