Don't manage iptables if we're in a choot
In chroots, as with diskimage-builder, managing service starts is tricky. Also, we don't need to restart the service then, because the service will get started on boot of the image. Change-Id: Iaf90005039b8196ba3a0ac05c96d71e034f0b0b1
This commit is contained in:
Monty Taylor
@@ -23,6 +23,13 @@ class iptables(
|
|||||||
name => $::iptables::params::package_name,
|
name => $::iptables::params::package_name,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($::in_chroot) {
|
||||||
|
notify { 'iptables in chroot':
|
||||||
|
message => 'Iptables not refreshed, running in chroot',
|
||||||
|
}
|
||||||
|
$notify_iptables = []
|
||||||
|
}
|
||||||
|
else {
|
||||||
service { 'iptables':
|
service { 'iptables':
|
||||||
name => $::iptables::params::service_name,
|
name => $::iptables::params::service_name,
|
||||||
require => Package['iptables'],
|
require => Package['iptables'],
|
||||||
@@ -30,6 +37,8 @@ class iptables(
|
|||||||
status => $::iptables::params::service_status_cmd,
|
status => $::iptables::params::service_status_cmd,
|
||||||
hasrestart => $::iptables::params::service_has_restart,
|
hasrestart => $::iptables::params::service_has_restart,
|
||||||
}
|
}
|
||||||
|
$notify_iptables = Service['iptables']
|
||||||
|
}
|
||||||
|
|
||||||
file { $::iptables::params::rules_dir:
|
file { $::iptables::params::rules_dir:
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
@@ -49,7 +58,7 @@ class iptables(
|
|||||||
File[$::iptables::params::rules_dir],
|
File[$::iptables::params::rules_dir],
|
||||||
],
|
],
|
||||||
# When this file is updated, make sure the rules get reloaded.
|
# When this file is updated, make sure the rules get reloaded.
|
||||||
notify => Service['iptables'],
|
notify => $notify_iptables,
|
||||||
}
|
}
|
||||||
|
|
||||||
file { $::iptables::params::ipv4_rules:
|
file { $::iptables::params::ipv4_rules:
|
||||||
@@ -59,7 +68,7 @@ class iptables(
|
|||||||
mode => '0640',
|
mode => '0640',
|
||||||
target => "${::iptables::params::rules_dir}/rules",
|
target => "${::iptables::params::rules_dir}/rules",
|
||||||
require => File["${::iptables::params::rules_dir}/rules"],
|
require => File["${::iptables::params::rules_dir}/rules"],
|
||||||
notify => Service['iptables'],
|
notify => $notify_iptables,
|
||||||
}
|
}
|
||||||
|
|
||||||
file { $::iptables::params::ipv6_rules:
|
file { $::iptables::params::ipv6_rules:
|
||||||
@@ -73,7 +82,7 @@ class iptables(
|
|||||||
File[$::iptables::params::rules_dir],
|
File[$::iptables::params::rules_dir],
|
||||||
],
|
],
|
||||||
# When this file is updated, make sure the rules get reloaded.
|
# When this file is updated, make sure the rules get reloaded.
|
||||||
notify => Service['iptables'],
|
notify => $notify_iptables,
|
||||||
replace => true,
|
replace => true,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user