Update cobbler checksum firewall exec for centos7

This change removes the reference to the iptables init script which no longer exists under CentOS7 and replaces it with a iptables-save that is similar to the way it is done for Debian based systems. Change-Id: Ib6a4b7a87c452e6397d0b708f3408c32c11bd01f Closes-Bug: #1524828
2015-12-10 10:29:43 -07:00 · 2015-12-10 10:29:43 -07:00 · fca6c1dc76
parent 49fe6f9b97
commit fca6c1dc76
2 changed files with 70 additions and 12 deletions
--- a/deployment/puppet/cobbler/manifests/checksum_bootpc.pp
+++ b/deployment/puppet/cobbler/manifests/checksum_bootpc.pp
@ -14,21 +14,25 @@


 class cobbler::checksum_bootpc () {
-  
-  Exec {path => '/usr/bin:/bin:/usr/sbin:/sbin'}
-  
-  case $operatingsystem {
+  case $::operatingsystem {
    /(?i)(centos|redhat)/ : {
-      exec { "checksum_fill_bootpc":
-        command => "iptables -t mangle -A POSTROUTING -p udp --dport 68 -j CHECKSUM --checksum-fill; /etc/init.d/iptables save",
-        unless  => "iptables -t mangle -S POSTROUTING | grep -q \"^-A POSTROUTING -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill\""
-      }
+      $iptables_save_location = '/etc/sysconfig/iptables'
    }
    /(?i)(debian|ubuntu)/ : {
-      exec { "checksum_fill_bootpc":
-        command => "iptables -t mangle -A POSTROUTING -p udp --dport 68 -j CHECKSUM --checksum-fill; iptables-save -c > /etc/iptables.rules",
-        unless  => "iptables -t mangle -S POSTROUTING | grep -q \"^-A POSTROUTING -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill\""
-      }
+      $iptables_save_location = '/etc/iptables.rules'
+    }
+    default: {
+      fail('Unsupported OS')
    }
  }
+
+  # TODO(aschultz): replace this with a proper firewall resource usage which
+  # requires an firewall module verison bump and figure out how to get around
+  # the module not being able to save the rules inside docker (which currently
+  # errors)
+  exec { 'checksum_fill_bootpc':
+    command => "iptables -t mangle -A POSTROUTING -p udp --dport 68 -j CHECKSUM --checksum-fill; iptables-save -c > ${iptables_save_location}", # lint:ignore:80chars
+    path    => '/usr/bin:/bin:/usr/sbin:/sbin',
+    unless  => 'iptables -t mangle -S POSTROUTING | grep -q "^-A POSTROUTING -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill"' # lint:ignore:80chars
+  }
 }
--- a/deployment/puppet/cobbler/spec/classes/cobbler_checksum_bootpc_spec.rb
+++ b/deployment/puppet/cobbler/spec/classes/cobbler_checksum_bootpc_spec.rb
@ -0,0 +1,54 @@
+require 'spec_helper'
+
+describe 'cobbler::checksum_bootpc' do
+
+  let(:default_params) { {
+  } }
+
+  shared_examples_for 'cobbler::checksum_bootpc configuration' do
+    let :params do
+      default_params
+    end
+
+
+    context 'with default params' do
+      let :params do
+        default_params.merge!({})
+      end
+
+      it 'configures with the default params' do
+        if facts[:operatingsystem] == 'RedHat'
+          save_location = '/etc/sysconfig/iptables'
+        elsif facts[:operatingsystem] == 'Debian'
+          save_location = '/etc/iptables.rules'
+        end
+        should contain_exec('checksum_fill_bootpc').with(
+          :command => "iptables -t mangle -A POSTROUTING -p udp --dport 68 -j CHECKSUM --checksum-fill; iptables-save -c > #{save_location}",
+          :unless  => 'iptables -t mangle -S POSTROUTING | grep -q "^-A POSTROUTING -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill"'
+        )
+      end
+    end
+  end
+
+  context 'on Debian platforms' do
+    let :facts do
+      @default_facts.merge({ :osfamily => 'Debian',
+        :operatingsystem => 'Debian',
+      })
+    end
+
+    it_configures 'cobbler::checksum_bootpc configuration'
+  end
+
+  context 'on RedHat platforms' do
+    let :facts do
+      @default_facts.merge({ :osfamily => 'RedHat',
+        :operatingsystem => 'RedHat',
+      })
+    end
+
+    it_configures 'cobbler::checksum_bootpc configuration'
+  end
+
+end
+