Projet

Général

Profil

Révision cb6f3584

IDcb6f3584ba181e0e5395e5db30986ce1c673a168
Parent f307977a
Enfant 863b9d93

Ajouté par Kienan Stewart il y a plus de 4 ans

Fix reloads on Debian Stretch

The paths for various binaries are slightly different

Voir les différences:

data/os/Debian/9.yaml
1 
---
2 

  		




  
  3
  
    
nftables::systemctl_path: /bin/systemctl


  		




  
  4
  
    
nftables::echo_path: /bin/echo


  		












  

    
      manifests/init.pp
    
  





  103
  103
  
    
  Variant[Boolean[false], Enum['mask']] $firewalld_enable = 'mask',


  		




  104
  104
  
    
  Optional[Array[Pattern[/^(ip|ip6|inet)-[-a-zA-Z0-9_]+$/],1]] $noflush_tables = undef,


  		




  105
  105
  
    
  Stdlib::Unixpath $configuration_path = '/etc/sysconfig/nftables.conf',


  		




  
  106
  
    
  Stdlib::Unixpath $nft_path = '/usr/sbin/nft',


  		




  
  107
  
    
  Stdlib::Unixpath $systemctl_path = '/usr/bin/systemctl',


  		




  
  108
  
    
  Stdlib::Unixpath $echo_path = '/usr/bin/echo',


  		




  106
  109
  
    
) {


  		




  107
  110
  
    
  package { 'nftables':


  		




  108
  111
  
    
    ensure => installed,


  		




  ......




  131
  134
  
    
  } ~> exec {


  		




  132
  135
  
    
    'nft validate':


  		




  133
  136
  
    
      refreshonly => true,


  		




  134
  
  
    
      command     => '/usr/sbin/nft -I /etc/nftables/puppet-preflight -c -f /etc/nftables/puppet-preflight.nft || ( /usr/bin/echo "#CONFIG BROKEN" >> /etc/nftables/puppet-preflight.nft && /bin/false)';


  		




  
  137
  
    
      command     => "${nft_path} -I /etc/nftables/puppet-preflight -c -f /etc/nftables/puppet-preflight.nft || ( ${echo_path} \"#CONFIG BROKEN\" >> /etc/nftables/puppet-preflight.nft && /bin/false)";


  		




  135
  138
  
    
  } -> file {


  		




  136
  139
  
    
    default:


  		




  137
  140
  
    
      owner => 'root',


  		




  ......




  150
  153
  
    
    ensure     => running,


  		




  151
  154
  
    
    enable     => true,


  		




  152
  155
  
    
    hasrestart => true,


  		




  153
  
  
    
    restart    => '/usr/bin/systemctl reload nftables',


  		




  
  156
  
    
    restart    => "${systemctl_path} reload nftables",


  		




  154
  157
  
    
  }


  		




  155
  158
  
    

  		




  156
  159
  
    
  $puppet_nft_vars = {


  		




  157
  160
  
    
    'configuration_path' => $configuration_path,


  		




  
  161
  
    
    'nft_path'           => $nft_path,


  		




  158
  162
  
    
  }


  		




  159
  163
  
    
  systemd::dropin_file { 'puppet_nft.conf':


  		




  160
  164
  
    
    ensure  => present,


  		












  

    
      templates/systemd/puppet_nft.conf.epp
    
  





  1
  1
  
    
# Puppet Deployed


  		




  2
  2
  
    
[Service]


  		




  3
  3
  
    
ExecStart=


  		




  4
  
  
    
ExecStart=/usr/sbin/nft -I /etc/nftables/puppet -f <%= $configuration_path %>


  		




  
  4
  
    
ExecStart=<%= $nft_path %> -I /etc/nftables/puppet -f <%= $configuration_path %>


  		




  5
  5
  
    
ExecReload=


  		




  6
  
  
    
ExecReload=/usr/sbin/nft -I /etc/nftables/puppet -f <%= $configuration_path %>


  		




  
  6
  
    
ExecReload=<%= $nft_path %> -I /etc/nftables/puppet -f <%= $configuration_path %>


  		












Formats disponibles :  Unified diff