Révision cb6f3584
Fix reloads on Debian Stretch
The paths for various binaries are slightly different
| manifests/init.pp | ||
|---|---|---|
| 103 | 103 |
Variant[Boolean[false], Enum['mask']] $firewalld_enable = 'mask', |
| 104 | 104 |
Optional[Array[Pattern[/^(ip|ip6|inet)-[-a-zA-Z0-9_]+$/],1]] $noflush_tables = undef, |
| 105 | 105 |
Stdlib::Unixpath $configuration_path = '/etc/sysconfig/nftables.conf', |
| 106 |
Stdlib::Unixpath $nft_path = '/usr/sbin/nft', |
|
| 107 |
Stdlib::Unixpath $systemctl_path = '/usr/bin/systemctl', |
|
| 108 |
Stdlib::Unixpath $echo_path = '/usr/bin/echo', |
|
| 106 | 109 |
) {
|
| 107 | 110 |
package { 'nftables':
|
| 108 | 111 |
ensure => installed, |
| ... | ... | |
| 131 | 134 |
} ~> exec {
|
| 132 | 135 |
'nft validate': |
| 133 | 136 |
refreshonly => true, |
| 134 |
command => '/usr/sbin/nft -I /etc/nftables/puppet-preflight -c -f /etc/nftables/puppet-preflight.nft || ( /usr/bin/echo "#CONFIG BROKEN" >> /etc/nftables/puppet-preflight.nft && /bin/false)';
|
|
| 137 |
command => "${nft_path} -I /etc/nftables/puppet-preflight -c -f /etc/nftables/puppet-preflight.nft || ( ${echo_path} \"#CONFIG BROKEN\" >> /etc/nftables/puppet-preflight.nft && /bin/false)";
|
|
| 135 | 138 |
} -> file {
|
| 136 | 139 |
default: |
| 137 | 140 |
owner => 'root', |
| ... | ... | |
| 150 | 153 |
ensure => running, |
| 151 | 154 |
enable => true, |
| 152 | 155 |
hasrestart => true, |
| 153 |
restart => '/usr/bin/systemctl reload nftables',
|
|
| 156 |
restart => "${systemctl_path} reload nftables",
|
|
| 154 | 157 |
} |
| 155 | 158 |
|
| 156 | 159 |
$puppet_nft_vars = {
|
| 157 | 160 |
'configuration_path' => $configuration_path, |
| 161 |
'nft_path' => $nft_path, |
|
| 158 | 162 |
} |
| 159 | 163 |
systemd::dropin_file { 'puppet_nft.conf':
|
| 160 | 164 |
ensure => present, |
Formats disponibles : Unified diff