Révision ce22630b
Remove duplicate flush on reload
When nftables was reloaded a flush was being done both in the systemd
reload call and in the nft script itself.
| spec/classes/nftables_spec.rb | ||
|---|---|---|
| 72 | 72 |
} |
| 73 | 73 |
|
| 74 | 74 |
it {
|
| 75 |
is_expected.to contain_systemd__dropin_file('puppet_nft.conf').with(
|
|
| 76 |
content: %r{^ExecReload=/sbin/nft -I /etc/nftables/puppet -f /etc/sysconfig/nftables.conf$},
|
|
| 77 |
) |
|
| 78 |
} |
|
| 79 |
|
|
| 80 |
it {
|
|
| 75 | 81 |
is_expected.to contain_service('firewalld').with(
|
| 76 | 82 |
ensure: 'stopped', |
| 77 | 83 |
enable: 'mask', |
| ... | ... | |
| 176 | 182 |
end |
| 177 | 183 |
|
| 178 | 184 |
context 'with no nftables fact' do |
| 179 |
it {
|
|
| 180 |
is_expected.to contain_systemd__dropin_file('puppet_nft.conf').
|
|
| 181 |
with_content(%r{^ExecReload.*flush ruleset; include.*$})
|
|
| 182 |
} |
|
| 183 | 185 |
it { is_expected.to contain_file('/etc/nftables/puppet-preflight.nft').with_content(%r{^flush ruleset$}) }
|
| 184 | 186 |
end |
| 185 | 187 |
|
| ... | ... | |
| 189 | 191 |
end |
| 190 | 192 |
|
| 191 | 193 |
it {
|
| 192 |
is_expected.to contain_systemd__dropin_file('puppet_nft.conf').
|
|
| 193 |
with_content(%r{^ExecReload.*flush table inet abc; include.*$})
|
|
| 194 |
} |
|
| 195 |
it {
|
|
| 196 | 194 |
is_expected.to contain_file('/etc/nftables/puppet-preflight.nft').
|
| 197 | 195 |
with_content(%r{^flush table inet abc$})
|
| 198 | 196 |
} |
| ... | ... | |
| 203 | 201 |
end |
| 204 | 202 |
|
| 205 | 203 |
it {
|
| 206 |
is_expected.to contain_systemd__dropin_file('puppet_nft.conf').
|
|
| 207 |
with_content(%r{^ExecReload.*flush table inet abc; flush table inet ijk; include.*$})
|
|
| 208 |
} |
|
| 209 |
it {
|
|
| 210 | 204 |
is_expected.to contain_file('/etc/nftables/puppet-preflight.nft').
|
| 211 | 205 |
with_content(%r{^flush table inet abc; flush table inet ijk$})
|
| 212 | 206 |
} |
Formats disponibles : Unified diff