opendev/puppet-iptables
Code Issues Proposed changes

Ensure iptables service is running

Browse Source 
On Ubuntu, the iptables service starts running when it is installed. On
CentOS, that's not the case, and signaling a restart in puppet does not
actually start the service. The result is that while the iptables
service is stopped, `iptables -S` is empty. This patch adds ensure =>
running to the service resources so that iptables behaves the same on
CentOS and Ubuntu.

Change-Id: I0584c988bcebeee5133f85d55f8d389d78ebac70
This commit is contained in:
Colleen Murphy 2018-07-10 20:49:36 +02:00
parent ffe7e12145
commit 73089a0566
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
manifests/init.pp
View File

@ -80,6 +80,7 @@ class iptables(
}
service { 'iptables':
ensure => running,
name => $::iptables::params::service_name,
require => Package['iptables'],
hasstatus => $::iptables::params::service_has_status,
@ -92,6 +93,7 @@ class iptables(
# NOTE(pabelanger): Centos-7 has a dedicated service for ip6tables. Aside
# from the different service name, we keep the same settings as iptables.
service { 'ip6tables':
ensure => running,
name => $::iptables::params::service6_name,
require => Package['iptables'],
hasstatus => $::iptables::params::service_has_status,