Class: Puppet::Provider::Firewalld

Inherits:
Puppet::Provider
  • Object
show all
Defined in:
lib/puppet/provider/firewalld.rb

Class Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(*args) ⇒ Firewalld

Returns a new instance of Firewalld.



15
16
17
18
19
20
 
# File 'lib/puppet/provider/firewalld.rb', line 15

def initialize(*args)
  if state.nil?
    check_running_state
  end
  super
end

Class Attribute Details

.runningObject

Returns the value of attribute running.



11
12
13
 
# File 'lib/puppet/provider/firewalld.rb', line 11

def running
  @running
end

.runstateObject

Returns the value of attribute runstate.



12
13
14
 
# File 'lib/puppet/provider/firewalld.rb', line 12

def runstate
  @runstate
end

Class Method Details

.available?Boolean

Returns:

  • (Boolean) 


126
127
128
129
130
131
132
133
 
# File 'lib/puppet/provider/firewalld.rb', line 126

def self.available?
  check_running_state if state.nil?
  if state.nil?
    return false
  else
    return true
  end
end

.check_running_stateObject 



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/puppet/provider/firewalld.rb', line 34

def self.check_running_state
  begin
    self.debug("Executing --state command - current value #{@state}")
    ret = execute_firewall_cmd(['--state'], nil, false, false)
    Puppet::Provider::Firewalld.runstate = ret.exitstatus == 0 ? true : false
    
  rescue Puppet::MissingCommand => e
    # This exception is caught in case the module is being run before
    # the package provider has installed the firewalld package, if we
    # cannot find the firewalld-cmd command then we silently continue
    # leaving @running set to nil, this will cause it to be re-checked
    # later in the execution process.
    #
    # See: https://github.com/crayfishx/puppet-firewalld/issues/96
    #
    self.debug('Could not determine state of firewalld because the executable is not available')
    return nil
  end
end

.execute_firewall_cmd(args, zone = nil, perm = true, failonfail = true, shell_cmd = 'firewall-cmd') ⇒ Object

v3.0.0



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
# File 'lib/puppet/provider/firewalld.rb', line 55

def self.execute_firewall_cmd(args,  zone=nil, perm=true, failonfail=true, shell_cmd='firewall-cmd')
  cmd_args = []
  cmd_args << '--permanent' if perm
  cmd_args << [ '--zone', zone ] unless zone.nil?

  # Add the arguments to our command string, removing any quotes, the command
  # provider will sort the quotes out.
  cmd_args << args.flatten.map { |a| a.delete("'") }

  # We can't use the commands short cut as some things, like exists? methods need to
  # allow for the command to fail, and there is no way to override that.  So instead
  # we interact with Puppet::Provider::Command directly to enable us to override
  # the failonfail option
  #
  firewall_cmd = Puppet::Provider::Command.new(
    :firewall_cmd,
    shell_cmd,
    Puppet::Util,
    Puppet::Util::Execution,
    { :failonfail => failonfail }
  )
 firewall_cmd.execute(cmd_args.flatten)
end

.stateObject 



26
27
28
 
# File 'lib/puppet/provider/firewalld.rb', line 26

def self.state
  Puppet::Provider::Firewalld.runstate
end

Instance Method Details

#available?Boolean

available? returns a true or false response as to whether firewalld is availabe. unlike online? it will only return false if it is unable to determine the status of firewalld, normally due to the fact that the package isn’t installed yet.

Returns:

  • (Boolean) 


122
123
124
 
# File 'lib/puppet/provider/firewalld.rb', line 122

def available?
  self.class.available?
end

#check_running_stateObject 



30
31
32
 
# File 'lib/puppet/provider/firewalld.rb', line 30

def check_running_state
  self.class.check_running_state
end

#execute_firewall_cmd(args, zone = , perm = true, failonfail = true) ⇒ Object 



81
82
83
84
85
86
87
 
# File 'lib/puppet/provider/firewalld.rb', line 81

def execute_firewall_cmd(args, zone=@resource[:zone], perm=true, failonfail=true)
  if online?
    self.class.execute_firewall_cmd(args, zone, perm, failonfail)
  else
    self.class.execute_firewall_cmd(args, zone, false, failonfail, 'firewall-offline-cmd')
  end
end

#offline?Boolean

Returns:

  • (Boolean) 


108
109
110
111
 
# File 'lib/puppet/provider/firewalld.rb', line 108

def offline?
  check_running_state if state.nil?
  state == false || state.nil?
end

#online?Boolean

Returns:

  • (Boolean) 


113
114
115
116
 
# File 'lib/puppet/provider/firewalld.rb', line 113

def online?
  check_running_state unless state == true
  state == true
end

#parse_args(args) ⇒ Object

Arguments should be parsed as separate array entities, but quoted arg eg –log-prefix ‘IPTABLES DROPPED’ should include the whole quoted part in one element



93
94
95
96
97
98
 
# File 'lib/puppet/provider/firewalld.rb', line 93

def parse_args(args)
  if args.is_a?(Array)
    args = args.flatten.join(" ")
  end
  args.split(/(\'[^\']*\'| )/).reject { |r| [ "", " "].include?(r) }
end

#reload_firewallObject

Occasionally we need to restart firewalld in a transient way between resources (eg: services) so the provider needs an an-hoc way of doing this since we can’t do it from the puppet level by notifying the service.



103
104
105
 
# File 'lib/puppet/provider/firewalld.rb', line 103

def reload_firewall
  execute_firewall_cmd(['--reload'], nil, false) if online?
end

#stateObject 



22
23
24
 
# File 'lib/puppet/provider/firewalld.rb', line 22

def state
  self.class.state
end