Class: Puppet::Provider::Firewalld

Inherits:
Puppet::Provider
  • Object
show all
Defined in:
lib/puppet/provider/firewalld.rb

Class Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Class Attribute Details

.runningObject

Returns the value of attribute running.



9
10
11
 
# File 'lib/puppet/provider/firewalld.rb', line 9

def running
  @running
end

.runstateObject

Returns the value of attribute runstate.



10
11
12
 
# File 'lib/puppet/provider/firewalld.rb', line 10

def runstate
  @runstate
end

Class Method Details

.available?Boolean

Returns:

  • (Boolean) 


120
121
122
 
# File 'lib/puppet/provider/firewalld.rb', line 120

def self.available?
  !state.nil?
end

.check_running_stateObject 



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/puppet/provider/firewalld.rb', line 28

def self.check_running_state
  debug("Executing --state command - current value #{@state}")
  ret = execute_firewall_cmd(['--state'], nil, false, false, false)
  ret.exitstatus.zero?
rescue Puppet::MissingCommand
  # This exception is caught in case the module is being run before
  # the package provider has installed the firewalld package, if we
  # cannot find the firewalld-cmd command then we silently continue
  # leaving @running set to nil, this will cause it to be re-checked
  # later in the execution process.
  #
  # See: https://github.com/crayfishx/puppet-firewalld/issues/96
  #
  debug('Could not determine state of firewalld because the executable is not available')
  return nil
end

.execute_firewall_cmd(args, zone = nil, perm = true, failonfail = true, check_online = true) ⇒ Object

v3.0.0



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/puppet/provider/firewalld.rb', line 46

def self.execute_firewall_cmd(args, zone = nil, perm = true, failonfail = true, check_online = true)
  if check_online && !online?
    shell_cmd = 'firewall-offline-cmd'
    perm = false
  else
    shell_cmd = 'firewall-cmd'
  end
  cmd_args = []
  cmd_args << '--permanent' if perm
  cmd_args << ['--zone', zone] unless zone.nil?

  # Add the arguments to our command string, removing any quotes, the command
  # provider will sort the quotes out.
  cmd_args << args.flatten.map { |a| a.delete("'") }

  # We can't use the commands short cut as some things, like exists? methods need to
  # allow for the command to fail, and there is no way to override that.  So instead
  # we interact with Puppet::Provider::Command directly to enable us to override
  # the failonfail option
  #
  firewall_cmd = Puppet::Provider::Command.new(
    :firewall_cmd,
    shell_cmd,
    Puppet::Util,
    Puppet::Util::Execution,
    failonfail: failonfail
  )
  firewall_cmd.execute(cmd_args.flatten)
end

.online?Boolean

Returns:

  • (Boolean) 


104
105
106
107
108
109
110
 
# File 'lib/puppet/provider/firewalld.rb', line 104

def self.online?
  # always re-check state unless we are already online:
  # see #117 / 813141cbfebf98c4348b64189cb472b6f3238c99
  # That means, `self.state` will be re-run, even if it has a valid value, such as `false`
  Puppet::Provider::Firewalld.runstate = check_running_state unless state == true
  state == true
end

.stateObject 



17
18
19
20
21
22
 
# File 'lib/puppet/provider/firewalld.rb', line 17

def self.state
  if Puppet::Provider::Firewalld.runstate.nil?
    Puppet::Provider::Firewalld.runstate = check_running_state
  end
  Puppet::Provider::Firewalld.runstate
end

Instance Method Details

#available?Boolean

available? returns a true or false response as to whether firewalld is availabe. unlike online? it will only return false if it is unable to determine the status of firewalld, normally due to the fact that the package isn’t installed yet.

Returns:

  • (Boolean) 


116
117
118
 
# File 'lib/puppet/provider/firewalld.rb', line 116

def available?
  self.class.available?
end

#check_running_stateObject 



24
25
26
 
# File 'lib/puppet/provider/firewalld.rb', line 24

def check_running_state
  self.class.check_running_state
end

#execute_firewall_cmd(args, zone = , perm = true, failonfail = true) ⇒ Object 



76
77
78
 
# File 'lib/puppet/provider/firewalld.rb', line 76

def execute_firewall_cmd(args, zone = @resource[:zone], perm = true, failonfail = true)
  self.class.execute_firewall_cmd(args, zone, perm, failonfail)
end

#offline?Boolean

Returns:

  • (Boolean) 


96
97
98
 
# File 'lib/puppet/provider/firewalld.rb', line 96

def offline?
  state == false || state.nil?
end

#online?Boolean

Returns:

  • (Boolean) 


100
101
102
 
# File 'lib/puppet/provider/firewalld.rb', line 100

def online?
  self.class.online?
end

#parse_args(args) ⇒ Object

Arguments should be parsed as separate array entities, but quoted arg eg –log-prefix ‘IPTABLES DROPPED’ should include the whole quoted part in one element



84
85
86
87
 
# File 'lib/puppet/provider/firewalld.rb', line 84

def parse_args(args)
  args = args.flatten.join(' ') if args.is_a?(Array)
  args.split(%r{(\'[^\']*\'| )}).reject { |r| ['', ' '].include?(r) }
end

#reload_firewallObject

Occasionally we need to restart firewalld in a transient way between resources (eg: services) so the provider needs an an-hoc way of doing this since we can’t do it from the puppet level by notifying the service.



92
93
94
 
# File 'lib/puppet/provider/firewalld.rb', line 92

def reload_firewall
  execute_firewall_cmd(['--reload'], nil, false) if online?
end

#stateObject 



13
14
15
 
# File 'lib/puppet/provider/firewalld.rb', line 13

def state
  self.class.state
end