Class: Puppet::Provider::Firewalld

Inherits:
Puppet::Provider
  • Object
show all
Defined in:
lib/puppet/provider/firewalld.rb

Class Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Class Attribute Details

.runningObject

Returns the value of attribute running.



11
12
13
 
# File 'lib/puppet/provider/firewalld.rb', line 11

def running
  @running
end

.runstateObject

Returns the value of attribute runstate.



11
12
13
 
# File 'lib/puppet/provider/firewalld.rb', line 11

def runstate
  @runstate
end

Class Method Details

.available?Boolean

Returns:

  • (Boolean) 


124
125
126
 
# File 'lib/puppet/provider/firewalld.rb', line 124

def self.available?
  !state.nil?
end

.check_running_stateObject 



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/puppet/provider/firewalld.rb', line 27

def self.check_running_state
  debug("Executing --state command - current value #{@state}")
  ret = execute_firewall_cmd(['--state'], nil, nil, false, false, false)
  ret.exitstatus.zero?
rescue Puppet::MissingCommand
  # This exception is caught in case the module is being run before
  # the package provider has installed the firewalld package, if we
  # cannot find the firewalld-cmd command then we silently continue
  # leaving @running set to nil, this will cause it to be re-checked
  # later in the execution process.
  #
  # See: https://github.com/crayfishx/puppet-firewalld/issues/96
  #
  debug('Could not determine state of firewalld because the executable is not available')
  nil
end

.execute_firewall_cmd(args, zone = nil, policy = nil, perm = true, failonfail = true, check_online = true) ⇒ Object

v3.0.0



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/puppet/provider/firewalld.rb', line 45

def self.execute_firewall_cmd(args, zone = nil, policy = nil, perm = true, failonfail = true, check_online = true)
  if check_online && !online?
    shell_cmd = 'firewall-offline-cmd'
    perm = false
  else
    shell_cmd = 'firewall-cmd'
  end
  cmd_args = []
  cmd_args << '--permanent' if perm
  cmd_args << ['--zone', zone] unless zone.nil?
  cmd_args << ['--policy', policy] unless policy.nil?

  # Add the arguments to our command string, removing any quotes, the command
  # provider will sort the quotes out.
  cmd_args << args.flatten.map { |a| a.delete("'") }

  # We can't use the commands short cut as some things, like exists? methods need to
  # allow for the command to fail, and there is no way to override that.  So instead
  # we interact with Puppet::Provider::Command directly to enable us to override
  # the failonfail option
  #
  firewall_cmd = Puppet::Provider::Command.new(
    :firewall_cmd,
    shell_cmd,
    Puppet::Util,
    Puppet::Util::Execution,
    failonfail: failonfail
  )
  firewall_cmd.execute(cmd_args.flatten)
end

.online?Boolean

Returns:

  • (Boolean) 


108
109
110
111
112
113
114
 
# File 'lib/puppet/provider/firewalld.rb', line 108

def self.online?
  # always re-check state unless we are already online:
  # see #117 / 813141cbfebf98c4348b64189cb472b6f3238c99
  # That means, `self.state` will be re-run, even if it has a valid value, such as `false`
  Puppet::Provider::Firewalld.runstate = check_running_state unless state == true
  state == true
end

.stateObject 



18
19
20
21
 
# File 'lib/puppet/provider/firewalld.rb', line 18

def self.state
  Puppet::Provider::Firewalld.runstate = check_running_state if Puppet::Provider::Firewalld.runstate.nil?
  Puppet::Provider::Firewalld.runstate
end

Instance Method Details

#available?Boolean

available? returns a true or false response as to whether firewalld is availabe. unlike online? it will only return false if it is unable to determine the status of firewalld, normally due to the fact that the package isn’t installed yet.

Returns:

  • (Boolean) 


120
121
122
 
# File 'lib/puppet/provider/firewalld.rb', line 120

def available?
  self.class.available?
end

#check_running_stateObject 



23
24
25
 
# File 'lib/puppet/provider/firewalld.rb', line 23

def check_running_state
  self.class.check_running_state
end

#execute_firewall_cmd(args, zone = , perm = true, failonfail = true) ⇒ Object 



76
77
78
 
# File 'lib/puppet/provider/firewalld.rb', line 76

def execute_firewall_cmd(args, zone = @resource[:zone], perm = true, failonfail = true)
  self.class.execute_firewall_cmd(args, zone, nil, perm, failonfail)
end

#execute_firewall_cmd_policy(args, policy = , perm = true, failonfail = true) ⇒ Object 



80
81
82
 
# File 'lib/puppet/provider/firewalld.rb', line 80

def execute_firewall_cmd_policy(args, policy = @resource[:policy], perm = true, failonfail = true)
  self.class.execute_firewall_cmd(args, nil, policy, perm, failonfail)
end

#offline?Boolean

Returns:

  • (Boolean) 


100
101
102
 
# File 'lib/puppet/provider/firewalld.rb', line 100

def offline?
  state == false || state.nil?
end

#online?Boolean

Returns:

  • (Boolean) 


104
105
106
 
# File 'lib/puppet/provider/firewalld.rb', line 104

def online?
  self.class.online?
end

#parse_args(args) ⇒ Object

Arguments should be parsed as separate array entities, but quoted arg eg –log-prefix ‘IPTABLES DROPPED’ should include the whole quoted part in one element



88
89
90
91
 
# File 'lib/puppet/provider/firewalld.rb', line 88

def parse_args(args)
  args = args.flatten.join(' ') if args.is_a?(Array)
  args.split(%r{('[^']*'| )}).reject { |r| ['', ' '].include?(r) }
end

#reload_firewallObject

Occasionally we need to restart firewalld in a transient way between resources (eg: services) so the provider needs an an-hoc way of doing this since we can’t do it from the puppet level by notifying the service.



96
97
98
 
# File 'lib/puppet/provider/firewalld.rb', line 96

def reload_firewall
  execute_firewall_cmd(['--reload'], nil, false) if online?
end

#stateObject 



14
15
16
 
# File 'lib/puppet/provider/firewalld.rb', line 14

def state
  self.class.state
end