Don't manage iptables if we're in a choot

In chroots, as with diskimage-builder, managing service starts is tricky. Also, we don't need to restart the service then, because the service will get started on boot of the image. Change-Id: Iaf90005039b8196ba3a0ac05c96d71e034f0b0b1
2014-06-25 12:36:21 -04:00 · 2014-06-25 12:36:21 -04:00 · 6ca8392c27
parent 593465a104
commit 6ca8392c27
1 changed files with 18 additions and 9 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -23,12 +23,21 @@ class iptables(
    name   => $::iptables::params::package_name,
  }

-  service { 'iptables':
-    name       => $::iptables::params::service_name,
-    require    => Package['iptables'],
-    hasstatus  => $::iptables::params::service_has_status,
-    status     => $::iptables::params::service_status_cmd,
-    hasrestart => $::iptables::params::service_has_restart,
+  if ($::in_chroot) {
+    notify { 'iptables in chroot':
+      message => 'Iptables not refreshed, running in chroot',
+    }
+    $notify_iptables = []
+  }
+  else {
+    service { 'iptables':
+      name       => $::iptables::params::service_name,
+      require    => Package['iptables'],
+      hasstatus  => $::iptables::params::service_has_status,
+      status     => $::iptables::params::service_status_cmd,
+      hasrestart => $::iptables::params::service_has_restart,
+    }
+    $notify_iptables = Service['iptables']
  }

  file { $::iptables::params::rules_dir:
@ -49,7 +58,7 @@ class iptables(
      File[$::iptables::params::rules_dir],
    ],
    # When this file is updated, make sure the rules get reloaded.
-    notify  => Service['iptables'],
+    notify  => $notify_iptables,
  }

  file { $::iptables::params::ipv4_rules:
@ -59,7 +68,7 @@ class iptables(
    mode    => '0640',
    target  => "${::iptables::params::rules_dir}/rules",
    require => File["${::iptables::params::rules_dir}/rules"],
-    notify  => Service['iptables'],
+    notify  => $notify_iptables,
  }

  file { $::iptables::params::ipv6_rules:
@ -73,7 +82,7 @@ class iptables(
      File[$::iptables::params::rules_dir],
    ],
    # When this file is updated, make sure the rules get reloaded.
-    notify  => Service['iptables'],
+    notify  => $notify_iptables,
    replace => true,
  }
 }