opendev
/
puppet-iptables
Code Issues Proposed changes

Ensure iptables service is running 

On Ubuntu, the iptables service starts running when it is installed. On
CentOS, that's not the case, and signaling a restart in puppet does not
actually start the service. The result is that while the iptables
service is stopped, `iptables -S` is empty. This patch adds ensure =>
running to the service resources so that iptables behaves the same on
CentOS and Ubuntu.

Change-Id: I0584c988bcebeee5133f85d55f8d389d78ebac70
This commit is contained in:
Colleen Murphy 2018-07-10 20:49:36 +02:00
parent ffe7e12145
commit 73089a0566
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
manifests/init.pp
View File

@ -80,6 +80,7 @@ class iptables(
}
service { 'iptables':
ensure => running,
name => $::iptables::params::service_name,
require => Package['iptables'],
hasstatus => $::iptables::params::service_has_status,
@ -92,6 +93,7 @@ class iptables(
# NOTE(pabelanger): Centos-7 has a dedicated service for ip6tables. Aside
# from the different service name, we keep the same settings as iptables.
service { 'ip6tables':
ensure => running,
name => $::iptables::params::service6_name,
require => Package['iptables'],
hasstatus => $::iptables::params::service_has_status,