From 73089a0566f59dc7148811746baadeb6fbb137b4 Mon Sep 17 00:00:00 2001
From: Colleen Murphy <colleen.murphy@suse.de>
Date: Tue, 10 Jul 2018 20:49:36 +0200
Subject: [PATCH] Ensure iptables service is running

On Ubuntu, the iptables service starts running when it is installed. On
CentOS, that's not the case, and signaling a restart in puppet does not
actually start the service. The result is that while the iptables
service is stopped, `iptables -S` is empty. This patch adds ensure =>
running to the service resources so that iptables behaves the same on
CentOS and Ubuntu.

Change-Id: I0584c988bcebeee5133f85d55f8d389d78ebac70
---
 manifests/init.pp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manifests/init.pp b/manifests/init.pp
index 0088274..9690e67 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -80,6 +80,7 @@ class iptables(
   }
 
   service { 'iptables':
+    ensure     => running,
     name       => $::iptables::params::service_name,
     require    => Package['iptables'],
     hasstatus  => $::iptables::params::service_has_status,
@@ -92,6 +93,7 @@ class iptables(
     # NOTE(pabelanger): Centos-7 has a dedicated service for ip6tables. Aside
     # from the different service name, we keep the same settings as iptables.
     service { 'ip6tables':
+      ensure     => running,
       name       => $::iptables::params::service6_name,
       require    => Package['iptables'],
       hasstatus  => $::iptables::params::service_has_status,