Really stop using firewalld
On some centos7 builds there is no firewalld so we have to be a bit more smarter about how we disable it. New method is to run an exec that stops the service if it is running then use a package resource to uninstall it completely. All of this happens before we install the iptables service so they should not confict with each other. Change-Id: I0750de9e75b63190531a3d39a5fcbb19f8e8c49e
This commit is contained in:
parent
7503162cc4
commit
6097fe5111
|
@ -43,11 +43,15 @@ class iptables(
|
|||
# On centos 7 firewalld and iptables-service confuse each other and you
|
||||
# end up with no firewall rules at all. Disable firewalld so that
|
||||
# iptables-service can be in charge.
|
||||
if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease >= '7') {
|
||||
service { 'firewalld':
|
||||
ensure => 'stopped',
|
||||
enable => false,
|
||||
before => Package['iptables'],
|
||||
if ($::osfamily == 'RedHat') {
|
||||
exec { 'stop-firewalld-if-running':
|
||||
command => '/usr/bin/systemctl stop firewalld',
|
||||
onlyif => '/usr/bin/pgrep firewalld',
|
||||
}
|
||||
package { 'firewalld':
|
||||
ensure => 'purged',
|
||||
require => Exec['stop-firewalld-if-running'],
|
||||
before => Package['iptables'],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue