Merge pull request 'feat: add firewalld management profile' (#31) from neoloc/firewalld into develop

Reviewed-on: unkinben/puppet-prod#31

hieradata/os/AlmaLinux/all_releases.yaml

@@ -2,3 +2,6 @@
 ---
 profiles::yum::base::baseurl: http://almalinux.mirror.digitalpacific.com.au
 profiles::yum::epel::baseurl: http://epel.mirror.digitalpacific.com.au
+profiles::firewall::firewalld::ensure_package: 'absent'
+profiles::firewall::firewalld::ensure_service: 'stopped'
+profiles::firewall::firewalld::enable_service: false

site/profiles/manifests/base.pp

@@ -8,6 +8,7 @@ class profiles::base (
   case $facts['os']['family'] {
     'RedHat': {
       include profiles::yum::global
+      include profiles::firewall::firewalld
     }
     'Debian': {
       include profiles::apt::global

site/profiles/manifests/firewall/firewalld.pp

@@ -0,0 +1,32 @@
+# Manages the firewalld package and service on RedHat-like distributions.
+#
+# @param ensure_package Determines the state of the firewalld package.
+#   Can be set to 'absent' to remove the package or 'installed' to ensure it's present.
+#
+# @param ensure_service Determines the state of the firewalld service.
+#   Can be set to 'stopped' to stop the service or 'running' to ensure it's active.
+#
+# @param enable_service A boolean that specifies whether to enable or disable the firewalld service on boot.
+#
+class profiles::firewall::firewalld (
+  Enum['absent', 'installed'] $ensure_package = 'installed',
+  Enum['stopped', 'running'] $ensure_service = 'running',
+  Boolean $enable_service = true,
+) {
+  # Ensure it only runs on RedHat like distributions
+  if $facts['os']['family'] == 'RedHat' {
+
+    # Manage the firewalld package
+    package { 'firewalld':
+      ensure => $ensure_package,
+    }
+
+    # Manage the firewalld service
+    service { 'firewalld':
+      ensure     => $ensure_service,
+      enable     => $enable_service,
+      hasrestart => true,
+      require    => Package['firewalld'],
+    }
+  }
+}