feat: add firewalld management profile
- basic profile to enable/disable, and install/remove - defaulting to enabled and installed, but set to disabled and removed in hiera
This commit is contained in:
@@ -8,6 +8,7 @@ class profiles::base (
|
||||
case $facts['os']['family'] {
|
||||
'RedHat': {
|
||||
include profiles::yum::global
|
||||
include profiles::firewall::firewalld
|
||||
}
|
||||
'Debian': {
|
||||
include profiles::apt::global
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
# Manages the firewalld package and service on RedHat-like distributions.
|
||||
#
|
||||
# @param ensure_package Determines the state of the firewalld package.
|
||||
# Can be set to 'absent' to remove the package or 'installed' to ensure it's present.
|
||||
#
|
||||
# @param ensure_service Determines the state of the firewalld service.
|
||||
# Can be set to 'stopped' to stop the service or 'running' to ensure it's active.
|
||||
#
|
||||
# @param enable_service A boolean that specifies whether to enable or disable the firewalld service on boot.
|
||||
#
|
||||
class profiles::firewall::firewalld (
|
||||
Enum['absent', 'installed'] $ensure_package = 'installed',
|
||||
Enum['stopped', 'running'] $ensure_service = 'running',
|
||||
Boolean $enable_service = true,
|
||||
) {
|
||||
# Ensure it only runs on RedHat like distributions
|
||||
if $facts['os']['family'] == 'RedHat' {
|
||||
|
||||
# Manage the firewalld package
|
||||
package { 'firewalld':
|
||||
ensure => $ensure_package,
|
||||
}
|
||||
|
||||
# Manage the firewalld service
|
||||
service { 'firewalld':
|
||||
ensure => $ensure_service,
|
||||
enable => $enable_service,
|
||||
hasrestart => true,
|
||||
require => Package['firewalld'],
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user