Merge pull request #317 from jameslikeslinux/fix-offline-exec

Set default_zone and log_denied when firewalld is offline
voxpupuli · Aug 24, 2023 · 5206bc1 · 5206bc1
2 parents fd1173c + 79c18db
commit 5206bc1
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -175,8 +175,8 @@
 
   if $default_zone {
     exec { 'firewalld::set_default_zone':
-      command => "firewall-cmd --set-default-zone ${default_zone}",
-      unless  => "[ $(firewall-cmd --get-default-zone) = ${default_zone} ]",
+      command => "firewall-cmd --set-default-zone ${default_zone} || firewall-offline-cmd --set-default-zone ${default_zone}",
+      unless  => "[ $(firewall-cmd --get-default-zone || firewall-offline-cmd --get-default-zone) = ${default_zone} ]",
       require => Service['firewalld'],
     }
 
@@ -185,8 +185,8 @@
 
   if $log_denied {
     exec { 'firewalld::set_log_denied':
-      command => "firewall-cmd --set-log-denied ${log_denied}",
-      unless  => "[ $(firewall-cmd --get-log-denied) = ${log_denied} ]",
+      command => "firewall-cmd --set-log-denied ${log_denied} || firewall-offline-cmd --set-log-denied ${log_denied}",
+      unless  => "[ $(firewall-cmd --get-log-denied || firewall-offline-cmd --get-log-denied) = ${log_denied} ]",
       require => Service['firewalld'],
     }
   }

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -39,8 +39,8 @@
 
     it do
       is_expected.to contain_exec('firewalld::set_default_zone').with(
-        command: 'firewall-cmd --set-default-zone restricted',
-        unless: '[ $(firewall-cmd --get-default-zone) = restricted ]'
+        command: 'firewall-cmd --set-default-zone restricted || firewall-offline-cmd --set-default-zone restricted',
+        unless: '[ $(firewall-cmd --get-default-zone || firewall-offline-cmd --get-default-zone) = restricted ]'
       ).that_requires('Service[firewalld]')
     end
   end
@@ -239,8 +239,8 @@
 
     it do
       is_expected.to contain_exec('firewalld::set_default_zone').with(
-        command: 'firewall-cmd --set-default-zone public',
-        unless: '[ $(firewall-cmd --get-default-zone) = public ]'
+        command: 'firewall-cmd --set-default-zone public || firewall-offline-cmd --set-default-zone public',
+        unless: '[ $(firewall-cmd --get-default-zone || firewall-offline-cmd --get-default-zone) = public ]'
       ).that_requires('Service[firewalld]')
     end
   end
@@ -255,8 +255,8 @@
 
       it do
         is_expected.to contain_exec('firewalld::set_log_denied').with(
-          command: "firewall-cmd --set-log-denied #{cond}",
-          unless: "[ \$\(firewall-cmd --get-log-denied) = #{cond} ]"
+          command: "firewall-cmd --set-log-denied #{cond} || firewall-offline-cmd --set-log-denied #{cond}",
+          unless: "[ \$\(firewall-cmd --get-log-denied || firewall-offline-cmd --get-log-denied) = #{cond} ]"
         ).that_requires('Service[firewalld]')
       end
     end