diff options
author | Micah <micah@leap.se> | 2016-04-25 16:52:54 -0300 |
---|---|---|
committer | Micah <micah@leap.se> | 2016-04-27 09:48:16 -0300 |
commit | e0e3bc3478b3b7ca1afe24ff7e44dbdfa384ea44 (patch) | |
tree | e173a3b56dd21b164b1912cfee87a9e6007f5376 | |
parent | 91dd5a8b3c6d7bc6b06852c1659564c5559d743d (diff) |
Fix shorewall not starting with systemd (#8044)
Shorewall in jessie doesn't come with a proper unit file, and
as a result, it doesn't properly start with systemd.
To solve this, we provide the systemd unit file that comes with stretch,
add a systemd submodule that provides the exec resources needed for when
systemd units or configuration files are changed
Change-Id: I861fa951835928b4741abfbf969adcee4b8f147b
-rw-r--r-- | .gitmodules | 3 | ||||
-rw-r--r-- | puppet/modules/site_shorewall/files/Debian/shorewall.service | 23 | ||||
-rw-r--r-- | puppet/modules/site_shorewall/manifests/defaults.pp | 16 | ||||
m--------- | puppet/modules/systemd | 0 |
4 files changed, 40 insertions, 2 deletions
diff --git a/.gitmodules b/.gitmodules index 7005b770..051117f8 100644 --- a/.gitmodules +++ b/.gitmodules @@ -91,3 +91,6 @@ [submodule "puppet/modules/check_mk"] path = puppet/modules/check_mk url = https://leap.se/git/puppet_check_mk +[submodule "puppet/modules/systemd"] + path = puppet/modules/systemd + url = https://leap.se/git/puppet_systemd diff --git a/puppet/modules/site_shorewall/files/Debian/shorewall.service b/puppet/modules/site_shorewall/files/Debian/shorewall.service new file mode 100644 index 00000000..ec250ef1 --- /dev/null +++ b/puppet/modules/site_shorewall/files/Debian/shorewall.service @@ -0,0 +1,23 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall +# +# Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com> +# Copyright 2015 Tom Eastep <teastep@shorewall.net> +# +[Unit] +Description=Shorewall IPv4 firewall +Wants=network-online.target +After=network-online.target +Conflicts=iptables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=-/etc/default/shorewall +StandardOutput=syslog +ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall $OPTIONS stop +ExecReload=/sbin/shorewall $OPTIONS reload $RELOADOPTIONS + +[Install] +WantedBy=basic.target diff --git a/puppet/modules/site_shorewall/manifests/defaults.pp b/puppet/modules/site_shorewall/manifests/defaults.pp index 8f56ac42..ceb17868 100644 --- a/puppet/modules/site_shorewall/manifests/defaults.pp +++ b/puppet/modules/site_shorewall/manifests/defaults.pp @@ -47,6 +47,18 @@ class site_shorewall::defaults { ensure => installed } + include ::systemd + file { '/etc/systemd/system/shorewall.service': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + source => 'puppet:///modules/site_shorewall/Debian/shorewall.service', + require => Package['shorewall'], + notify => Service['shorewall'], + } ~> + Exec['systemctl-daemon-reload'] + augeas { # stop instead of clear firewall on shutdown 'shorewall_SAFESTOP': @@ -54,14 +66,14 @@ class site_shorewall::defaults { lens => 'Shellvars.lns', incl => '/etc/shorewall/shorewall.conf', require => Package['shorewall'], - notify => Service[shorewall]; + notify => Service['shorewall']; # require that the interface exist 'shorewall_REQUIRE_INTERFACE': changes => 'set /files/etc/shorewall/shorewall.conf/REQUIRE_INTERFACE Yes', lens => 'Shellvars.lns', incl => '/etc/shorewall/shorewall.conf', require => Package['shorewall'], - notify => Service[shorewall]; + notify => Service['shorewall']; # configure shorewall-init 'shorewall-init': changes => 'set /files/etc/default/shorewall-init/PRODUCTS shorewall', diff --git a/puppet/modules/systemd b/puppet/modules/systemd new file mode 160000 +Subproject 6d47fd4999fe03eba6fb11c4490dcbb90d93790 |