From 0d40289a76726f44ff80219bbef421d8a6ffbcbd Mon Sep 17 00:00:00 2001 From: cdenneen Date: Wed, 3 Sep 2014 13:08:17 -0400 Subject: [PATCH 1/5] Add CentOS to facter value operatingsystem test --- lib/puppet/util/firewall.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/puppet/util/firewall.rb b/lib/puppet/util/firewall.rb index 9982bed83..a533850e1 100644 --- a/lib/puppet/util/firewall.rb +++ b/lib/puppet/util/firewall.rb @@ -169,7 +169,7 @@ def persist_iptables(proto) end # RHEL 7 and newer also use systemd to persist iptable rules - if os_key == 'RedHat' && Facter.value(:operatingsystem) == 'RedHat' && Facter.value(:operatingsystemrelease).to_i >= 7 + if os_key == 'RedHat' && ['RedHat','CentOS'].include?(Facter.value(:operatingsystem)) && Facter.value(:operatingsystemrelease).to_i >= 7 os_key = 'Fedora' end From 4563e2d4f3084ff1f6b901d2cbd77d46c9e4d55f Mon Sep 17 00:00:00 2001 From: cdenneen Date: Wed, 3 Sep 2014 13:14:06 -0400 Subject: [PATCH 2/5] Centos 7 won't work with operatingsystemrelease 7.0 Centos 7 operatingsystemrelease is 7.0.1406 for example so switching to operatingsystemmajrelease would allow for 7 to be used for all EL7 products --- manifests/linux/redhat.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp index b7a4d0e3f..6fdc69458 100644 --- a/manifests/linux/redhat.pp +++ b/manifests/linux/redhat.pp @@ -20,7 +20,7 @@ # RHEL 7 and later and Fedora 15 and later require the iptables-services # package, which provides the /usr/libexec/iptables/iptables.init used by # lib/puppet/util/firewall.rb. - if ($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0) + if ($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemmajrelease, '7') >= 0) or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0) { package { 'firewalld': ensure => absent, From af94f65d37fa9c0bc366c4f45640ea80b69c36d7 Mon Sep 17 00:00:00 2001 From: cdenneen Date: Wed, 3 Sep 2014 22:23:57 -0400 Subject: [PATCH 3/5] Update firewall.rb --- lib/puppet/util/firewall.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/puppet/util/firewall.rb b/lib/puppet/util/firewall.rb index a533850e1..c5a78b859 100644 --- a/lib/puppet/util/firewall.rb +++ b/lib/puppet/util/firewall.rb @@ -169,7 +169,7 @@ def persist_iptables(proto) end # RHEL 7 and newer also use systemd to persist iptable rules - if os_key == 'RedHat' && ['RedHat','CentOS'].include?(Facter.value(:operatingsystem)) && Facter.value(:operatingsystemrelease).to_i >= 7 + if os_key == 'RedHat' && ['RedHat','CentOS','Scientific','SL','SLC','Ascendos','CloudLinux','PSBM','OracleLinux','OVS','OEL','Amazon','XenServer'].include?(Facter.value(:operatingsystem)) && Facter.value(:operatingsystemrelease).to_i >= 7 os_key = 'Fedora' end From 653bb022b46a10ff7cccb280d1c14c1f3a9eb7c8 Mon Sep 17 00:00:00 2001 From: cdenneen Date: Wed, 3 Sep 2014 22:42:19 -0400 Subject: [PATCH 4/5] Update redhat.pp --- manifests/linux/redhat.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp index 6fdc69458..b7a4d0e3f 100644 --- a/manifests/linux/redhat.pp +++ b/manifests/linux/redhat.pp @@ -20,7 +20,7 @@ # RHEL 7 and later and Fedora 15 and later require the iptables-services # package, which provides the /usr/libexec/iptables/iptables.init used by # lib/puppet/util/firewall.rb. - if ($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemmajrelease, '7') >= 0) + if ($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0) or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0) { package { 'firewalld': ensure => absent, From ed5dd3e5d0870fe8fe2925c9e5215f18813e7791 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Mon, 27 Oct 2014 13:36:46 -0700 Subject: [PATCH 5/5] Update tests for EL 7 Without this patch, unit tests make no distinction between EL < 7 and EL 7. This is a problem because the iptables save exec is different between the two operating systems, so the tests will fail for EL 7. This patch fixes the problem by updating the tests to include the new exec command for EL 7. --- spec/unit/puppet/util/firewall_spec.rb | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/spec/unit/puppet/util/firewall_spec.rb b/spec/unit/puppet/util/firewall_spec.rb index e5864879c..4d6f92c66 100644 --- a/spec/unit/puppet/util/firewall_spec.rb +++ b/spec/unit/puppet/util/firewall_spec.rb @@ -143,13 +143,22 @@ subject.persist_iptables(proto) end - it 'should exec for CentOS identified from operatingsystem' do + it 'should exec for CentOS 6 identified from operatingsystem and operatingsystemrelease' do allow(Facter.fact(:osfamily)).to receive(:value).and_return(nil) allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('CentOS') + allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('6.5') expect(subject).to receive(:execute).with(%w{/sbin/service iptables save}) subject.persist_iptables(proto) end + it 'should exec for CentOS 7 identified from operatingsystem and operatingsystemrelease' do + allow(Facter.fact(:osfamily)).to receive(:value).and_return(nil) + allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('CentOS') + allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('7.0.1406') + expect(subject).to receive(:execute).with(%w{/usr/libexec/iptables/iptables.init save}) + subject.persist_iptables(proto) + end + it 'should exec for Archlinux identified from osfamily' do allow(Facter.fact(:osfamily)).to receive(:value).and_return('Archlinux') expect(subject).to receive(:execute).with(['/bin/sh', '-c', '/usr/sbin/iptables-save > /etc/iptables/iptables.rules'])