Merge pull request #824 from EmilienM/MODULES-8736

(MODULES-8736) IPtables support on RHEL8
puppetlabs · Apr 9, 2019 · 7ce5149 · 7ce5149
2 parents 0a831c5 + 879838d
commit 7ce5149
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 10 deletions.
diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
@@ -59,10 +59,10 @@
   }
 
   if $package_name {
-    package { $package_name:
-      ensure => $package_ensure,
-      before => Service[$service_name],
-    }
+    ensure_packages($package_name, {
+        'ensure' => $package_ensure,
+        'before' => Service[$service_name]}
+    )
   }
 
   if ($::operatingsystem != 'Amazon')

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -22,9 +22,9 @@
         }
         default: {
           if versioncmp($::operatingsystemrelease, '8.0') >= 0 {
-            $service_name = 'nftables'
-            $service_name_v6 = undef
-            $package_name = 'nftables'
+            $service_name = ['iptables', 'nftables']
+            $service_name_v6 = 'ip6tables'
+            $package_name = ['iptables-services', 'nftables']
             $sysconfig_manage = false
           } elsif versioncmp($::operatingsystemrelease, '7.0') >= 0 {
             $service_name = 'iptables'

diff --git a/spec/unit/classes/firewall_linux_redhat_spec.rb b/spec/unit/classes/firewall_linux_redhat_spec.rb
@@ -165,7 +165,10 @@
             ensure: 'running',
             enable: 'true',
           )
-          is_expected.not_to contain_service('iptables')
+          is_expected.to contain_service('iptables').with(
+            ensure: 'running',
+            enable: 'true',
+          )
         }
 
         context 'with ensure => stopped' do
@@ -175,6 +178,9 @@
             is_expected.to contain_service('nftables').with(
               ensure: 'stopped',
             )
+            is_expected.to contain_service('iptables').with(
+              ensure: 'stopped',
+            )
           }
         end
 
@@ -185,21 +191,31 @@
             is_expected.to contain_service('nftables').with(
               enable: 'false',
             )
+            is_expected.to contain_service('iptables').with(
+              enable: 'false',
+            )
           }
         end
 
         it {
           is_expected.to contain_service('firewalld').with(
             ensure: 'stopped',
             enable: false,
-            before: ['Package[nftables]', 'Service[nftables]'],
+            before: ['Package[iptables-services]', 'Package[nftables]', 'Service[iptables]', 'Service[nftables]'],
+          )
+        }
+
+        it {
+          is_expected.to contain_package('iptables-services').with(
+            ensure: 'present',
+            before: ['Service[iptables]', 'Service[nftables]'],
           )
         }
 
         it {
           is_expected.to contain_package('nftables').with(
             ensure: 'present',
-            before: 'Service[nftables]',
+            before: ['Service[iptables]', 'Service[nftables]'],
           )
         }