Resource type needed to set firewall settings

[ggeldenhuis]

Currently firewall settings is set as follows in a kickstart file for esxi:

# enable firewall
esxcli network firewall set --default-action false --enabled yes

# services to enable by default
FIREWALL_SERVICES='syslog sshClient ntpClient updateManager httpClient netdump'
for SERVICE in ${FIREWALL_SERVICES}; do
    esxcli network firewall ruleset set --ruleset-id ${SERVICE} --enabled yes
done

It would be useful, to have a resource type that can be used to create firewall entries.

[crayfishx]

@gjngeldenhuis

Your second example is covered by the new type I've submitted in #206

As for your first example, enabling and disabling the firewall itself, it looks as if this functionality is not exposed in the API. Perhaps @maniacmurphy can find a reference to where this is exposed, but I've searched for it and after a chat with some of the folk on the vmware slack channel it looks like this hasn't been implemented - this should probably be raised with VMware as it seems to me that this should be exposed in the API.

[ggeldenhuis]

@crayfishx
Currently you can stop/start services using the module in the following way:

        esx_service { "${esxi_server_name}:ssh":
          require   => Vc_host[$esxi_server_name],
          service => "TSM-SSH",
        }

I have not looked into it further but it might be possible to control the firewall as a service in the above manner.

[crayfishx]

@gjngeldenhuis I don't believe that firewall is a service, and I dont think enabling/disabling the firewall is the same thing... I may be wrong though, I'll dig into that a bit but I'm pretty sure I already went down that path last week