Accepting request 704238 from systemsmanagement:saltstack
- Switch firewalld state to use change_interface (bsc#1132076) - Added: * switch-firewalld-state-to-use-change_interface.patch OBS-URL: https://build.opensuse.org/request/show/704238 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/salt?expand=0&rev=85
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
aadc9d3bb9
@ -1 +1 @@
|
|||||||
8fe9649055af571bfa44483318fa5a8476035001
|
ea5a745c3a962219fd886eefc19f33997b655283
|
||||||
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 20 12:12:46 UTC 2019 - psuarezhernandez@suse.com
|
||||||
|
|
||||||
|
- Switch firewalld state to use change_interface (bsc#1132076)
|
||||||
|
|
||||||
|
- Added:
|
||||||
|
* switch-firewalld-state-to-use-change_interface.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed May 8 08:48:49 UTC 2019 - Mihai Dincă <mihai.dinca@suse.com>
|
Wed May 8 08:48:49 UTC 2019 - Mihai Dincă <mihai.dinca@suse.com>
|
||||||
|
|
||||||
|
|||||||
@ -174,6 +174,8 @@ Patch53: do-not-crash-when-there-are-ipv6-established-connect.patch
|
|||||||
# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/144
|
# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/144
|
||||||
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/52855
|
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/52855
|
||||||
Patch54: fix-async-batch-multiple-done-events.patch
|
Patch54: fix-async-batch-multiple-done-events.patch
|
||||||
|
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/52743
|
||||||
|
Patch55: switch-firewalld-state-to-use-change_interface.patch
|
||||||
|
|
||||||
# BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
# BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
@ -686,6 +688,7 @@ cp %{S:5} ./.travis.yml
|
|||||||
%patch52 -p1
|
%patch52 -p1
|
||||||
%patch53 -p1
|
%patch53 -p1
|
||||||
%patch54 -p1
|
%patch54 -p1
|
||||||
|
%patch55 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if 0%{?build_py2}
|
%if 0%{?build_py2}
|
||||||
|
|||||||
73
switch-firewalld-state-to-use-change_interface.patch
Normal file
73
switch-firewalld-state-to-use-change_interface.patch
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
From ee499612e1302b908a64dde696065b0093fe3115 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?=
|
||||||
|
<psuarezhernandez@suse.com>
|
||||||
|
Date: Mon, 20 May 2019 11:59:39 +0100
|
||||||
|
Subject: [PATCH] Switch firewalld state to use change_interface
|
||||||
|
|
||||||
|
firewalld.present state allows to bind interface to given zone.
|
||||||
|
However if the interface is already bound to some other zone, call-
|
||||||
|
ing `add_interface` will not change rebind the interface but report
|
||||||
|
error.
|
||||||
|
Option `change_interface` however can rebind the interface from one
|
||||||
|
zone to another.
|
||||||
|
|
||||||
|
This PR adds `firewalld.change_interface` call to firewalld module
|
||||||
|
and updates `firewalld.present` state to use this call.
|
||||||
|
---
|
||||||
|
salt/modules/firewalld.py | 23 +++++++++++++++++++++++
|
||||||
|
salt/states/firewalld.py | 4 ++--
|
||||||
|
2 files changed, 25 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/salt/modules/firewalld.py b/salt/modules/firewalld.py
|
||||||
|
index 7eeb865fa7..232fe052a2 100644
|
||||||
|
--- a/salt/modules/firewalld.py
|
||||||
|
+++ b/salt/modules/firewalld.py
|
||||||
|
@@ -951,6 +951,29 @@ def remove_interface(zone, interface, permanent=True):
|
||||||
|
return __firewall_cmd(cmd)
|
||||||
|
|
||||||
|
|
||||||
|
+def change_interface(zone, interface, permanent=True):
|
||||||
|
+ '''
|
||||||
|
+ Change zone the interface bound to
|
||||||
|
+
|
||||||
|
+ .. versionadded:: 2019.?.?
|
||||||
|
+
|
||||||
|
+ CLI Example:
|
||||||
|
+
|
||||||
|
+ .. code-block:: bash
|
||||||
|
+
|
||||||
|
+ salt '*' firewalld.change_interface zone eth0
|
||||||
|
+ '''
|
||||||
|
+ if interface in get_interfaces(zone, permanent):
|
||||||
|
+ log.info('Interface is already bound to zone.')
|
||||||
|
+
|
||||||
|
+ cmd = '--zone={0} --change-interface={1}'.format(zone, interface)
|
||||||
|
+
|
||||||
|
+ if permanent:
|
||||||
|
+ cmd += ' --permanent'
|
||||||
|
+
|
||||||
|
+ return __firewall_cmd(cmd)
|
||||||
|
+
|
||||||
|
+
|
||||||
|
def get_sources(zone, permanent=True):
|
||||||
|
'''
|
||||||
|
List sources bound to a zone
|
||||||
|
diff --git a/salt/states/firewalld.py b/salt/states/firewalld.py
|
||||||
|
index 4623798658..fc5b233f98 100644
|
||||||
|
--- a/salt/states/firewalld.py
|
||||||
|
+++ b/salt/states/firewalld.py
|
||||||
|
@@ -647,8 +647,8 @@ def _present(name,
|
||||||
|
for interface in new_interfaces:
|
||||||
|
if not __opts__['test']:
|
||||||
|
try:
|
||||||
|
- __salt__['firewalld.add_interface'](name, interface,
|
||||||
|
- permanent=True)
|
||||||
|
+ __salt__['firewalld.change_interface'](name, interface,
|
||||||
|
+ permanent=True)
|
||||||
|
except CommandExecutionError as err:
|
||||||
|
ret['comment'] = 'Error: {0}'.format(err)
|
||||||
|
return ret
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
||||||
|
|
||||||
Loading…
Reference in New Issue
Block a user