Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reload service rather than restart #10

Merged
merged 2 commits into from
Mar 13, 2017
Merged

Reload service rather than restart #10

merged 2 commits into from
Mar 13, 2017

Conversation

amendlik
Copy link

The Salt Minion does not react well to FirewallD being restarted. It becomes unreachable indefinitely, until it is restarted. Further, I don't know of any reasons to restart the FirewallD service, since the service dynamically manages the kernel module.

This PR makes the service reload its conifg, rather than restarting.

aboe76
aboe76 approved these changes Mar 10, 2017
View reviewed changes
Copy link
Member

@aboe76 aboe76 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me,
tested it without issues.

javierbertoli
javierbertoli reviewed Mar 10, 2017
View reviewed changes
firewalld/config.sls Outdated
@@ -13,7 +13,7 @@ directory_firewalld:
- require:
- pkg: package_firewalld # make sure package is installed
- listen_in:
- module: service_firewalld # restart service
- service: service_firewalld # restart service
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@amendlik Mind you either modify the comments (to reflect the new behaviour) or remove them, for consistency?

@amendlik
Copy link
Author

After some more testing, reloading the service (systemctl reload firewalld) is exhibiting some strange behaviors, sometimes causing firewalld to stop. Using the firewall-cmd --reload command seems to work predictably every time.

aboe76
aboe76 reviewed Mar 12, 2017
View reviewed changes
firewalld/config.sls

- require_in:
- service: service_firewalld
- watch_in:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not keep the listen_in?

that way only after all the changes it will be reloaded, instead of everytime.

@amendlik
Copy link
Author

listen_in will move the reload command to the very end of the entire state run, including states from outside of this formula. The way I wrote it, the reload will happen once, at the end of everything in this formula.
My thinking is that, if later states require the firewall to be configured, we would want to complete that before moving on to other formulas, etc. I'm happy to hear other ideas on how this should work.

@aboe76
Copy link
Member

aboe76 commented Mar 13, 2017

@amendlik then I see no problems, @javierbertoli shall we merge this?

@javierbertoli
Copy link
Member

@amendlik 's arguments are reasonable, so I'll merge. Thanks you guys!

@javierbertoli javierbertoli merged commit f509349 into saltstack-formulas:master Mar 13, 2017
@amendlik amendlik mentioned this pull request Feb 14, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@javierbertoli javierbertoli javierbertoli left review comments

@aboe76 aboe76 aboe76 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@amendlik @aboe76 @javierbertoli