Dont fail when firewall-cmd is not available yet.

If the firewalld package is not installed yet, then the module fails because firewalld tries to determine the state of the firewalld process by using the firewall-cmd command, also the firewalld_zone resource type will try and call the provider.exists? method in the generate method. Both of these steps occur before the catalog is applied so before the package resource can install the package. This PR catches the exception when the command is missing and leaves the @running instance variable set to nil.... When determining the state of the firewalld service later in the Puppet run, the state is re-checked if @running is set to nil. Closes #96
voxpupuli · Nov 5, 2016 · 5a76b0e · 5a76b0e
1 parent 655b239
commit 5a76b0e
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 2 deletions.
diff --git a/lib/puppet/provider/firewalld.rb b/lib/puppet/provider/firewalld.rb
@@ -8,10 +8,26 @@ class Puppet::Provider::Firewalld < Puppet::Provider
 
   def initialize(*args)
     if running.nil?
+      check_running_state
+    end
+    super
+  end
+
+  def check_running_state
+    begin
       ret = self.class.execute_firewall_cmd(['--state'], nil, false, false)
       @running = ret.exitstatus == 0 ? true : false
+    rescue Puppet::MissingCommand => e
+      # This exception is caught in case the module is being run before
+      # the package provider has installed the firewalld package, if we
+      # cannot find the firewalld-cmd command then we silently continue
+      # leaving @running set to nil, this will cause it to be re-checked
+      # later in the execution process.
+      #
+      # See: https://github.com/crayfishx/puppet-firewalld/issues/96
+      #
+      self.debug('Could not determine state of firewalld because the executable is not available')
     end
-    super
   end
 
   # v3.0.0
@@ -68,10 +84,12 @@ def reload_firewall
   end
 
   def offline?
-    @running == false
+    check_running_state if running.nil?
+    @running == false || @running.nil?
   end
 
   def online?
+    check_running_state if running.nil?
     @running == true
   end
 

diff --git a/lib/puppet/provider/firewalld_zone/firewall_cmd.rb b/lib/puppet/provider/firewalld_zone/firewall_cmd.rb
@@ -12,6 +12,15 @@
 
   def exists?
     @resource[:zone] = @resource[:name]
+
+    # If running is still set to nil then firewalld might not be installed yet,
+    # and we are probably calling this method from the generate method of the
+    # firewalld_zone type.  We should just politely return false here as the
+    # module should install the package later in the puppet run, related to
+    # issue #96
+    #
+    return false if running.nil?
+
     execute_firewall_cmd(['--get-zones'], nil).split(" ").include?(@resource[:name])
   end