From 5a76b0e30f2e9cb95e8f624dba90fbdf7bffe6fb Mon Sep 17 00:00:00 2001
From: Craig Dunn <craig@craigdunn.org>
Date: Sat, 5 Nov 2016 09:26:21 +0100
Subject: [PATCH] Dont fail when firewall-cmd is not available yet.

If the firewalld package is not installed yet, then the module fails
because firewalld tries to determine the state of the firewalld process
by using the firewall-cmd command, also the firewalld_zone resource type
will try and call the provider.exists? method in the generate method.

Both of these steps occur before the catalog is applied so before the
package resource can install the package.

This PR catches the exception when the command is missing and leaves
the @running instance variable set to nil.... When determining the
state of the firewalld service later in the Puppet run, the state
is re-checked if @running is set to nil.

Closes #96
---
 lib/puppet/provider/firewalld.rb              | 22 +++++++++++++++++--
 .../provider/firewalld_zone/firewall_cmd.rb   |  9 ++++++++
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/lib/puppet/provider/firewalld.rb b/lib/puppet/provider/firewalld.rb
index 1d3f8b35..94d72840 100644
--- a/lib/puppet/provider/firewalld.rb
+++ b/lib/puppet/provider/firewalld.rb
@@ -8,10 +8,26 @@ class Puppet::Provider::Firewalld < Puppet::Provider
 
   def initialize(*args)
     if running.nil?
+      check_running_state
+    end
+    super
+  end
+
+  def check_running_state
+    begin
       ret = self.class.execute_firewall_cmd(['--state'], nil, false, false)
       @running = ret.exitstatus == 0 ? true : false
+    rescue Puppet::MissingCommand => e
+      # This exception is caught in case the module is being run before
+      # the package provider has installed the firewalld package, if we
+      # cannot find the firewalld-cmd command then we silently continue
+      # leaving @running set to nil, this will cause it to be re-checked
+      # later in the execution process.
+      #
+      # See: https://github.com/crayfishx/puppet-firewalld/issues/96
+      #
+      self.debug('Could not determine state of firewalld because the executable is not available')
     end
-    super
   end
 
   # v3.0.0
@@ -68,10 +84,12 @@ def reload_firewall
   end
 
   def offline?
-    @running == false
+    check_running_state if running.nil?
+    @running == false || @running.nil?
   end
 
   def online?
+    check_running_state if running.nil?
     @running == true
   end
 
diff --git a/lib/puppet/provider/firewalld_zone/firewall_cmd.rb b/lib/puppet/provider/firewalld_zone/firewall_cmd.rb
index f471f16c..bd275fb3 100644
--- a/lib/puppet/provider/firewalld_zone/firewall_cmd.rb
+++ b/lib/puppet/provider/firewalld_zone/firewall_cmd.rb
@@ -12,6 +12,15 @@
 
   def exists?
     @resource[:zone] = @resource[:name]
+
+    # If running is still set to nil then firewalld might not be installed yet,
+    # and we are probably calling this method from the generate method of the
+    # firewalld_zone type.  We should just politely return false here as the
+    # module should install the package later in the puppet run, related to
+    # issue #96
+    #
+    return false if running.nil?
+
     execute_firewall_cmd(['--get-zones'], nil).split(" ").include?(@resource[:name])
   end