Closed craigafinch closed 9 months ago
@saltstack/team-core Any ideas?
firewalld.present
state has a bool argument masquerade
that is False by default. @craigafinch could you please try to set masquerade: True
?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.
I have an issue that this applies to. I have many modular states to manage software and configuration for multiple servers, instead of a set of states for each server.
My problem is that when I install something like say postgres, the firewalld state turns off masquerade, which is after my libvirtd state turns masquerade on.
I can't set masquerade to on for every state that has some firewall ports or services to add, as not all my machines are libvirtd hosts.
Please advise how I can set masquerade once, and then other states that don't reference masquerade don't overwrite it.
ps. I can't guarantee when the firewalld state runs for libvirtd, so moving it around in the load order is not an options.
Sounds reasonable @stobbsm .
So the desired behavior of the firewalld.present
state is if masquerade
is not set in the state then don't change the state of it.
Hello,
I have the same problem here. Ideally the default for masquerade should be None instead of False or something like this.
Especially because masquerade apply to the whole zone and not to a specific service or rule. It should not be changed when we add a service.
Description of Issue/Question
Setup
I have a pair of states like this, which add a service a server's firewalld configuration:
Steps to Reproduce Issue
What actually happens: masquerade will be disabled
What should happen: No change in masquerade status, unless I have specifically requested a change.
When I run this state on a server that is running firewalld and has
masquerade
enabled, this state disables masquerade, even though I didn't request that change. This unexpected behavior is a major problem, since it disables masquerade on a server whose primary function is to serve as a NAT gateway. Fortunately, I have another state that explicitly enables masquerade on that server, so the result is a temporary service interruption instead of a major outage.Versions Report
Minion:
References