I am trying to get a state set up so that I can add the associated ports open in firewalld.
Tried every example I can find and all fail.
Here is my current:
firewalld:
service.running:
- enable: True
default_zone:
- public
services:
snmpd:
- short:
- snmp
- ports:
- udp:
- 161
- tcp:
- 161
ssh:
- short:
- ssh
- ports:
- tcp:
- 22
zones:
public:
- short:
- Public
- services:
- ssh
- snmpd
And this leads to an error on the minion of:
State 'firewalld' in SLS 'firewalld.firewalld' is not formed as a list
I've run this through three different YAML validators and all say it's clean so I'm confused.
Best Answer
I assume you are using the
firewalld-formula
from the official repository?Please be informed that a "SaltStack Formula" is a "ready-to-use state that you configure using pillars". So, your YAML declaration must NOT be a state declaration, but instead a pillar declaration.
Let me illustrate:
I'll assume you have your state files in
/srv/salt
and your pillar files in/srv/pillar
.To use the
firewalld-formula
, you need to create a "pillar" file. Use the providedpillar.example
file and save it as/srv/pillar/firewalld/<target-host>.sls
, and refer to it from/srv/pillar/top.sls
. For example:Note: By naming the pillar file
<target-host>.sls
, we can easily make different pillars for different hosts.Then, we 'activate' the formula by referencing the
firewalld-formula
from/srv/salt/top.sls
(or other state files under/srv/salt/
using theinclude:
directive).I'll assume that you cloned the
firewalld-formula
repo in this way:Note: The symlink allows us to refer to the state as
firewalld
instead offirewalld-formula.firewalld
.Now, edit the
/srv/salt/top.sls
file to invoke thefirewalld
state:Aaand, you're done.
Alternatively, you may use a common state instead and let the Jinja renderer and the Pillar system take care of the 'targeting' details. Let's say your
top.sls
file has the following:Edit the
hardening
state file as such: