Avoid reloading all time

redBorder · Dec 8, 2024 · a0b70bc · a0b70bc
1 parent 03d9758
commit a0b70bc
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 6 deletions.
diff --git a/resources/libraries/helper.rb b/resources/libraries/helper.rb
@@ -14,6 +14,7 @@ def apply_rule(type, value, zone, protocol = nil)
           action :create
           permanent true
           not_if "firewall-cmd --permanent --zone=#{zone} --query-port=#{value}/#{protocol}"
+          notifies :reload, 'service[firewalld]', :delayed
         end
       when :protocol
         firewall_rule "Allow protocol #{value} in #{zone} zone" do
@@ -22,6 +23,7 @@ def apply_rule(type, value, zone, protocol = nil)
           action :create
           permanent true
           not_if "firewall-cmd --permanent --zone=#{zone} --query-protocol=#{value}"
+          notifies :reload, 'service[firewalld]', :delayed
         end
       when :rich_rule
         firewall_rule "Adding rich rule #{value} in #{zone} zone" do
@@ -30,6 +32,7 @@ def apply_rule(type, value, zone, protocol = nil)
           action :create
           permanent true
           not_if "firewall-cmd --permanent --zone=#{zone} --query-rich-rule='#{value}'"
+          notifies :reload, 'service[firewalld]', :delayed
         end
       end
     end

diff --git a/resources/providers/config.rb b/resources/providers/config.rb
@@ -13,6 +13,12 @@
     flush_cache [:before]
   end
 
+  service 'firewalld' do
+    service_name 'firewalld'
+    supports status: true, reload: true, restart: true, start: true, enable: true
+    action [:enable, :start]
+  end
+
   template '/etc/firewalld.conf' do
     source 'firewalld.conf.erb'
     cookbook 'rb-firewall'
@@ -30,6 +36,7 @@
       action :create
       permanent true
       not_if "firewall-cmd --zone=home --query-interface=#{sync_interface}"
+      notifies :reload, 'service[firewalld]', :delayed
     end
 
     firewall_rule 'Add sync subnet to home' do
@@ -38,6 +45,7 @@
       action :create
       permanent true
       not_if "firewall-cmd --zone=home --query-source=#{sync_subnet}"
+      notifies :reload, 'service[firewalld]', :delayed
     end
   end
 
@@ -73,6 +81,7 @@
           action :delete
           permanent true
           only_if "firewall-cmd --permanent --zone=public --query-rich-rule='rule family=\"ipv4\" source address=\"#{ip}\" port port=\"9092\" protocol=\"tcp\" accept'"
+          notifies :reload, 'service[firewalld]', :delayed
         end
       end
     end
@@ -84,16 +93,11 @@
         action :create
         permanent true
         not_if "firewall-cmd --permanent --zone=public --query-rich-rule='rule family=\"ipv4\" source address=\"#{ip}\" port port=\"9092\" protocol=\"tcp\" accept'"
+        notifies :reload, 'service[firewalld]', :delayed
       end
     end
   end
 
-  service 'firewalld' do
-    service_name 'firewalld'
-    supports status: true, reload: true, restart: true, start: true, enable: true
-    action [:enable, :start, :reload]
-  end
-
   Chef::Log.info('Firewall configuration has been applied.')
 end