From f6ae60e0c2fb0a74ae55aa014c1fbd00db69d5de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20P=C3=A9rez?= <pperez@redborder.com>
Date: Mon, 16 Dec 2024 15:41:32 +0000
Subject: [PATCH] Check if needs to reload or not

---
 conf                          |  2 ++
 resources/providers/config.rb | 12 ++++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 conf

diff --git a/conf b/conf
new file mode 100644
index 0000000..a30967c
--- /dev/null
+++ b/conf
@@ -0,0 +1,2 @@
+Chef::Log.error "\n\n\n\n\nis_manager #{is_manager?}\nsync_ip #{sync_ip}\nip_addr #{ip_addr}\n\n\n\n"
+
diff --git a/resources/providers/config.rb b/resources/providers/config.rb
index f8d97f6..0bb8f22 100644
--- a/resources/providers/config.rb
+++ b/resources/providers/config.rb
@@ -98,6 +98,18 @@
     end
   end
 
+  # Reload firewalld only if the runtime rules are different than the permanent rules
+  # (a rule has been added/deleted and the service needs to be reloaded)
+  execute 'reload_firewalld' do
+    command 'firewall-cmd --reload'
+    only_if do
+      runtime_rules = `firewall-cmd --zone=public --list-rich-rules`.strip
+      permanent_rules = `firewall-cmd --permanent --zone=public --list-rich-rules`.strip
+      runtime_rules != permanent_rules
+    end
+    action :run
+  end
+
   Chef::Log.info('Firewall configuration has been applied.')
 end