I'm trying to configure firewalld via saltstack state file (on Centos7). I can add services just fine to permanent configuration, but that indeed goes into 'permanent' configuration, not in the running one. So, either a reload is needed or (less optional) add same services to running configuration too.
What I've used to add the service:
public:
firewalld.present:
- name: public
- services:
- http
That works, but just to permanent.
I've tried to add a "watch", but that won't work at all:
firewalld:
service.running:
- watch:
- file: /etc/firewalld/zones/public.xml
Error is:
Comment: The following requisites were not found:
watch:
file: /etc/firewalld/zones/public.xml
So, what can be done? How can I instruct a service reload via a state file?
You were close. You can't watch a file directly on the file system. You can only watch another Salt state. So your example would look like this:
public:
firewalld.present:
- name: public
- services:
- http
firewalld:
service.running:
- watch:
- firewalld: public
What this means is that the service.running state will look for changes to the firewalld.present state and restart firewalld if changes did occur.
If you want a reload vs a complete restart, this should work:
public:
firewalld.present:
- name: public
- services:
- http
firewalld:
service.running:
- reload: True
- watch:
- firewalld: public
Here's docs on the service state: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html