diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2020-05-07 21:06:40 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2020-05-07 21:06:40 -0300 |
commit | 8c2babfd529b4c1e0d3844afc08b728a05f61caa (patch) | |
tree | 8f44d74d79fa2f0aa62f1987d0197cb1aaa706a7 | |
parent | e06d326f0be9f69bf4fa3b695f898c1cb9c5b200 (diff) | |
download | puppet-firewall-8c2babfd529b4c1e0d3844afc08b728a05f61caa.tar.gz puppet-firewall-8c2babfd529b4c1e0d3844afc08b728a05f61caa.tar.bz2 |
Hiera 5 migration
-rw-r--r-- | manifests/init.pp | 16 | ||||
-rw-r--r-- | manifests/local.pp | 8 | ||||
-rw-r--r-- | manifests/redirect.pp | 2 | ||||
-rw-r--r-- | manifests/router/torrent.pp | 2 | ||||
-rw-r--r-- | manifests/shaping.pp | 6 | ||||
-rw-r--r-- | manifests/torrent.pp | 2 | ||||
-rw-r--r-- | manifests/virtual/dns.pp | 4 | ||||
-rw-r--r-- | manifests/virtual/gitd.pp | 4 | ||||
-rw-r--r-- | manifests/virtual/gobby.pp | 4 | ||||
-rw-r--r-- | manifests/virtual/http.pp | 4 | ||||
-rw-r--r-- | manifests/virtual/https.pp | 8 | ||||
-rw-r--r-- | manifests/virtual/icecast.pp | 2 | ||||
-rw-r--r-- | manifests/virtual/jabber.pp | 6 | ||||
-rw-r--r-- | manifests/virtual/mail.pp | 20 | ||||
-rw-r--r-- | manifests/virtual/mumble.pp | 2 | ||||
-rw-r--r-- | manifests/virtual/munin.pp | 2 | ||||
-rw-r--r-- | manifests/virtual/ssh.pp | 2 | ||||
-rw-r--r-- | manifests/virtual/tor.pp | 8 |
18 files changed, 51 insertions, 51 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index c812955..c760895 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,12 +1,12 @@ # Firewall definitions for physical servers class firewall( - $device = hiera('firewall::device', 'eth0'), - $zone = hiera('firewall::zone', '-'), - $local_net = hiera('firewall::local_net', false), - $device_options = hiera('firewall::device_options', 'tcpflags,blacklist,routefilter,nosmurfs,logmartians'), - $vm_address = hiera('firewall::vm_address', '192.168.0.0/24'), - $vm_device = hiera('firewall::vm_device', false), - $ssh = hiera('firewall::ssh', 'ACCEPT'), + $device = lookup('firewall::device', undef, undef, 'eth0'), + $zone = lookup('firewall::zone', undef, undef, '-'), + $local_net = lookup('firewall::local_net', undef, undef, false), + $device_options = lookup('firewall::device_options', undef, undef, 'tcpflags,blacklist,routefilter,nosmurfs,logmartians'), + $vm_address = lookup('firewall::vm_address', undef, undef, '192.168.0.0/24'), + $vm_device = lookup('firewall::vm_device', undef, undef, false), + $ssh = lookup('firewall::ssh', undef, undef, 'ACCEPT'), ) { class { 'shorewall': } @@ -175,7 +175,7 @@ class firewall( destination => '$FW', proto => '-', destinationport => '-', - ratelimit => hiera("firewall::ssl_ratelimit", '-'), + ratelimit => lookup("firewall::ssl_ratelimit", undef, undef, '-'), order => 103, } diff --git a/manifests/local.pp b/manifests/local.pp index 804bce5..a44b9b8 100644 --- a/manifests/local.pp +++ b/manifests/local.pp @@ -1,8 +1,8 @@ class firewall::local( - $network = hiera('firewall::local::network', '192.168.1.0/24'), - $interface = hiera('firewall::local::interface', 'eth0'), - $manage_host = hiera('firewall::local::manage_host', true), - $manage_interface = hiera('firewall::local::manage_iface', false) + $network = lookup('firewall::local::network', undef, undef, '192.168.1.0/24'), + $interface = lookup('firewall::local::interface', undef, undef, 'eth0'), + $manage_host = lookup('firewall::local::manage_host', undef, undef, true), + $manage_interface = lookup('firewall::local::manage_iface', undef, undef, false) ) { if $manage_host { diff --git a/manifests/redirect.pp b/manifests/redirect.pp index d3785a1..dee9a98 100644 --- a/manifests/redirect.pp +++ b/manifests/redirect.pp @@ -2,7 +2,7 @@ class firewall::redirect::ssh($destinationport) { # When the box is in an internal network and we want to provide # and external access through a shared real IP, we have to # redirect requests coming from another port to port 22. - $ip = hiera('firewall::external_ip', $::ipaddress) + $ip = lookup('firewall::external_ip', undef, undef, $::ipaddress) shorewall::rule { "ssh-redirect-1": action => 'DNAT', diff --git a/manifests/router/torrent.pp b/manifests/router/torrent.pp index be80071..08f4c7e 100644 --- a/manifests/router/torrent.pp +++ b/manifests/router/torrent.pp @@ -2,7 +2,7 @@ class firewall::router::torrent( $destination, $zone = 'loc', $originaldest = $ipaddress, - $range = hiera('firewall::torrent::range', '6881:6999') + $range = lookup('firewall::torrent::range', undef, undef, '6881:6999') ) { shorewall::rule { "torrent-tcp-1": action => 'DNAT', diff --git a/manifests/shaping.pp b/manifests/shaping.pp index 63bd464..277f82c 100644 --- a/manifests/shaping.pp +++ b/manifests/shaping.pp @@ -1,7 +1,7 @@ class firewall::shaping( - $device = hiera('firewall::device', 'eth0'), - $in_bandwidth = hiera('firewall::in_bandwidth', '1000mbps'), - $out_bandwidth = hiera('firewall::out_bandwidth', '1000mbps') + $device = lookup('firewall::device', undef, undef, 'eth0'), + $in_bandwidth = lookup('firewall::in_bandwidth', undef, undef, '1000mbps'), + $out_bandwidth = lookup('firewall::out_bandwidth', undef, undef, '1000mbps') ) { # # Traffic shaping diff --git a/manifests/torrent.pp b/manifests/torrent.pp index e7eb02a..bc3a914 100644 --- a/manifests/torrent.pp +++ b/manifests/torrent.pp @@ -1,5 +1,5 @@ class firewall::torrent( - $range = hiera('firewall::torrent::range', '6881:6999') + $range = lookup('firewall::torrent::range', undef, undef, '6881:6999') ) { shorewall::rule { "torrent-tcp": action => 'ACCEPT', diff --git a/manifests/virtual/dns.pp b/manifests/virtual/dns.pp index f389929..1bf3872 100644 --- a/manifests/virtual/dns.pp +++ b/manifests/virtual/dns.pp @@ -25,7 +25,7 @@ class firewall::virtual::dns($destination, $zone = 'vm') { destination => "fw:$destination:53", proto => 'tcp', destinationport => '53', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 2002, } @@ -46,7 +46,7 @@ class firewall::virtual::dns($destination, $zone = 'vm') { destination => "fw:$destination:53", proto => 'udp', destinationport => '53', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 2004, } diff --git a/manifests/virtual/gitd.pp b/manifests/virtual/gitd.pp index 02c4fb9..b760f03 100644 --- a/manifests/virtual/gitd.pp +++ b/manifests/virtual/gitd.pp @@ -5,7 +5,7 @@ class firewall::virtual::gitd($destination) { destination => "vm:$destination:9418", proto => 'tcp', destinationport => '9418', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 800, } @@ -16,7 +16,7 @@ class firewall::virtual::gitd($destination) { destination => "fw:$destination:9418", proto => 'tcp', destinationport => '9418', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 801, } diff --git a/manifests/virtual/gobby.pp b/manifests/virtual/gobby.pp index 162fe1d..cc2c9fe 100644 --- a/manifests/virtual/gobby.pp +++ b/manifests/virtual/gobby.pp @@ -5,7 +5,7 @@ class firewall::virtual::gobby($destination) { destination => "fw:$destination:6523", proto => 'tcp', destinationport => '6523', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 2400, } @@ -16,7 +16,7 @@ class firewall::virtual::gobby($destination) { destination => "vm:$destination:6523", proto => 'tcp', destinationport => '6523', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 2400, } diff --git a/manifests/virtual/http.pp b/manifests/virtual/http.pp index efd3dca..bb8e232 100644 --- a/manifests/virtual/http.pp +++ b/manifests/virtual/http.pp @@ -5,7 +5,7 @@ class firewall::virtual::http($destination) { destination => "fw:$destination:80", proto => 'tcp', destinationport => '80', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 600, } @@ -16,7 +16,7 @@ class firewall::virtual::http($destination) { destination => "vm:$destination:80", proto => 'tcp', destinationport => '80', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 601, } diff --git a/manifests/virtual/https.pp b/manifests/virtual/https.pp index 36e0c9f..70a10a4 100644 --- a/manifests/virtual/https.pp +++ b/manifests/virtual/https.pp @@ -5,8 +5,8 @@ class firewall::virtual::https($destination) { destination => "fw:$destination:443", proto => 'tcp', destinationport => '443', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => hiera("firewall::ssl_ratelimit", '-'), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), + ratelimit => lookup("firewall::ssl_ratelimit", undef, undef, '-'), order => 602, } @@ -16,8 +16,8 @@ class firewall::virtual::https($destination) { destination => "vm:$destination:443", proto => 'tcp', destinationport => '443', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => hiera("firewall::ssl_ratelimit", '-'), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), + ratelimit => lookup("firewall::ssl_ratelimit", undef, undef, '-'), order => 602, } } diff --git a/manifests/virtual/icecast.pp b/manifests/virtual/icecast.pp index 1681f18..3c392b6 100644 --- a/manifests/virtual/icecast.pp +++ b/manifests/virtual/icecast.pp @@ -15,7 +15,7 @@ class firewall::virtual::icecast($destination, $zone = 'fw') { destination => "$zone:$destination:8000", proto => 'tcp', destinationport => '8000', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 901, } diff --git a/manifests/virtual/jabber.pp b/manifests/virtual/jabber.pp index 0bba4e9..703b9a9 100644 --- a/manifests/virtual/jabber.pp +++ b/manifests/virtual/jabber.pp @@ -15,7 +15,7 @@ class firewall::virtual::jabber($destination, $zone = 'fw') { destination => "$zone:$destination:5223", proto => 'tcp', destinationport => '5223', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 2201, } @@ -36,7 +36,7 @@ class firewall::virtual::jabber($destination, $zone = 'fw') { destination => "$zone:$destination:4369", proto => 'tcp', destinationport => '4369', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 2203, } @@ -47,7 +47,7 @@ class firewall::virtual::jabber($destination, $zone = 'fw') { destination => "$zone:$destination:4370", proto => 'tcp', destinationport => '4370:4375', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 2204, } diff --git a/manifests/virtual/mail.pp b/manifests/virtual/mail.pp index 75eec5f..c16f898 100644 --- a/manifests/virtual/mail.pp +++ b/manifests/virtual/mail.pp @@ -5,7 +5,7 @@ class firewall::virtual::mail($destination) { destination => "fw:$destination:25", proto => 'tcp', destinationport => '25', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 1000, } @@ -16,7 +16,7 @@ class firewall::virtual::mail($destination) { destination => "vm:$destination:25", proto => 'tcp', destinationport => '25', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 1001, } @@ -27,8 +27,8 @@ class firewall::virtual::mail($destination) { destination => "fw:$destination:993", proto => 'tcp', destinationport => '993', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => hiera("firewall::ssl_ratelimit", '-'), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), + ratelimit => lookup("firewall::ssl_ratelimit", undef, undef, '-'), order => 1002, } @@ -38,8 +38,8 @@ class firewall::virtual::mail($destination) { destination => "vm:$destination:993", proto => 'tcp', destinationport => '993', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => hiera("firewall::ssl_ratelimit", '-'), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), + ratelimit => lookup("firewall::ssl_ratelimit", undef, undef, '-'), order => 1003, } @@ -49,8 +49,8 @@ class firewall::virtual::mail($destination) { destination => "fw:$destination:587", proto => 'tcp', destinationport => '587', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => hiera("firewall::ssl_ratelimit", '-'), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), + ratelimit => lookup("firewall::ssl_ratelimit", undef, undef, '-'), order => 1004, } @@ -60,8 +60,8 @@ class firewall::virtual::mail($destination) { destination => "vm:$destination:587", proto => 'tcp', destinationport => '587', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => hiera("firewall::ssl_ratelimit", '-'), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), + ratelimit => lookup("firewall::ssl_ratelimit", undef, undef, '-'), order => 1005, } } diff --git a/manifests/virtual/mumble.pp b/manifests/virtual/mumble.pp index 45ab393..b523dca 100644 --- a/manifests/virtual/mumble.pp +++ b/manifests/virtual/mumble.pp @@ -15,7 +15,7 @@ class firewall::virtual::mumble($destination, $zone = 'fw') { destination => "$zone:$destination:64738", proto => 'udp', destinationport => '64738', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 2301, } diff --git a/manifests/virtual/munin.pp b/manifests/virtual/munin.pp index b8bfce1..79514c6 100644 --- a/manifests/virtual/munin.pp +++ b/manifests/virtual/munin.pp @@ -21,7 +21,7 @@ define firewall::virtual::munin($destination, $port_orig, $port_dest = '', $orde }, proto => 'tcp', destinationport => "$port_orig", - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => $order, } diff --git a/manifests/virtual/ssh.pp b/manifests/virtual/ssh.pp index 4832b58..7ad93fc 100644 --- a/manifests/virtual/ssh.pp +++ b/manifests/virtual/ssh.pp @@ -21,7 +21,7 @@ define firewall::virtual::ssh($destination, $port_orig = '22', $port_dest = '', }, proto => 'tcp', destinationport => "$port_orig", - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => "2$port_orig", } diff --git a/manifests/virtual/tor.pp b/manifests/virtual/tor.pp index f4a1cb6..7cca6d6 100644 --- a/manifests/virtual/tor.pp +++ b/manifests/virtual/tor.pp @@ -15,7 +15,7 @@ class firewall::virtual::tor($destination, $zone = 'vm') { destination => "fw:$destination:9000", proto => 'tcp', destinationport => '9000', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 2101, } @@ -36,7 +36,7 @@ class firewall::virtual::tor($destination, $zone = 'vm') { destination => "fw:$destination:9001", proto => 'tcp', destinationport => '9001', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 2103, } @@ -57,7 +57,7 @@ class firewall::virtual::tor($destination, $zone = 'vm') { destination => "fw:$destination:9100", proto => 'tcp', destinationport => '9100', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 2105, } @@ -78,7 +78,7 @@ class firewall::virtual::tor($destination, $zone = 'vm') { destination => "fw:$destination:9101", proto => 'tcp', destinationport => '9101', - originaldest => hiera('firewall::external_ip', $::ipaddress), + originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress), ratelimit => '-', order => 2107, } |