diff options
| author | mh <mh@immerda.ch> | 2009-10-02 13:56:23 +0200 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2009-12-07 11:34:22 -0500 |
| commit | 40a3ba49d07e000321c361f2712da47557415fab (patch) | |
| tree | 459d4d5aac8e0794ae65cb7c048e62df06fa34e2 /manifests/rules | |
| parent | 28f6a27507139db939a0204e36f0f27569a2f117 (diff) | |
| download | puppet-shorewall-40a3ba49d07e000321c361f2712da47557415fab.tar.gz puppet-shorewall-40a3ba49d07e000321c361f2712da47557415fab.tar.bz2 | |
add puppet rules
Diffstat (limited to 'manifests/rules')
| -rw-r--r-- | manifests/rules/out/puppet.pp | 12 | ||||
| -rw-r--r-- | manifests/rules/puppet.pp | 16 | ||||
| -rw-r--r-- | manifests/rules/puppet/master.pp | 11 |
3 files changed, 39 insertions, 0 deletions
diff --git a/manifests/rules/out/puppet.pp b/manifests/rules/out/puppet.pp new file mode 100644 index 0000000..5cd4643 --- /dev/null +++ b/manifests/rules/out/puppet.pp @@ -0,0 +1,12 @@ +class shorewall::rules::out::puppet { + include ::shorewall::rules::puppet + # we want to connect to the puppet server + shorewall::rule { 'me-net-puppet_tcp': + source => '$FW', + destination => 'net:$PUPPETSERVER', + proto => 'tcp', + destinationport => '$PUPPETSERVER_PORT,$PUPPETSERVER_SIGN_PORT', + order => 340, + action => 'ACCEPT'; + } +} diff --git a/manifests/rules/puppet.pp b/manifests/rules/puppet.pp new file mode 100644 index 0000000..5b7e7b3 --- /dev/null +++ b/manifests/rules/puppet.pp @@ -0,0 +1,16 @@ +class shorewall::rules::puppet { + case $shorewall_puppetserver { + '': { $shorewall_puppetserver = "puppet.${domain}" } + } + case $shorewall_puppetserver_port { + '': { $shorewall_puppetserver_port = '8140' } + } + case $shorewall_puppetserver_signport { + '': { $shorewall_puppetserver_signport = '8141' } + } + shorewall::param{ + 'PUPPETSERVER': value => $shorewall_puppetserver; + 'PUPPETSERVER_PORT': value => $shorewall_puppetserver_port; + 'PUPPETSERVER_SIGN_PORT': value => $shorewall_puppetserver_signport; + } +} diff --git a/manifests/rules/puppet/master.pp b/manifests/rules/puppet/master.pp new file mode 100644 index 0000000..8ef609f --- /dev/null +++ b/manifests/rules/puppet/master.pp @@ -0,0 +1,11 @@ +class shorewall::rules::puppet::master { + include ::shorewall::rules::puppet + shorewall::rule { 'net-me-tcp_puppet-main': + source => 'net', + destination => '$FW', + proto => 'tcp', + destinationport => '$PUPPETSERVER_PORT,$PUPPETSERVER_SIGN_PORT', + order => 240, + action => 'ACCEPT'; + } +} |