diff options
-rw-r--r-- | README | 5 | ||||
-rw-r--r-- | manifests/rules/munin.pp | 8 | ||||
-rw-r--r-- | manifests/rules/out/ibackup.pp | 20 | ||||
-rw-r--r-- | manifests/rules/out/munin.pp | 16 | ||||
-rw-r--r-- | manifests/rules/out/puppet.pp | 30 | ||||
-rw-r--r-- | manifests/rules/puppet.pp | 14 | ||||
-rw-r--r-- | manifests/rules/ssh.pp | 2 |
7 files changed, 51 insertions, 44 deletions
@@ -51,10 +51,9 @@ class config::site_shorewall($startup = '1') { order => 100; } - $shorewall_main_interface hiera('shorewall_main_interface','eth0') - shorewall::interface { $shorewall_main_interface: + shorewall::interface { 'eth0': zone => 'net', - rfc1918 => hiera('shorewall_rfc1918_maineth',true) + rfc1918 => true, options => 'tcpflags,blacklist,nosmurfs'; } diff --git a/manifests/rules/munin.pp b/manifests/rules/munin.pp index 26cebfe..0c86abe 100644 --- a/manifests/rules/munin.pp +++ b/manifests/rules/munin.pp @@ -1,10 +1,10 @@ class shorewall::rules::munin( - $munin_port = hiera('munin_port','4949'), - $munin_collector = hiera('munin_collector','127.0.0.1'), - $collector_source = hiera('shorewall_munin_in_collector_source','net') + $munin_port = '4949', + $munin_collector = '127.0.0.1', + $collector_source = 'net' ){ shorewall::params { 'MUNINPORT': value => $munin_port } - shorewall::params { 'MUNINCOLLECTOR': value => $munin_collector } + shorewall::params { 'MUNINCOLLECTOR': value => join($munin_collector,',') } shorewall::rule{'net-me-munin-tcp': source => "${collector_source}:\$MUNINCOLLECTOR", destination => '$FW', diff --git a/manifests/rules/out/ibackup.pp b/manifests/rules/out/ibackup.pp index 48714af..856bcdb 100644 --- a/manifests/rules/out/ibackup.pp +++ b/manifests/rules/out/ibackup.pp @@ -1,12 +1,12 @@ class shorewall::rules::out::ibackup( - $backup_host = hiera('shorewall_ibackup_host') -) { - shorewall::rule { 'me-net-tcp_backupssh': - source => '$FW', - destination => "net:${backup_host}", - proto => 'tcp', - destinationport => 'ssh', - order => 240, - action => 'ACCEPT'; - } + $backup_host +){ + shorewall::rule { 'me-net-tcp_backupssh': + source => '$FW', + destination => "net:${backup_host}", + proto => 'tcp', + destinationport => 'ssh', + order => 240, + action => 'ACCEPT'; + } } diff --git a/manifests/rules/out/munin.pp b/manifests/rules/out/munin.pp index 7b0a015..004a3d5 100644 --- a/manifests/rules/out/munin.pp +++ b/manifests/rules/out/munin.pp @@ -1,10 +1,10 @@ class shorewall::rules::out::munin { - shorewall::rule { 'me-net-rcp_muninhost': - source => '$FW', - destination => 'net', - proto => 'tcp', - destinationport => '4949', - order => 340, - action => 'ACCEPT'; - } + shorewall::rule { 'me-net-rcp_muninhost': + source => '$FW', + destination => 'net', + proto => 'tcp', + destinationport => '4949', + order => 340, + action => 'ACCEPT'; + } } diff --git a/manifests/rules/out/puppet.pp b/manifests/rules/out/puppet.pp index 5cd4643..cbe8cce 100644 --- a/manifests/rules/out/puppet.pp +++ b/manifests/rules/out/puppet.pp @@ -1,12 +1,20 @@ -class shorewall::rules::out::puppet { - include ::shorewall::rules::puppet - # we want to connect to the puppet server - shorewall::rule { 'me-net-puppet_tcp': - source => '$FW', - destination => 'net:$PUPPETSERVER', - proto => 'tcp', - destinationport => '$PUPPETSERVER_PORT,$PUPPETSERVER_SIGN_PORT', - order => 340, - action => 'ACCEPT'; - } +class shorewall::rules::out::puppet( + $puppetserver = "puppet.${::domain}", + $puppetserver_port = 8140, + $puppetserver_signport = 8141 +) { + class{'shorewall::rules::puppet': + puppetserver => $puppetserver, + puppetserver_port => $puppetserver_port, + puppetserver_signport => $puppetserver_signport, + } + # we want to connect to the puppet server + shorewall::rule { 'me-net-puppet_tcp': + source => '$FW', + destination => 'net:$PUPPETSERVER', + proto => 'tcp', + destinationport => '$PUPPETSERVER_PORT,$PUPPETSERVER_SIGN_PORT', + order => 340, + action => 'ACCEPT'; + } } diff --git a/manifests/rules/puppet.pp b/manifests/rules/puppet.pp index c6fc09b..84e7d81 100644 --- a/manifests/rules/puppet.pp +++ b/manifests/rules/puppet.pp @@ -1,11 +1,11 @@ class shorewall::rules::puppet( - $puppetserver = hiera('shorewall_puppetserver',"puppet.${domain}"), - $puppetserver_port = hiera('shorewall_puppetserver_port',8140) , - $puppetserver_signport = hiera('shorewall_puppetserver_signport',8141) , -) { + $puppetserver = "puppet.${::domain}", + $puppetserver_port = 8140, + $puppetserver_signport = 8141 +){ shorewall::params{ - 'PUPPETSERVER': value => $puppetserver; - 'PUPPETSERVER_PORT': value => $puppetserver_port; - 'PUPPETSERVER_SIGN_PORT': value => $puppetserver_signport; + 'PUPPETSERVER': value => $puppetserver; + 'PUPPETSERVER_PORT': value => $puppetserver_port; + 'PUPPETSERVER_SIGN_PORT': value => $puppetserver_signport; } } diff --git a/manifests/rules/ssh.pp b/manifests/rules/ssh.pp index 3b7efa2..3a1b530 100644 --- a/manifests/rules/ssh.pp +++ b/manifests/rules/ssh.pp @@ -1,6 +1,6 @@ class shorewall::rules::ssh( $ports, - $source = hiera('shorewall_ssh_in_source','net') + $source = 'net' ) { shorewall::rule { 'net-me-tcp_ssh': source => $shorewall::rules::ssh::source, |