diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/base.pp | 16 | ||||
| -rw-r--r-- | manifests/centos.pp | 2 | ||||
| -rw-r--r-- | manifests/debian.pp | 22 | ||||
| -rw-r--r-- | manifests/init.pp | 12 | ||||
| -rw-r--r-- | manifests/managed_file.pp | 12 | ||||
| -rw-r--r-- | manifests/routestopped.pp | 10 | ||||
| -rw-r--r-- | manifests/rules/jetty/http.pp | 2 | ||||
| -rw-r--r-- | manifests/rules/out/ibackup.pp | 9 | ||||
| -rw-r--r-- | manifests/rules/puppet.pp | 21 |
9 files changed, 47 insertions, 59 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index d3fdec7..709f4b7 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -8,14 +8,14 @@ class shorewall::base { '/etc/shorewall/shorewall.conf': # use OS specific defaults, but use Default if no other is found source => [ - "puppet:///modules/site-shorewall/${fqdn}/shorewall.conf.${operatingsystem}", - "puppet:///modules/site-shorewall/${fqdn}/shorewall.conf", - "puppet:///modules/site-shorewall/shorewall.conf.${operatingsystem}.${lsbdistcodename}", - "puppet:///modules/site-shorewall/shorewall.conf.${operatingsystem}", - "puppet:///modules/site-shorewall/shorewall.conf", - "puppet:///modules/shorewall/shorewall.conf.${operatingsystem}.${lsbdistcodename}", - "puppet:///modules/shorewall/shorewall.conf.${operatingsystem}.${lsbmajdistrelease}", - "puppet:///modules/shorewall/shorewall.conf.${operatingsystem}", + "puppet:///modules/site_shorewall/${::fqdn}/shorewall.conf.${::operatingsystem}", + "puppet:///modules/site_shorewall/${::fqdn}/shorewall.conf", + "puppet:///modules/site_shorewall/shorewall.conf.${::operatingsystem}.${::lsbdistcodename}", + "puppet:///modules/site_shorewall/shorewall.conf.${::operatingsystem}", + "puppet:///modules/site_shorewall/shorewall.conf", + "puppet:///modules/shorewall/shorewall.conf.${::operatingsystem}.${::lsbdistcodename}", + "puppet:///modules/shorewall/shorewall.conf.${::operatingsystem}.${::lsbmajdistrelease}", + "puppet:///modules/shorewall/shorewall.conf.${::operatingsystem}", "puppet:///modules/shorewall/shorewall.conf" ], require => Package[shorewall], diff --git a/manifests/centos.pp b/manifests/centos.pp index c61e03c..7968b69 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -1,5 +1,5 @@ class shorewall::centos inherits shorewall::base { - if $lsbmajdistrelease == '6' { + if $::lsbmajdistrelease == '6' { # workaround for # http://comments.gmane.org/gmane.comp.security.shorewall/26991 file{'/etc/shorewall/params': diff --git a/manifests/debian.pp b/manifests/debian.pp index eab54a2..c7ed607 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -1,15 +1,11 @@ class shorewall::debian inherits shorewall::base { - case $shorewall_startup { - '': { $shorewall_startup = "1" } - } - file{'/etc/default/shorewall': - #source => "puppet:///modules/shorewall/debian/default", - content => template("shorewall/debian_default.erb"), - require => Package['shorewall'], - notify => Service['shorewall'], - owner => root, group => 0, mode => 0644; - } - Service['shorewall']{ - status => '/sbin/shorewall status' - } + file{'/etc/default/shorewall': + content => template("shorewall/debian_default.erb"), + require => Package['shorewall'], + notify => Service['shorewall'], + owner => root, group => 0, mode => 0644; + } + Service['shorewall']{ + status => '/sbin/shorewall status' + } } diff --git a/manifests/init.pp b/manifests/init.pp index 7c62222..17ff12d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,17 +1,19 @@ -class shorewall { +class shorewall( + $startup = '1' +) { - case $operatingsystem { + case $::operatingsystem { gentoo: { include shorewall::gentoo } debian: { include shorewall::debian } centos: { include shorewall::centos } ubuntu: { - case $lsbdistcodename { + case $::lsbdistcodename { karmic: { include shorewall::ubuntu::karmic } default: { include shorewall::debian } } } default: { - notice "unknown operatingsystem: $operatingsystem" + notice "unknown operatingsystem: ${::operatingsystem}" include shorewall::base } } @@ -38,7 +40,7 @@ class shorewall { shorewall::managed_file { rfc1918: } # See http://www.shorewall.net/3.0/Documentation.htm#Routestopped shorewall::managed_file { routestopped: } - # See http://www.shorewall.net/3.0/Documentation.htm#Variables + # See http://www.shorewall.net/3.0/Documentation.htm#Variables shorewall::managed_file { params: } # http://www.shorewall.net/manpages/shorewall-providers.html shorewall::managed_file { providers: } diff --git a/manifests/managed_file.pp b/manifests/managed_file.pp index 0beb221..d564daa 100644 --- a/manifests/managed_file.pp +++ b/manifests/managed_file.pp @@ -1,17 +1,17 @@ define shorewall::managed_file () { - concat{ "/etc/shorewall/puppet/$name": + concat{ "/etc/shorewall/puppet/${name}": notify => Service['shorewall'], require => File['/etc/shorewall/puppet'], owner => root, group => 0, mode => 0600; - } + } concat::fragment { "${name}-header": source => "puppet:///modules/shorewall/boilerplate/${name}.header", - target => "/etc/shorewall/puppet/$name", + target => "/etc/shorewall/puppet/${name}", order => '000'; "${name}-footer": source => "puppet:///modules/shorewall/boilerplate/${name}.footer", - target => "/etc/shorewall/puppet/$name", + target => "/etc/shorewall/puppet/${name}", order => '999'; - } -} + } +} diff --git a/manifests/routestopped.pp b/manifests/routestopped.pp index 0b53a1b..cd39762 100644 --- a/manifests/routestopped.pp +++ b/manifests/routestopped.pp @@ -1,14 +1,10 @@ define shorewall::routestopped( - $interface = '', + $interface = $name, $host = '-', $options = '', $order='100' ){ - $real_interface = $interface ? { - '' => $name, - default => $interface, - } shorewall::entry{"routestopped-${order}-${name}": - line => "${real_interface} ${host} ${options}", - } + line => "${interface} ${host} ${options}", + } } diff --git a/manifests/rules/jetty/http.pp b/manifests/rules/jetty/http.pp index be19622..4c0652b 100644 --- a/manifests/rules/jetty/http.pp +++ b/manifests/rules/jetty/http.pp @@ -2,7 +2,7 @@ class shorewall::rules::jetty::http { # dnat shorewall::rule { 'dnat-http-to-jetty': - destination => "net:${ipaddress}:8080", + destination => "net:${::ipaddress}:8080", destinationport => '80', source => 'net', proto => 'tcp', order => 140, action => 'DNAT'; } diff --git a/manifests/rules/out/ibackup.pp b/manifests/rules/out/ibackup.pp index ec12c8b..48714af 100644 --- a/manifests/rules/out/ibackup.pp +++ b/manifests/rules/out/ibackup.pp @@ -1,10 +1,9 @@ -class shorewall::rules::out::ibackup { - case $shorewall_ibackup_host { - '': { fail("You need to define \$shorewall_ibackup_host for ${fqdn}") } - } +class shorewall::rules::out::ibackup( + $backup_host = hiera('shorewall_ibackup_host') +) { shorewall::rule { 'me-net-tcp_backupssh': source => '$FW', - destination => "net:${shorewall_ibackup_host}", + destination => "net:${backup_host}", proto => 'tcp', destinationport => 'ssh', order => 240, diff --git a/manifests/rules/puppet.pp b/manifests/rules/puppet.pp index b53c726..c6fc09b 100644 --- a/manifests/rules/puppet.pp +++ b/manifests/rules/puppet.pp @@ -1,16 +1,11 @@ -class shorewall::rules::puppet { - case $shorewall_puppetserver { - '': { $shorewall_puppetserver = "puppet.${domain}" } - } - case $shorewall_puppetserver_port { - '': { $shorewall_puppetserver_port = '8140' } - } - case $shorewall_puppetserver_signport { - '': { $shorewall_puppetserver_signport = '8141' } - } +class shorewall::rules::puppet( + $puppetserver = hiera('shorewall_puppetserver',"puppet.${domain}"), + $puppetserver_port = hiera('shorewall_puppetserver_port',8140) , + $puppetserver_signport = hiera('shorewall_puppetserver_signport',8141) , +) { shorewall::params{ - 'PUPPETSERVER': value => $shorewall_puppetserver; - 'PUPPETSERVER_PORT': value => $shorewall_puppetserver_port; - 'PUPPETSERVER_SIGN_PORT': value => $shorewall_puppetserver_signport; + 'PUPPETSERVER': value => $puppetserver; + 'PUPPETSERVER_PORT': value => $puppetserver_port; + 'PUPPETSERVER_SIGN_PORT': value => $puppetserver_signport; } } |