From cf0f8bb58178df4b7ce54abab3684a2240c43855 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 4 Dec 2012 15:20:13 -0500 Subject: Stop shipping the default shorewall.conf file, instead we should let the operatingsystem package install its default config (this lets us stop having to keep this file updated), and instead tell people to configure their shorewall.conf file using the augeas method. It is possible still to distribute a shorewall.conf from a site-shorewall directory, however if the file is distributed, then it is not possible to use the augeas method. https://labs.riseup.net/code/issues/2738 --- manifests/base.pp | 4 ---- 1 file changed, 4 deletions(-) (limited to 'manifests') diff --git a/manifests/base.pp b/manifests/base.pp index 937b83b..0007e40 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -13,10 +13,6 @@ class shorewall::base { "puppet:///modules/site_shorewall/shorewall.conf.${::operatingsystem}.${::lsbdistcodename}", "puppet:///modules/site_shorewall/shorewall.conf.${::operatingsystem}", "puppet:///modules/site_shorewall/shorewall.conf", - "puppet:///modules/shorewall/shorewall.conf.${::operatingsystem}.${::lsbdistcodename}", - "puppet:///modules/shorewall/shorewall.conf.${::operatingsystem}.${::lsbmajdistrelease}", - "puppet:///modules/shorewall/shorewall.conf.${::operatingsystem}", - "puppet:///modules/shorewall/shorewall.conf" ], require => Package[shorewall], notify => Service[shorewall], -- cgit v1.2.3 From 29e80fe61983821dc50ea54a05013c351206d5bd Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 4 Dec 2012 15:39:15 -0500 Subject: actually it is not possible to provide the site-shorewall sources for shorewall.conf, because if they do not exist, you will get a puppet error. this commit removes them, and updates the README to provide instructions for how you can do it the old way, if you want --- README | 17 +++++++++-------- manifests/base.pp | 8 -------- 2 files changed, 9 insertions(+), 16 deletions(-) (limited to 'manifests') diff --git a/README b/README index 50a2bb9..2487f20 100644 --- a/README +++ b/README @@ -49,14 +49,15 @@ shorewall.conf, simply do this: NOTE: this requires the augeas ruby bindings newer than 0.7.3. -If you need to, you can provide an entire shorewall.conf by placing it in one of -the following locations: - - "puppet:///modules/site-shorewall/${fqdn}/shorewall.conf.$operatingsystem", - "puppet:///modules/site-shorewall/${fqdn}/shorewall.conf", - "puppet:///modules/site-shorewall/shorewall.conf.$operatingsystem.$lsbdistcodename", - "puppet:///modules/site-shorewall/shorewall.conf.$operatingsystem", - "puppet:///modules/site-shorewall/shorewall.conf" +If you need to, you can provide an entire shorewall.conf by overriding the file +resource, for example: + +class site_shorewall::config inherits shorewall::base { + + File["/etc/shorewall/shorewall.conf"] { + source => "puppet:///modules/site_shorewall/${::fqdn}/shorewall.conf.${::operatingsystem}", + } +} NOTE: if you distribute a file, you cannot also use augeas, puppet and augeas will fight forever diff --git a/manifests/base.pp b/manifests/base.pp index 0007e40..7dd025f 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -6,14 +6,6 @@ class shorewall::base { # This file has to be managed in place, so shorewall can find it file { '/etc/shorewall/shorewall.conf': - # use OS specific defaults, but use Default if no other is found - source => [ - "puppet:///modules/site_shorewall/${::fqdn}/shorewall.conf.${::operatingsystem}", - "puppet:///modules/site_shorewall/${::fqdn}/shorewall.conf", - "puppet:///modules/site_shorewall/shorewall.conf.${::operatingsystem}.${::lsbdistcodename}", - "puppet:///modules/site_shorewall/shorewall.conf.${::operatingsystem}", - "puppet:///modules/site_shorewall/shorewall.conf", - ], require => Package[shorewall], notify => Service[shorewall], owner => root, group => 0, mode => 0644; -- cgit v1.2.3 From e511291a111db7a7d88a8820c5423aa5b92304e0 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 11 Dec 2012 18:42:15 -0500 Subject: Because the puppet shorewall module uses concat::fragment assembly to put the final results in /etc/shorewall/puppet, we have to make sure the shorewall.conf is pointing to that directory to get those configurations. This commit fixes that. --- README | 6 +++++- manifests/base.pp | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/README b/README index 2487f20..29fd84d 100644 --- a/README +++ b/README @@ -60,7 +60,11 @@ class site_shorewall::config inherits shorewall::base { } NOTE: if you distribute a file, you cannot also use augeas, puppet and augeas -will fight forever +will fight forever. Secondly, you will *need* to make sure that if you are shipping your own +shorewall.conf that you have the following value set in your shorewall.conf otherwise this +module will not work: + + CONFIG_PATH="/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall" Documentation ------------- diff --git a/manifests/base.pp b/manifests/base.pp index 7dd025f..537c2a6 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -15,6 +15,13 @@ class shorewall::base { owner => root, group => 0, mode => 0644; } + augeas { 'shorewall_module_config_path': + changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'', + lens => 'Shellvars.lns', + incl => '/etc/shorewall/shorewall.conf', + notify => Service[shorewall]; + } + service{shorewall: ensure => running, enable => true, -- cgit v1.2.3