Commit 8dde08a3 authored by Marcel Haerry's avatar Marcel Haerry

refactor things to use the concat module

parent 777f77d3
...@@ -78,7 +78,7 @@ SUBSYSLOCK=/var/lock/subsys/shorewall ...@@ -78,7 +78,7 @@ SUBSYSLOCK=/var/lock/subsys/shorewall
MODULESDIR= MODULESDIR=
CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE= RESTOREFILE=
......
...@@ -79,7 +79,7 @@ SUBSYSLOCK="" ...@@ -79,7 +79,7 @@ SUBSYSLOCK=""
MODULESDIR= MODULESDIR=
# add puppet delivered files in front # add puppet delivered files in front
CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE= RESTOREFILE=
......
...@@ -77,7 +77,7 @@ SUBSYSLOCK="" ...@@ -77,7 +77,7 @@ SUBSYSLOCK=""
MODULESDIR= MODULESDIR=
# add puppet delivered files in front # add puppet delivered files in front
CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE= RESTOREFILE=
......
...@@ -77,7 +77,7 @@ SUBSYSLOCK="/var/lock/subsys/shorewall" ...@@ -77,7 +77,7 @@ SUBSYSLOCK="/var/lock/subsys/shorewall"
MODULESDIR= MODULESDIR=
# add puppet delivered files in front # add puppet delivered files in front
CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE= RESTOREFILE=
......
...@@ -79,7 +79,7 @@ SUBSYSLOCK="" ...@@ -79,7 +79,7 @@ SUBSYSLOCK=""
MODULESDIR= MODULESDIR=
# add puppet delivered files in front # add puppet delivered files in front
CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE= RESTOREFILE=
......
...@@ -4,9 +4,10 @@ class shorewall::base { ...@@ -4,9 +4,10 @@ class shorewall::base {
} }
# This file has to be managed in place, so shorewall can find it # This file has to be managed in place, so shorewall can find it
file { "/etc/shorewall/shorewall.conf": file {
# use OS specific defaults, but use Default if no other is found '/etc/shorewall/shorewall.conf':
source => [ # use OS specific defaults, but use Default if no other is found
source => [
"puppet:///modules/site-shorewall/${fqdn}/shorewall.conf.$operatingsystem", "puppet:///modules/site-shorewall/${fqdn}/shorewall.conf.$operatingsystem",
"puppet:///modules/site-shorewall/${fqdn}/shorewall.conf", "puppet:///modules/site-shorewall/${fqdn}/shorewall.conf",
"puppet:///modules/site-shorewall/shorewall.conf.$operatingsystem.$lsbdistcodename", "puppet:///modules/site-shorewall/shorewall.conf.$operatingsystem.$lsbdistcodename",
...@@ -19,6 +20,10 @@ class shorewall::base { ...@@ -19,6 +20,10 @@ class shorewall::base {
require => Package[shorewall], require => Package[shorewall],
notify => Service[shorewall], notify => Service[shorewall],
owner => root, group => 0, mode => 0644; owner => root, group => 0, mode => 0644;
'/etc/shorewall/puppet':
ensure => directory,
require => Package[shorewall],
owner => root, group => 0, mode => 0644;
} }
service{shorewall: service{shorewall:
...@@ -26,21 +31,6 @@ class shorewall::base { ...@@ -26,21 +31,6 @@ class shorewall::base {
enable => true, enable => true,
hasstatus => true, hasstatus => true,
hasrestart => true, hasrestart => true,
subscribe => [
File["/var/lib/puppet/modules/shorewall/zones"],
File["/var/lib/puppet/modules/shorewall/interfaces"],
File["/var/lib/puppet/modules/shorewall/hosts"],
File["/var/lib/puppet/modules/shorewall/policy"],
File["/var/lib/puppet/modules/shorewall/rules"],
File["/var/lib/puppet/modules/shorewall/masq"],
File["/var/lib/puppet/modules/shorewall/proxyarp"],
File["/var/lib/puppet/modules/shorewall/nat"],
File["/var/lib/puppet/modules/shorewall/blacklist"],
File["/var/lib/puppet/modules/shorewall/rfc1918"],
File["/var/lib/puppet/modules/shorewall/routestopped"],
File["/var/lib/puppet/modules/shorewall/params"],
File["/var/lib/puppet/modules/shorewall/providers"],
],
require => Package[shorewall], require => Package[shorewall],
} }
} }
...@@ -3,7 +3,7 @@ define shorewall::blacklist( ...@@ -3,7 +3,7 @@ define shorewall::blacklist(
$port = '-', $port = '-',
$order='100' $order='100'
){ ){
shorewall::entry{"blacklist.d/${order}-${name}": shorewall::entry{"blacklist-${order}-${name}":
line => "${name} ${proto} ${port}", line => "${name} ${proto} ${port}",
} }
} }
...@@ -2,12 +2,11 @@ define shorewall::entry( ...@@ -2,12 +2,11 @@ define shorewall::entry(
$ensure = present, $ensure = present,
$line $line
){ ){
$target = "/var/lib/puppet/modules/shorewall/${name}" $parts = split($name,'-')
$dir = dirname($target) concat::fragment{$name:
file { $target: ensure => $ensure,
ensure => $ensure, content => "${line}\n",
content => "${line}\n", order => $parts[1],
mode => 0600, owner => root, group => 0, target => "/etc/shorewall/puppet/${parts[0]}",
notify => Exec["concat_${dir}"], }
}
} }
...@@ -3,7 +3,7 @@ define shorewall::host( ...@@ -3,7 +3,7 @@ define shorewall::host(
$options = 'tcpflags,blacklist,norfc1918', $options = 'tcpflags,blacklist,norfc1918',
$order='100' $order='100'
){ ){
shorewall::entry{"hosts.d/${order}-${name}": shorewall::entry{"hosts-${order}-${name}":
line => "${zone} ${name} ${options}" line => "${zone} ${name} ${options}"
} }
} }
......
class shorewall { class shorewall {
include common::moduledir
module_dir { "shorewall": }
case $operatingsystem { case $operatingsystem {
gentoo: { include shorewall::gentoo } gentoo: { include shorewall::gentoo }
debian: { include shorewall::debian } debian: { include shorewall::debian }
...@@ -19,12 +16,6 @@ class shorewall { ...@@ -19,12 +16,6 @@ class shorewall {
} }
} }
file {"/var/lib/puppet/modules/shorewall":
ensure => directory,
force => true,
owner => root, group => 0, mode => 0755;
}
# See http://www.shorewall.net/3.0/Documentation.htm#Zones # See http://www.shorewall.net/3.0/Documentation.htm#Zones
shorewall::managed_file{ zones: } shorewall::managed_file{ zones: }
# See http://www.shorewall.net/3.0/Documentation.htm#Interfaces # See http://www.shorewall.net/3.0/Documentation.htm#Interfaces
......
...@@ -20,7 +20,7 @@ define shorewall::interface( ...@@ -20,7 +20,7 @@ define shorewall::interface(
} }
} }
shorewall::entry { "interfaces.d/${order}-${name}": shorewall::entry { "interfaces-${order}-${name}":
line => "${zone} ${name} ${broadcast} ${options_real}", line => "${zone} ${name} ${broadcast} ${options_real}",
} }
} }
......
define shorewall::managed_file () { define shorewall::managed_file () {
$dir = "/var/lib/puppet/modules/shorewall/${name}.d" concat{ "/etc/shorewall/puppet/$name":
concatenated_file { "/var/lib/puppet/modules/shorewall/$name": notify => Service['shorewall'],
dir => $dir, require => File['/etc/shorewall/puppet'],
mode => 0600, owner => root, group => 0, mode => 0600;
} }
file { concat::fragment {
"${dir}/000-header": "${name}-header":
source => "puppet:///modules/shorewall/boilerplate/${name}.header", source => "puppet:///modules/shorewall/boilerplate/${name}.header",
mode => 0600, owner => root, group => 0, order => '000';
notify => Exec["concat_${dir}"]; "${name}-footer":
"${dir}/999-footer": source => "puppet:///modules/shorewall/boilerplate/${name}.footer",
source => "puppet:///modules/shorewall/boilerplate/${name}.footer", order => '999';
mode => 0600, owner => root, group => 0, }
notify => Exec["concat_${dir}"];
}
} }
...@@ -10,7 +10,7 @@ define shorewall::masq( ...@@ -10,7 +10,7 @@ define shorewall::masq(
$mark = '', $mark = '',
$order='100' $order='100'
){ ){
shorewall::entry{"masq.d/${order}-${name}": shorewall::entry{"masq-${order}-${name}":
line => "# ${name}\n${interface} ${source} ${address} ${proto} ${port} ${ipsec} ${mark}" line => "# ${name}\n${interface} ${source} ${address} ${proto} ${port} ${ipsec} ${mark}"
} }
} }
......
...@@ -5,7 +5,7 @@ define shorewall::nat( ...@@ -5,7 +5,7 @@ define shorewall::nat(
$local = 'yes', $local = 'yes',
$order='100' $order='100'
){ ){
shorewall::entry{"nat.d/${order}-${name}": shorewall::entry{"nat-${order}-${name}":
line => "${name} ${interface} ${internal} ${all} ${local}" line => "${name} ${interface} ${internal} ${all} ${local}"
} }
} }
define shorewall::params($value, $order='100'){ define shorewall::params($value, $order='100'){
shorewall::entry{"params.d/${order}-${name}": shorewall::entry{"params-${order}-${name}":
line => "${name}=${value}", line => "${name}=${value}",
} }
} }
...@@ -5,7 +5,7 @@ define shorewall::policy( ...@@ -5,7 +5,7 @@ define shorewall::policy(
$limitburst = '-', $limitburst = '-',
$order $order
){ ){
shorewall::entry{"policy.d/${order}-${name}": shorewall::entry{"policy-${order}-${name}":
line => "# ${name}\n${sourcezone} ${destinationzone} ${policy} ${shloglevel} ${limitburst}", line => "# ${name}\n${sourcezone} ${destinationzone} ${policy} ${shloglevel} ${limitburst}",
} }
} }
......
...@@ -9,7 +9,7 @@ define shorewall::providers( ...@@ -9,7 +9,7 @@ define shorewall::providers(
$copy = '', $copy = '',
$order='100' $order='100'
){ ){
shorewall::entry{"providers.d/${order}-${name}": shorewall::entry{"providers-${order}-${name}":
line => "# ${name}\n${provider} ${number} ${mark} ${duplicate} ${interface} ${gateway} ${options} ${copy}" line => "# ${name}\n${provider} ${number} ${mark} ${duplicate} ${interface} ${gateway} ${options} ${copy}"
} }
} }
......
...@@ -5,7 +5,7 @@ define shorewall::proxyarp( ...@@ -5,7 +5,7 @@ define shorewall::proxyarp(
$persistent = no, $persistent = no,
$order='100' $order='100'
){ ){
shorewall::entry{"proxyarp.d/${order}-${name}": shorewall::entry{"proxyarp-${order}-${name}":
line => "# ${name}\n${name} ${interface} ${external} ${haveroute} ${persistent}" line => "# ${name}\n${name} ${interface} ${external} ${haveroute} ${persistent}"
} }
} }
...@@ -2,7 +2,7 @@ define shorewall::rfc1918( ...@@ -2,7 +2,7 @@ define shorewall::rfc1918(
$action = 'logdrop', $action = 'logdrop',
$order='100' $order='100'
){ ){
shorewall::entry{"rfc1918.d/${order}-${name}": shorewall::entry{"rfc1918-${order}-${name}":
line => "${name} ${action}" line => "${name} ${action}"
} }
} }
...@@ -8,7 +8,7 @@ define shorewall::routestopped( ...@@ -8,7 +8,7 @@ define shorewall::routestopped(
'' => $name, '' => $name,
default => $interface, default => $interface,
} }
shorewall::entry{"routestopped.d/${order}-${name}": shorewall::entry{"routestopped-${order}-${name}":
line => "${real_interface} ${host} ${options}", line => "${real_interface} ${host} ${options}",
} }
} }
...@@ -13,8 +13,8 @@ define shorewall::rule( ...@@ -13,8 +13,8 @@ define shorewall::rule(
$mark = '', $mark = '',
$order $order
){ ){
shorewall::entry{"rules.d/${order}-${name}": shorewall::entry{"rules-${order}-${name}":
ensure => $ensure, ensure => $ensure,
line => "# ${name}\n${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${originaldest} ${ratelimit} ${user} ${mark}", line => "# ${name}\n${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${originaldest} ${ratelimit} ${user} ${mark}",
} }
} }
define shorewall::rule_section( define shorewall::rule_section(
$order $order
){ ){
shorewall::entry{"rules.d/${order}-${name}": shorewall::entry{"rules-${order}-${name}":
line => "SECTION ${name}", line => "SECTION ${name}",
} }
} }
...@@ -7,7 +7,7 @@ define shorewall::zone( ...@@ -7,7 +7,7 @@ define shorewall::zone(
$order = 100 $order = 100
){ ){
$real_name = $parent ? { '-' => $name, default => "${name}:${parent}" } $real_name = $parent ? { '-' => $name, default => "${name}:${parent}" }
shorewall::entry { "zones.d/${order}-${name}": shorewall::entry { "zones-${order}-${name}":
line => "${real_name} ${type} ${options} ${in} ${out}" line => "${real_name} ${type} ${options} ${in} ${out}"
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment