Commit 8dde08a3 authored by Marcel Haerry's avatar Marcel Haerry

refactor things to use the concat module

parent 777f77d3
......@@ -78,7 +78,7 @@ SUBSYSLOCK=/var/lock/subsys/shorewall
MODULESDIR=
CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall
CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
......
......@@ -79,7 +79,7 @@ SUBSYSLOCK=""
MODULESDIR=
# add puppet delivered files in front
CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall
CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
......
......@@ -77,7 +77,7 @@ SUBSYSLOCK=""
MODULESDIR=
# add puppet delivered files in front
CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall
CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
......
......@@ -77,7 +77,7 @@ SUBSYSLOCK="/var/lock/subsys/shorewall"
MODULESDIR=
# add puppet delivered files in front
CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall
CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
......
......@@ -79,7 +79,7 @@ SUBSYSLOCK=""
MODULESDIR=
# add puppet delivered files in front
CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall
CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
......
......@@ -4,7 +4,8 @@ class shorewall::base {
}
# This file has to be managed in place, so shorewall can find it
file { "/etc/shorewall/shorewall.conf":
file {
'/etc/shorewall/shorewall.conf':
# use OS specific defaults, but use Default if no other is found
source => [
"puppet:///modules/site-shorewall/${fqdn}/shorewall.conf.$operatingsystem",
......@@ -19,6 +20,10 @@ class shorewall::base {
require => Package[shorewall],
notify => Service[shorewall],
owner => root, group => 0, mode => 0644;
'/etc/shorewall/puppet':
ensure => directory,
require => Package[shorewall],
owner => root, group => 0, mode => 0644;
}
service{shorewall:
......@@ -26,21 +31,6 @@ class shorewall::base {
enable => true,
hasstatus => true,
hasrestart => true,
subscribe => [
File["/var/lib/puppet/modules/shorewall/zones"],
File["/var/lib/puppet/modules/shorewall/interfaces"],
File["/var/lib/puppet/modules/shorewall/hosts"],
File["/var/lib/puppet/modules/shorewall/policy"],
File["/var/lib/puppet/modules/shorewall/rules"],
File["/var/lib/puppet/modules/shorewall/masq"],
File["/var/lib/puppet/modules/shorewall/proxyarp"],
File["/var/lib/puppet/modules/shorewall/nat"],
File["/var/lib/puppet/modules/shorewall/blacklist"],
File["/var/lib/puppet/modules/shorewall/rfc1918"],
File["/var/lib/puppet/modules/shorewall/routestopped"],
File["/var/lib/puppet/modules/shorewall/params"],
File["/var/lib/puppet/modules/shorewall/providers"],
],
require => Package[shorewall],
}
}
......@@ -3,7 +3,7 @@ define shorewall::blacklist(
$port = '-',
$order='100'
){
shorewall::entry{"blacklist.d/${order}-${name}":
shorewall::entry{"blacklist-${order}-${name}":
line => "${name} ${proto} ${port}",
}
}
......@@ -2,12 +2,11 @@ define shorewall::entry(
$ensure = present,
$line
){
$target = "/var/lib/puppet/modules/shorewall/${name}"
$dir = dirname($target)
file { $target:
$parts = split($name,'-')
concat::fragment{$name:
ensure => $ensure,
content => "${line}\n",
mode => 0600, owner => root, group => 0,
notify => Exec["concat_${dir}"],
order => $parts[1],
target => "/etc/shorewall/puppet/${parts[0]}",
}
}
......@@ -3,7 +3,7 @@ define shorewall::host(
$options = 'tcpflags,blacklist,norfc1918',
$order='100'
){
shorewall::entry{"hosts.d/${order}-${name}":
shorewall::entry{"hosts-${order}-${name}":
line => "${zone} ${name} ${options}"
}
}
......
class shorewall {
include common::moduledir
module_dir { "shorewall": }
case $operatingsystem {
gentoo: { include shorewall::gentoo }
debian: { include shorewall::debian }
......@@ -19,12 +16,6 @@ class shorewall {
}
}
file {"/var/lib/puppet/modules/shorewall":
ensure => directory,
force => true,
owner => root, group => 0, mode => 0755;
}
# See http://www.shorewall.net/3.0/Documentation.htm#Zones
shorewall::managed_file{ zones: }
# See http://www.shorewall.net/3.0/Documentation.htm#Interfaces
......
......@@ -20,7 +20,7 @@ define shorewall::interface(
}
}
shorewall::entry { "interfaces.d/${order}-${name}":
shorewall::entry { "interfaces-${order}-${name}":
line => "${zone} ${name} ${broadcast} ${options_real}",
}
}
......
define shorewall::managed_file () {
$dir = "/var/lib/puppet/modules/shorewall/${name}.d"
concatenated_file { "/var/lib/puppet/modules/shorewall/$name":
dir => $dir,
mode => 0600,
concat{ "/etc/shorewall/puppet/$name":
notify => Service['shorewall'],
require => File['/etc/shorewall/puppet'],
owner => root, group => 0, mode => 0600;
}
file {
"${dir}/000-header":
concat::fragment {
"${name}-header":
source => "puppet:///modules/shorewall/boilerplate/${name}.header",
mode => 0600, owner => root, group => 0,
notify => Exec["concat_${dir}"];
"${dir}/999-footer":
order => '000';
"${name}-footer":
source => "puppet:///modules/shorewall/boilerplate/${name}.footer",
mode => 0600, owner => root, group => 0,
notify => Exec["concat_${dir}"];
order => '999';
}
}
......@@ -10,7 +10,7 @@ define shorewall::masq(
$mark = '',
$order='100'
){
shorewall::entry{"masq.d/${order}-${name}":
shorewall::entry{"masq-${order}-${name}":
line => "# ${name}\n${interface} ${source} ${address} ${proto} ${port} ${ipsec} ${mark}"
}
}
......
......@@ -5,7 +5,7 @@ define shorewall::nat(
$local = 'yes',
$order='100'
){
shorewall::entry{"nat.d/${order}-${name}":
shorewall::entry{"nat-${order}-${name}":
line => "${name} ${interface} ${internal} ${all} ${local}"
}
}
define shorewall::params($value, $order='100'){
shorewall::entry{"params.d/${order}-${name}":
shorewall::entry{"params-${order}-${name}":
line => "${name}=${value}",
}
}
......@@ -5,7 +5,7 @@ define shorewall::policy(
$limitburst = '-',
$order
){
shorewall::entry{"policy.d/${order}-${name}":
shorewall::entry{"policy-${order}-${name}":
line => "# ${name}\n${sourcezone} ${destinationzone} ${policy} ${shloglevel} ${limitburst}",
}
}
......
......@@ -9,7 +9,7 @@ define shorewall::providers(
$copy = '',
$order='100'
){
shorewall::entry{"providers.d/${order}-${name}":
shorewall::entry{"providers-${order}-${name}":
line => "# ${name}\n${provider} ${number} ${mark} ${duplicate} ${interface} ${gateway} ${options} ${copy}"
}
}
......
......@@ -5,7 +5,7 @@ define shorewall::proxyarp(
$persistent = no,
$order='100'
){
shorewall::entry{"proxyarp.d/${order}-${name}":
shorewall::entry{"proxyarp-${order}-${name}":
line => "# ${name}\n${name} ${interface} ${external} ${haveroute} ${persistent}"
}
}
......@@ -2,7 +2,7 @@ define shorewall::rfc1918(
$action = 'logdrop',
$order='100'
){
shorewall::entry{"rfc1918.d/${order}-${name}":
shorewall::entry{"rfc1918-${order}-${name}":
line => "${name} ${action}"
}
}
......@@ -8,7 +8,7 @@ define shorewall::routestopped(
'' => $name,
default => $interface,
}
shorewall::entry{"routestopped.d/${order}-${name}":
shorewall::entry{"routestopped-${order}-${name}":
line => "${real_interface} ${host} ${options}",
}
}
......@@ -13,7 +13,7 @@ define shorewall::rule(
$mark = '',
$order
){
shorewall::entry{"rules.d/${order}-${name}":
shorewall::entry{"rules-${order}-${name}":
ensure => $ensure,
line => "# ${name}\n${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${originaldest} ${ratelimit} ${user} ${mark}",
}
......
define shorewall::rule_section(
$order
){
shorewall::entry{"rules.d/${order}-${name}":
shorewall::entry{"rules-${order}-${name}":
line => "SECTION ${name}",
}
}
......@@ -7,7 +7,7 @@ define shorewall::zone(
$order = 100
){
$real_name = $parent ? { '-' => $name, default => "${name}:${parent}" }
shorewall::entry { "zones.d/${order}-${name}":
shorewall::entry { "zones-${order}-${name}":
line => "${real_name} ${type} ${options} ${in} ${out}"
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment