diff options
| author | varac <varacanero@zeromail.org> | 2016-06-13 20:11:23 +0200 |
|---|---|---|
| committer | varac <varacanero@zeromail.org> | 2016-06-14 23:19:20 +0200 |
| commit | e4f36f7f143641eee96fb092d840a7f75e6d13cc (patch) | |
| tree | 3114f59c62931f164aa412a08d37e6f8ace12395 | |
| parent | e9889220fa4107ee01efd38cf03f27ffc85d80fb (diff) | |
Notify Exec[shorewall_check] not Service[shorew..]gitsubrepo
Latest shorewall module does `shorewall check` (executed
by `Exec[shorewall_check]`) so every related resource change
must notify this Exec instead of `Service[shorewall]` as before.
14 files changed, 22 insertions, 16 deletions
diff --git a/puppet/modules/site_couchdb/manifests/bigcouch.pp b/puppet/modules/site_couchdb/manifests/bigcouch.pp index 2de3d4d0..dd3c0a7f 100644 --- a/puppet/modules/site_couchdb/manifests/bigcouch.pp +++ b/puppet/modules/site_couchdb/manifests/bigcouch.pp @@ -20,7 +20,7 @@ class site_couchdb::bigcouch { Class['site_config::default'] -> Class['site_config::resolvconf'] -> Class['couchdb::bigcouch::package::cloudant'] - -> Service['shorewall'] + -> Exec['shorewall_check'] -> Exec['refresh_stunnel'] -> Class['site_couchdb::setup'] -> Class['site_couchdb::bigcouch::add_nodes'] diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index c4fe6277..c5944fc4 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -48,7 +48,7 @@ class site_couchdb { include site_couchdb::plain Class['site_config::default'] - -> Service['shorewall'] + -> Exec['shorewall_check'] -> Exec['refresh_stunnel'] -> Class['couchdb'] -> Class['site_couchdb::setup'] diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index eb4415e7..ad97f829 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -149,7 +149,7 @@ class site_nickserver { file { '/etc/shorewall/macro.nickserver': content => "PARAM - - tcp ${nickserver_port}", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall']; } diff --git a/puppet/modules/site_shorewall/manifests/defaults.pp b/puppet/modules/site_shorewall/manifests/defaults.pp index ceb17868..725e0880 100644 --- a/puppet/modules/site_shorewall/manifests/defaults.pp +++ b/puppet/modules/site_shorewall/manifests/defaults.pp @@ -1,3 +1,4 @@ +# Configure basic firewall rules for shorewall class site_shorewall::defaults { include shorewall @@ -55,7 +56,7 @@ class site_shorewall::defaults { mode => '0644', source => 'puppet:///modules/site_shorewall/Debian/shorewall.service', require => Package['shorewall'], - notify => Service['shorewall'], + notify => Exec['shorewall_check'], } ~> Exec['systemctl-daemon-reload'] @@ -66,14 +67,14 @@ class site_shorewall::defaults { lens => 'Shellvars.lns', incl => '/etc/shorewall/shorewall.conf', require => Package['shorewall'], - notify => Service['shorewall']; + notify => Exec['shorewall_check']; # require that the interface exist 'shorewall_REQUIRE_INTERFACE': changes => 'set /files/etc/shorewall/shorewall.conf/REQUIRE_INTERFACE Yes', lens => 'Shellvars.lns', incl => '/etc/shorewall/shorewall.conf', require => Package['shorewall'], - notify => Service['shorewall']; + notify => Exec['shorewall_check']; # configure shorewall-init 'shorewall-init': changes => 'set /files/etc/default/shorewall-init/PRODUCTS shorewall', diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp index 8fbba658..21934761 100644 --- a/puppet/modules/site_shorewall/manifests/eip.pp +++ b/puppet/modules/site_shorewall/manifests/eip.pp @@ -1,3 +1,4 @@ +# Configure shorewall on eip/vpn nodes class site_shorewall::eip { include site_shorewall::defaults @@ -9,7 +10,7 @@ class site_shorewall::eip { content => "PARAM - - tcp 1194 PARAM - - udp 1194 ", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/ip_forward.pp b/puppet/modules/site_shorewall/manifests/ip_forward.pp index d53ee8a5..beb1f055 100644 --- a/puppet/modules/site_shorewall/manifests/ip_forward.pp +++ b/puppet/modules/site_shorewall/manifests/ip_forward.pp @@ -1,10 +1,11 @@ +# Configure ip forwarding for shorewall class site_shorewall::ip_forward { include augeas augeas { 'enable_ip_forwarding': changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING Yes', lens => 'Shellvars.lns', incl => '/etc/shorewall/shorewall.conf', - notify => Service[shorewall], + notify => Exec['shorewall_check'], require => [ Class[augeas], Package[shorewall] ]; } } diff --git a/puppet/modules/site_shorewall/manifests/mx.pp b/puppet/modules/site_shorewall/manifests/mx.pp index 332f164e..2500668f 100644 --- a/puppet/modules/site_shorewall/manifests/mx.pp +++ b/puppet/modules/site_shorewall/manifests/mx.pp @@ -1,3 +1,4 @@ +# Configure leap-mx shorewall rules class site_shorewall::mx { include site_shorewall::defaults @@ -7,7 +8,7 @@ class site_shorewall::mx { # define macro for incoming services file { '/etc/shorewall/macro.leap_mx': content => "PARAM - - tcp ${smtpd_ports} ", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/obfsproxy.pp b/puppet/modules/site_shorewall/manifests/obfsproxy.pp index 75846705..3c82dc40 100644 --- a/puppet/modules/site_shorewall/manifests/obfsproxy.pp +++ b/puppet/modules/site_shorewall/manifests/obfsproxy.pp @@ -10,7 +10,7 @@ class site_shorewall::obfsproxy { # define macro for incoming services file { '/etc/shorewall/macro.leap_obfsproxy': content => "PARAM - - tcp ${scram_port} ", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp index d3a1aeed..e3ae4200 100644 --- a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp +++ b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp @@ -7,7 +7,7 @@ class site_shorewall::service::webapp_api { # define macro for incoming services file { '/etc/shorewall/macro.leap_webapp_api': content => "PARAM - - tcp ${api_port} ", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/soledad.pp b/puppet/modules/site_shorewall/manifests/soledad.pp index 518d8689..5bee07af 100644 --- a/puppet/modules/site_shorewall/manifests/soledad.pp +++ b/puppet/modules/site_shorewall/manifests/soledad.pp @@ -1,3 +1,4 @@ +# Setup soledad server class site_shorewall::soledad { $soledad = hiera('soledad') @@ -8,7 +9,7 @@ class site_shorewall::soledad { # define macro for incoming services file { '/etc/shorewall/macro.leap_soledad': content => "PARAM - - tcp ${soledad_port}", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/sshd.pp b/puppet/modules/site_shorewall/manifests/sshd.pp index e2332592..ba129002 100644 --- a/puppet/modules/site_shorewall/manifests/sshd.pp +++ b/puppet/modules/site_shorewall/manifests/sshd.pp @@ -9,7 +9,7 @@ class site_shorewall::sshd { # define macro for incoming sshd file { '/etc/shorewall/macro.leap_sshd': content => "PARAM - - tcp ${ssh_port}", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/stunnel/server.pp b/puppet/modules/site_shorewall/manifests/stunnel/server.pp index 798cd631..dae4142a 100644 --- a/puppet/modules/site_shorewall/manifests/stunnel/server.pp +++ b/puppet/modules/site_shorewall/manifests/stunnel/server.pp @@ -8,7 +8,7 @@ define site_shorewall::stunnel::server($port) { file { "/etc/shorewall/macro.stunnel_server_${name}": content => "PARAM - - tcp ${port}", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } shorewall::rule { diff --git a/puppet/modules/site_shorewall/manifests/tor.pp b/puppet/modules/site_shorewall/manifests/tor.pp index 324b4844..f4d5ed92 100644 --- a/puppet/modules/site_shorewall/manifests/tor.pp +++ b/puppet/modules/site_shorewall/manifests/tor.pp @@ -9,7 +9,7 @@ class site_shorewall::tor { # define macro for incoming services file { '/etc/shorewall/macro.leap_tor': content => "PARAM - - tcp ${tor_port} ", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } diff --git a/puppet/modules/site_sshd/manifests/mosh.pp b/puppet/modules/site_sshd/manifests/mosh.pp index 49f56ca0..5282d239 100644 --- a/puppet/modules/site_sshd/manifests/mosh.pp +++ b/puppet/modules/site_sshd/manifests/mosh.pp @@ -1,3 +1,4 @@ +# setup mosh on server class site_sshd::mosh ( $ensure = present, $ports = '60000-61000' ) { package { 'mosh': @@ -7,7 +8,7 @@ class site_sshd::mosh ( $ensure = present, $ports = '60000-61000' ) { file { '/etc/shorewall/macro.mosh': ensure => $ensure, content => "PARAM - - udp ${ports}", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall']; } |