diff options
| author | varac <varacanero@zeromail.org> | 2016-06-14 21:12:38 +0200 |
|---|---|---|
| committer | varac <varacanero@zeromail.org> | 2016-06-14 21:12:38 +0200 |
| commit | 9be18eb2681eb5c9047782eaf4e0c6b8c03ce6e6 (patch) | |
| tree | 580a084d2bd33df62542e003092e27e068245356 /puppet/modules/shorewall/manifests/base.pp | |
| parent | ed9efc368356bf7ae2330f4f28bc34cc04009b17 (diff) | |
git subrepo clone --force https://leap.se/git/puppet_shorewall puppet/modules/shorewall
subrepo:
subdir: "puppet/modules/shorewall"
merged: "06e89ed"
upstream:
origin: "https://leap.se/git/puppet_shorewall"
branch: "master"
commit: "06e89ed"
git-subrepo:
version: "0.3.0"
origin: "https://github.com/ingydotnet/git-subrepo.git"
commit: "cb2995b"
Diffstat (limited to 'puppet/modules/shorewall/manifests/base.pp')
| -rw-r--r-- | puppet/modules/shorewall/manifests/base.pp | 70 |
1 files changed, 50 insertions, 20 deletions
diff --git a/puppet/modules/shorewall/manifests/base.pp b/puppet/modules/shorewall/manifests/base.pp index 7959f018..6599759e 100644 --- a/puppet/modules/shorewall/manifests/base.pp +++ b/puppet/modules/shorewall/manifests/base.pp @@ -8,16 +8,16 @@ class shorewall::base { # This file has to be managed in place, so shorewall can find it file { '/etc/shorewall/shorewall.conf': - require => Package[shorewall], - notify => Service[shorewall], - owner => root, - group => 0, + require => Package['shorewall'], + notify => Exec['shorewall_check'], + owner => 'root', + group => 'root', mode => '0644'; '/etc/shorewall/puppet': ensure => directory, - require => Package[shorewall], - owner => root, - group => 0, + require => Package['shorewall'], + owner => 'root', + group => 'root', mode => '0644'; } @@ -27,22 +27,52 @@ class shorewall::base { } } else { - Class['augeas'] -> Class['shorewall::base'] + include ::augeas + Class['augeas'] -> Class['shorewall::base'] - augeas { 'shorewall_module_config_path': - changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'', - lens => 'Shellvars.lns', - incl => '/etc/shorewall/shorewall.conf', - notify => Service['shorewall'], - require => Package['shorewall']; - } + augeas { 'shorewall_module_config_path': + changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'', + lens => 'Shellvars.lns', + incl => '/etc/shorewall/shorewall.conf', + notify => Exec['shorewall_check'], + require => Package['shorewall']; + } } + exec{'shorewall_check': + command => 'shorewall check', + refreshonly => true, + notify => Service['shorewall'], + } service{'shorewall': - ensure => running, - enable => true, - hasstatus => true, - hasrestart => true, - require => Package['shorewall'], + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, + require => Package['shorewall'], + } + + file{'/etc/cron.daily/shorewall_check':} + if $shorewall::daily_check { + File['/etc/cron.daily/shorewall_check']{ + content => '#!/bin/bash + +output=$(shorewall check 2>&1) +if [ $? -gt 0 ]; then + echo "Error while checking firewall!" + echo $output + exit 1 +fi +exit 0 +', + owner => root, + group => 0, + mode => '0700', + require => Service['shorewall'], + } + } else { + File['/etc/cron.daily/shorewall_check']{ + ensure => absent, + } } } |