diff options
13 files changed, 21 insertions, 15 deletions
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 554bf813..5a73ae87 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -42,7 +42,7 @@ class site_couchdb { include site_couchdb::plain Class['site_config::default'] - -> Service['shorewall'] + -> Exec['shorewall_check'] -> Exec['refresh_stunnel'] -> Class['couchdb'] -> Class['site_couchdb::setup'] diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index eb4415e7..ad97f829 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -149,7 +149,7 @@ class site_nickserver { file { '/etc/shorewall/macro.nickserver': content => "PARAM - - tcp ${nickserver_port}", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall']; } diff --git a/puppet/modules/site_shorewall/manifests/defaults.pp b/puppet/modules/site_shorewall/manifests/defaults.pp index ceb17868..725e0880 100644 --- a/puppet/modules/site_shorewall/manifests/defaults.pp +++ b/puppet/modules/site_shorewall/manifests/defaults.pp @@ -1,3 +1,4 @@ +# Configure basic firewall rules for shorewall class site_shorewall::defaults { include shorewall @@ -55,7 +56,7 @@ class site_shorewall::defaults { mode => '0644', source => 'puppet:///modules/site_shorewall/Debian/shorewall.service', require => Package['shorewall'], - notify => Service['shorewall'], + notify => Exec['shorewall_check'], } ~> Exec['systemctl-daemon-reload'] @@ -66,14 +67,14 @@ class site_shorewall::defaults { lens => 'Shellvars.lns', incl => '/etc/shorewall/shorewall.conf', require => Package['shorewall'], - notify => Service['shorewall']; + notify => Exec['shorewall_check']; # require that the interface exist 'shorewall_REQUIRE_INTERFACE': changes => 'set /files/etc/shorewall/shorewall.conf/REQUIRE_INTERFACE Yes', lens => 'Shellvars.lns', incl => '/etc/shorewall/shorewall.conf', require => Package['shorewall'], - notify => Service['shorewall']; + notify => Exec['shorewall_check']; # configure shorewall-init 'shorewall-init': changes => 'set /files/etc/default/shorewall-init/PRODUCTS shorewall', diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp index 8fbba658..21934761 100644 --- a/puppet/modules/site_shorewall/manifests/eip.pp +++ b/puppet/modules/site_shorewall/manifests/eip.pp @@ -1,3 +1,4 @@ +# Configure shorewall on eip/vpn nodes class site_shorewall::eip { include site_shorewall::defaults @@ -9,7 +10,7 @@ class site_shorewall::eip { content => "PARAM - - tcp 1194 PARAM - - udp 1194 ", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/ip_forward.pp b/puppet/modules/site_shorewall/manifests/ip_forward.pp index d53ee8a5..beb1f055 100644 --- a/puppet/modules/site_shorewall/manifests/ip_forward.pp +++ b/puppet/modules/site_shorewall/manifests/ip_forward.pp @@ -1,10 +1,11 @@ +# Configure ip forwarding for shorewall class site_shorewall::ip_forward { include augeas augeas { 'enable_ip_forwarding': changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING Yes', lens => 'Shellvars.lns', incl => '/etc/shorewall/shorewall.conf', - notify => Service[shorewall], + notify => Exec['shorewall_check'], require => [ Class[augeas], Package[shorewall] ]; } } diff --git a/puppet/modules/site_shorewall/manifests/mx.pp b/puppet/modules/site_shorewall/manifests/mx.pp index 332f164e..2500668f 100644 --- a/puppet/modules/site_shorewall/manifests/mx.pp +++ b/puppet/modules/site_shorewall/manifests/mx.pp @@ -1,3 +1,4 @@ +# Configure leap-mx shorewall rules class site_shorewall::mx { include site_shorewall::defaults @@ -7,7 +8,7 @@ class site_shorewall::mx { # define macro for incoming services file { '/etc/shorewall/macro.leap_mx': content => "PARAM - - tcp ${smtpd_ports} ", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/obfsproxy.pp b/puppet/modules/site_shorewall/manifests/obfsproxy.pp index 75846705..3c82dc40 100644 --- a/puppet/modules/site_shorewall/manifests/obfsproxy.pp +++ b/puppet/modules/site_shorewall/manifests/obfsproxy.pp @@ -10,7 +10,7 @@ class site_shorewall::obfsproxy { # define macro for incoming services file { '/etc/shorewall/macro.leap_obfsproxy': content => "PARAM - - tcp ${scram_port} ", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp index d3a1aeed..e3ae4200 100644 --- a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp +++ b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp @@ -7,7 +7,7 @@ class site_shorewall::service::webapp_api { # define macro for incoming services file { '/etc/shorewall/macro.leap_webapp_api': content => "PARAM - - tcp ${api_port} ", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/soledad.pp b/puppet/modules/site_shorewall/manifests/soledad.pp index 518d8689..5bee07af 100644 --- a/puppet/modules/site_shorewall/manifests/soledad.pp +++ b/puppet/modules/site_shorewall/manifests/soledad.pp @@ -1,3 +1,4 @@ +# Setup soledad server class site_shorewall::soledad { $soledad = hiera('soledad') @@ -8,7 +9,7 @@ class site_shorewall::soledad { # define macro for incoming services file { '/etc/shorewall/macro.leap_soledad': content => "PARAM - - tcp ${soledad_port}", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/sshd.pp b/puppet/modules/site_shorewall/manifests/sshd.pp index e2332592..ba129002 100644 --- a/puppet/modules/site_shorewall/manifests/sshd.pp +++ b/puppet/modules/site_shorewall/manifests/sshd.pp @@ -9,7 +9,7 @@ class site_shorewall::sshd { # define macro for incoming sshd file { '/etc/shorewall/macro.leap_sshd': content => "PARAM - - tcp ${ssh_port}", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/stunnel/server.pp b/puppet/modules/site_shorewall/manifests/stunnel/server.pp index 798cd631..dae4142a 100644 --- a/puppet/modules/site_shorewall/manifests/stunnel/server.pp +++ b/puppet/modules/site_shorewall/manifests/stunnel/server.pp @@ -8,7 +8,7 @@ define site_shorewall::stunnel::server($port) { file { "/etc/shorewall/macro.stunnel_server_${name}": content => "PARAM - - tcp ${port}", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } shorewall::rule { diff --git a/puppet/modules/site_shorewall/manifests/tor.pp b/puppet/modules/site_shorewall/manifests/tor.pp index 324b4844..f4d5ed92 100644 --- a/puppet/modules/site_shorewall/manifests/tor.pp +++ b/puppet/modules/site_shorewall/manifests/tor.pp @@ -9,7 +9,7 @@ class site_shorewall::tor { # define macro for incoming services file { '/etc/shorewall/macro.leap_tor': content => "PARAM - - tcp ${tor_port} ", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall'] } diff --git a/puppet/modules/site_sshd/manifests/mosh.pp b/puppet/modules/site_sshd/manifests/mosh.pp index 49f56ca0..5282d239 100644 --- a/puppet/modules/site_sshd/manifests/mosh.pp +++ b/puppet/modules/site_sshd/manifests/mosh.pp @@ -1,3 +1,4 @@ +# setup mosh on server class site_sshd::mosh ( $ensure = present, $ports = '60000-61000' ) { package { 'mosh': @@ -7,7 +8,7 @@ class site_sshd::mosh ( $ensure = present, $ports = '60000-61000' ) { file { '/etc/shorewall/macro.mosh': ensure => $ensure, content => "PARAM - - udp ${ports}", - notify => Service['shorewall'], + notify => Exec['shorewall_check'], require => Package['shorewall']; } |