From 9be18eb2681eb5c9047782eaf4e0c6b8c03ce6e6 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Tue, 14 Jun 2016 21:12:38 +0200
Subject: git subrepo clone --force https://leap.se/git/puppet_shorewall
 puppet/modules/shorewall

subrepo:
  subdir:   "puppet/modules/shorewall"
  merged:   "06e89ed"
upstream:
  origin:   "https://leap.se/git/puppet_shorewall"
  branch:   "master"
  commit:   "06e89ed"
git-subrepo:
  version:  "0.3.0"
  origin:   "https://github.com/ingydotnet/git-subrepo.git"
  commit:   "cb2995b"
---
 puppet/modules/shorewall/manifests/base.pp | 70 +++++++++++++++++++++---------
 1 file changed, 50 insertions(+), 20 deletions(-)

(limited to 'puppet/modules/shorewall/manifests/base.pp')

diff --git a/puppet/modules/shorewall/manifests/base.pp b/puppet/modules/shorewall/manifests/base.pp
index 7959f018..6599759e 100644
--- a/puppet/modules/shorewall/manifests/base.pp
+++ b/puppet/modules/shorewall/manifests/base.pp
@@ -8,16 +8,16 @@ class shorewall::base {
   # This file has to be managed in place, so shorewall can find it
   file {
     '/etc/shorewall/shorewall.conf':
-      require => Package[shorewall],
-      notify  => Service[shorewall],
-      owner   => root,
-      group   => 0,
+      require => Package['shorewall'],
+      notify  => Exec['shorewall_check'],
+      owner   => 'root',
+      group   => 'root',
       mode    => '0644';
     '/etc/shorewall/puppet':
       ensure  => directory,
-      require => Package[shorewall],
-      owner   => root,
-      group   => 0,
+      require => Package['shorewall'],
+      owner   => 'root',
+      group   => 'root',
       mode    => '0644';
   }
 
@@ -27,22 +27,52 @@ class shorewall::base {
     }
   } else {
 
-  Class['augeas'] -> Class['shorewall::base']
+    include ::augeas
+    Class['augeas'] -> Class['shorewall::base']
 
-  augeas { 'shorewall_module_config_path':
-    changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'',
-    lens    => 'Shellvars.lns',
-    incl    => '/etc/shorewall/shorewall.conf',
-    notify  => Service['shorewall'],
-    require => Package['shorewall'];
-  }
+    augeas { 'shorewall_module_config_path':
+      changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'',
+      lens    => 'Shellvars.lns',
+      incl    => '/etc/shorewall/shorewall.conf',
+      notify  => Exec['shorewall_check'],
+      require => Package['shorewall'];
+    }
   }
 
+  exec{'shorewall_check':
+    command     => 'shorewall check',
+    refreshonly => true,
+    notify      => Service['shorewall'],
+  }
   service{'shorewall':
-    ensure      => running,
-    enable      => true,
-    hasstatus   => true,
-    hasrestart  => true,
-    require     => Package['shorewall'],
+    ensure     => running,
+    enable     => true,
+    hasstatus  => true,
+    hasrestart => true,
+    require    => Package['shorewall'],
+  }
+
+  file{'/etc/cron.daily/shorewall_check':}
+  if $shorewall::daily_check {
+    File['/etc/cron.daily/shorewall_check']{
+      content => '#!/bin/bash
+
+output=$(shorewall check 2>&1)
+if [ $? -gt 0 ]; then
+  echo "Error while checking firewall!"
+  echo $output
+  exit 1
+fi
+exit 0
+',
+      owner   => root,
+      group   => 0,
+      mode    => '0700',
+      require => Service['shorewall'],
+    }
+  } else {
+    File['/etc/cron.daily/shorewall_check']{
+      ensure => absent,
+    }
   }
 }
-- 
cgit v1.2.3