From 22b788920defdd42b4abda144afd8ca69d0a9d37 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 18 Apr 2016 18:19:44 +0200 Subject: [style] lint some custom manifests I used `puppet-lint -f FILE` to fix most issues, while finishing with manual intervention. --- puppet/modules/site_shorewall/manifests/obfsproxy.pp | 2 +- puppet/modules/site_shorewall/manifests/service/webapp_api.pp | 2 +- puppet/modules/site_shorewall/manifests/sshd.pp | 2 +- puppet/modules/site_shorewall/manifests/tor.pp | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_shorewall') diff --git a/puppet/modules/site_shorewall/manifests/obfsproxy.pp b/puppet/modules/site_shorewall/manifests/obfsproxy.pp index 68fb9b9f..fa8a8bd0 100644 --- a/puppet/modules/site_shorewall/manifests/obfsproxy.pp +++ b/puppet/modules/site_shorewall/manifests/obfsproxy.pp @@ -8,7 +8,7 @@ class site_shorewall::obfsproxy { # define macro for incoming services file { '/etc/shorewall/macro.leap_obfsproxy': - content => "PARAM - - tcp $scram_port ", + content => "PARAM - - tcp ${scram_port} ", notify => Service['shorewall'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp index 0c6c824d..ee021226 100644 --- a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp +++ b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp @@ -5,7 +5,7 @@ class site_shorewall::service::webapp_api { # define macro for incoming services file { '/etc/shorewall/macro.leap_webapp_api': - content => "PARAM - - tcp $api_port ", + content => "PARAM - - tcp ${api_port} ", notify => Service['shorewall'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/sshd.pp b/puppet/modules/site_shorewall/manifests/sshd.pp index 88b4102c..91089c87 100644 --- a/puppet/modules/site_shorewall/manifests/sshd.pp +++ b/puppet/modules/site_shorewall/manifests/sshd.pp @@ -7,7 +7,7 @@ class site_shorewall::sshd { # define macro for incoming sshd file { '/etc/shorewall/macro.leap_sshd': - content => "PARAM - - tcp $ssh_port", + content => "PARAM - - tcp ${ssh_port}", notify => Service['shorewall'], require => Package['shorewall'] } diff --git a/puppet/modules/site_shorewall/manifests/tor.pp b/puppet/modules/site_shorewall/manifests/tor.pp index f35af985..723f3210 100644 --- a/puppet/modules/site_shorewall/manifests/tor.pp +++ b/puppet/modules/site_shorewall/manifests/tor.pp @@ -7,7 +7,7 @@ class site_shorewall::tor { # define macro for incoming services file { '/etc/shorewall/macro.leap_tor': - content => "PARAM - - tcp $tor_port ", + content => "PARAM - - tcp ${tor_port} ", notify => Service['shorewall'], require => Package['shorewall'] } -- cgit v1.2.3 From 8370875d608ebddae09fcd05741bb77e0e31c122 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 18 Apr 2016 18:28:29 +0200 Subject: [style] more manual linting for custom manifests --- puppet/modules/site_shorewall/manifests/obfsproxy.pp | 1 + puppet/modules/site_shorewall/manifests/service/webapp_api.pp | 1 + puppet/modules/site_shorewall/manifests/sshd.pp | 1 + puppet/modules/site_shorewall/manifests/tor.pp | 1 + 4 files changed, 4 insertions(+) (limited to 'puppet/modules/site_shorewall') diff --git a/puppet/modules/site_shorewall/manifests/obfsproxy.pp b/puppet/modules/site_shorewall/manifests/obfsproxy.pp index fa8a8bd0..75846705 100644 --- a/puppet/modules/site_shorewall/manifests/obfsproxy.pp +++ b/puppet/modules/site_shorewall/manifests/obfsproxy.pp @@ -1,3 +1,4 @@ +# configure shorewell for obfsproxy class site_shorewall::obfsproxy { include site_shorewall::defaults diff --git a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp index ee021226..d3a1aeed 100644 --- a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp +++ b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp @@ -1,3 +1,4 @@ +# configure shorewall for webapp api class site_shorewall::service::webapp_api { $api = hiera('api') diff --git a/puppet/modules/site_shorewall/manifests/sshd.pp b/puppet/modules/site_shorewall/manifests/sshd.pp index 91089c87..e2332592 100644 --- a/puppet/modules/site_shorewall/manifests/sshd.pp +++ b/puppet/modules/site_shorewall/manifests/sshd.pp @@ -1,3 +1,4 @@ +# configure shorewall for sshd class site_shorewall::sshd { $ssh_config = hiera('ssh') diff --git a/puppet/modules/site_shorewall/manifests/tor.pp b/puppet/modules/site_shorewall/manifests/tor.pp index 723f3210..324b4844 100644 --- a/puppet/modules/site_shorewall/manifests/tor.pp +++ b/puppet/modules/site_shorewall/manifests/tor.pp @@ -1,3 +1,4 @@ +# configure shorewall for tor class site_shorewall::tor { include site_shorewall::defaults -- cgit v1.2.3 From e0e3bc3478b3b7ca1afe24ff7e44dbdfa384ea44 Mon Sep 17 00:00:00 2001 From: Micah Date: Mon, 25 Apr 2016 16:52:54 -0300 Subject: Fix shorewall not starting with systemd (#8044) Shorewall in jessie doesn't come with a proper unit file, and as a result, it doesn't properly start with systemd. To solve this, we provide the systemd unit file that comes with stretch, add a systemd submodule that provides the exec resources needed for when systemd units or configuration files are changed Change-Id: I861fa951835928b4741abfbf969adcee4b8f147b --- .../site_shorewall/files/Debian/shorewall.service | 23 ++++++++++++++++++++++ .../modules/site_shorewall/manifests/defaults.pp | 16 +++++++++++++-- 2 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 puppet/modules/site_shorewall/files/Debian/shorewall.service (limited to 'puppet/modules/site_shorewall') diff --git a/puppet/modules/site_shorewall/files/Debian/shorewall.service b/puppet/modules/site_shorewall/files/Debian/shorewall.service new file mode 100644 index 00000000..ec250ef1 --- /dev/null +++ b/puppet/modules/site_shorewall/files/Debian/shorewall.service @@ -0,0 +1,23 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall +# +# Copyright 2011 Jonathan Underwood +# Copyright 2015 Tom Eastep +# +[Unit] +Description=Shorewall IPv4 firewall +Wants=network-online.target +After=network-online.target +Conflicts=iptables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=-/etc/default/shorewall +StandardOutput=syslog +ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall $OPTIONS stop +ExecReload=/sbin/shorewall $OPTIONS reload $RELOADOPTIONS + +[Install] +WantedBy=basic.target diff --git a/puppet/modules/site_shorewall/manifests/defaults.pp b/puppet/modules/site_shorewall/manifests/defaults.pp index 8f56ac42..ceb17868 100644 --- a/puppet/modules/site_shorewall/manifests/defaults.pp +++ b/puppet/modules/site_shorewall/manifests/defaults.pp @@ -47,6 +47,18 @@ class site_shorewall::defaults { ensure => installed } + include ::systemd + file { '/etc/systemd/system/shorewall.service': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + source => 'puppet:///modules/site_shorewall/Debian/shorewall.service', + require => Package['shorewall'], + notify => Service['shorewall'], + } ~> + Exec['systemctl-daemon-reload'] + augeas { # stop instead of clear firewall on shutdown 'shorewall_SAFESTOP': @@ -54,14 +66,14 @@ class site_shorewall::defaults { lens => 'Shellvars.lns', incl => '/etc/shorewall/shorewall.conf', require => Package['shorewall'], - notify => Service[shorewall]; + notify => Service['shorewall']; # require that the interface exist 'shorewall_REQUIRE_INTERFACE': changes => 'set /files/etc/shorewall/shorewall.conf/REQUIRE_INTERFACE Yes', lens => 'Shellvars.lns', incl => '/etc/shorewall/shorewall.conf', require => Package['shorewall'], - notify => Service[shorewall]; + notify => Service['shorewall']; # configure shorewall-init 'shorewall-init': changes => 'set /files/etc/default/shorewall-init/PRODUCTS shorewall', -- cgit v1.2.3