From f3f78ebaf5f3fd3233bc35596fefb51f6e5ed9d9 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Mon, 13 Jun 2016 20:11:23 +0200
Subject: Notify Exec[shorewall_check] not Service[shorew..]
Latest shorewall module does `shorewall check` (executed
by `Exec[shorewall_check]`) so every related resource change
must notify this Exec instead of `Service[shorewall]` as before.
---
puppet/modules/site_couchdb/manifests/init.pp | 2 +-
puppet/modules/site_nickserver/manifests/init.pp | 2 +-
puppet/modules/site_shorewall/manifests/defaults.pp | 7 ++++---
puppet/modules/site_shorewall/manifests/eip.pp | 3 ++-
puppet/modules/site_shorewall/manifests/ip_forward.pp | 3 ++-
puppet/modules/site_shorewall/manifests/mx.pp | 3 ++-
puppet/modules/site_shorewall/manifests/obfsproxy.pp | 2 +-
puppet/modules/site_shorewall/manifests/service/webapp_api.pp | 2 +-
puppet/modules/site_shorewall/manifests/soledad.pp | 3 ++-
puppet/modules/site_shorewall/manifests/sshd.pp | 2 +-
puppet/modules/site_shorewall/manifests/stunnel/server.pp | 2 +-
puppet/modules/site_shorewall/manifests/tor.pp | 2 +-
puppet/modules/site_sshd/manifests/mosh.pp | 3 ++-
13 files changed, 21 insertions(+), 15 deletions(-)
(limited to 'puppet/modules')
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 554bf813..5a73ae87 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -42,7 +42,7 @@ class site_couchdb {
include site_couchdb::plain
Class['site_config::default']
- -> Service['shorewall']
+ -> Exec['shorewall_check']
-> Exec['refresh_stunnel']
-> Class['couchdb']
-> Class['site_couchdb::setup']
diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp
index eb4415e7..ad97f829 100644
--- a/puppet/modules/site_nickserver/manifests/init.pp
+++ b/puppet/modules/site_nickserver/manifests/init.pp
@@ -149,7 +149,7 @@ class site_nickserver {
file { '/etc/shorewall/macro.nickserver':
content => "PARAM - - tcp ${nickserver_port}",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall'];
}
diff --git a/puppet/modules/site_shorewall/manifests/defaults.pp b/puppet/modules/site_shorewall/manifests/defaults.pp
index ceb17868..725e0880 100644
--- a/puppet/modules/site_shorewall/manifests/defaults.pp
+++ b/puppet/modules/site_shorewall/manifests/defaults.pp
@@ -1,3 +1,4 @@
+# Configure basic firewall rules for shorewall
class site_shorewall::defaults {
include shorewall
@@ -55,7 +56,7 @@ class site_shorewall::defaults {
mode => '0644',
source => 'puppet:///modules/site_shorewall/Debian/shorewall.service',
require => Package['shorewall'],
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
} ~>
Exec['systemctl-daemon-reload']
@@ -66,14 +67,14 @@ class site_shorewall::defaults {
lens => 'Shellvars.lns',
incl => '/etc/shorewall/shorewall.conf',
require => Package['shorewall'],
- notify => Service['shorewall'];
+ notify => Exec['shorewall_check'];
# require that the interface exist
'shorewall_REQUIRE_INTERFACE':
changes => 'set /files/etc/shorewall/shorewall.conf/REQUIRE_INTERFACE Yes',
lens => 'Shellvars.lns',
incl => '/etc/shorewall/shorewall.conf',
require => Package['shorewall'],
- notify => Service['shorewall'];
+ notify => Exec['shorewall_check'];
# configure shorewall-init
'shorewall-init':
changes => 'set /files/etc/default/shorewall-init/PRODUCTS shorewall',
diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp
index 8fbba658..21934761 100644
--- a/puppet/modules/site_shorewall/manifests/eip.pp
+++ b/puppet/modules/site_shorewall/manifests/eip.pp
@@ -1,3 +1,4 @@
+# Configure shorewall on eip/vpn nodes
class site_shorewall::eip {
include site_shorewall::defaults
@@ -9,7 +10,7 @@ class site_shorewall::eip {
content => "PARAM - - tcp 1194
PARAM - - udp 1194
",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/ip_forward.pp b/puppet/modules/site_shorewall/manifests/ip_forward.pp
index d53ee8a5..beb1f055 100644
--- a/puppet/modules/site_shorewall/manifests/ip_forward.pp
+++ b/puppet/modules/site_shorewall/manifests/ip_forward.pp
@@ -1,10 +1,11 @@
+# Configure ip forwarding for shorewall
class site_shorewall::ip_forward {
include augeas
augeas { 'enable_ip_forwarding':
changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING Yes',
lens => 'Shellvars.lns',
incl => '/etc/shorewall/shorewall.conf',
- notify => Service[shorewall],
+ notify => Exec['shorewall_check'],
require => [ Class[augeas], Package[shorewall] ];
}
}
diff --git a/puppet/modules/site_shorewall/manifests/mx.pp b/puppet/modules/site_shorewall/manifests/mx.pp
index 332f164e..2500668f 100644
--- a/puppet/modules/site_shorewall/manifests/mx.pp
+++ b/puppet/modules/site_shorewall/manifests/mx.pp
@@ -1,3 +1,4 @@
+# Configure leap-mx shorewall rules
class site_shorewall::mx {
include site_shorewall::defaults
@@ -7,7 +8,7 @@ class site_shorewall::mx {
# define macro for incoming services
file { '/etc/shorewall/macro.leap_mx':
content => "PARAM - - tcp ${smtpd_ports} ",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/obfsproxy.pp b/puppet/modules/site_shorewall/manifests/obfsproxy.pp
index 75846705..3c82dc40 100644
--- a/puppet/modules/site_shorewall/manifests/obfsproxy.pp
+++ b/puppet/modules/site_shorewall/manifests/obfsproxy.pp
@@ -10,7 +10,7 @@ class site_shorewall::obfsproxy {
# define macro for incoming services
file { '/etc/shorewall/macro.leap_obfsproxy':
content => "PARAM - - tcp ${scram_port} ",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp
index d3a1aeed..e3ae4200 100644
--- a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp
+++ b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp
@@ -7,7 +7,7 @@ class site_shorewall::service::webapp_api {
# define macro for incoming services
file { '/etc/shorewall/macro.leap_webapp_api':
content => "PARAM - - tcp ${api_port} ",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/soledad.pp b/puppet/modules/site_shorewall/manifests/soledad.pp
index 518d8689..5bee07af 100644
--- a/puppet/modules/site_shorewall/manifests/soledad.pp
+++ b/puppet/modules/site_shorewall/manifests/soledad.pp
@@ -1,3 +1,4 @@
+# Setup soledad server
class site_shorewall::soledad {
$soledad = hiera('soledad')
@@ -8,7 +9,7 @@ class site_shorewall::soledad {
# define macro for incoming services
file { '/etc/shorewall/macro.leap_soledad':
content => "PARAM - - tcp ${soledad_port}",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/sshd.pp b/puppet/modules/site_shorewall/manifests/sshd.pp
index e2332592..ba129002 100644
--- a/puppet/modules/site_shorewall/manifests/sshd.pp
+++ b/puppet/modules/site_shorewall/manifests/sshd.pp
@@ -9,7 +9,7 @@ class site_shorewall::sshd {
# define macro for incoming sshd
file { '/etc/shorewall/macro.leap_sshd':
content => "PARAM - - tcp ${ssh_port}",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/stunnel/server.pp b/puppet/modules/site_shorewall/manifests/stunnel/server.pp
index 798cd631..dae4142a 100644
--- a/puppet/modules/site_shorewall/manifests/stunnel/server.pp
+++ b/puppet/modules/site_shorewall/manifests/stunnel/server.pp
@@ -8,7 +8,7 @@ define site_shorewall::stunnel::server($port) {
file { "/etc/shorewall/macro.stunnel_server_${name}":
content => "PARAM - - tcp ${port}",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
shorewall::rule {
diff --git a/puppet/modules/site_shorewall/manifests/tor.pp b/puppet/modules/site_shorewall/manifests/tor.pp
index 324b4844..f4d5ed92 100644
--- a/puppet/modules/site_shorewall/manifests/tor.pp
+++ b/puppet/modules/site_shorewall/manifests/tor.pp
@@ -9,7 +9,7 @@ class site_shorewall::tor {
# define macro for incoming services
file { '/etc/shorewall/macro.leap_tor':
content => "PARAM - - tcp ${tor_port} ",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_sshd/manifests/mosh.pp b/puppet/modules/site_sshd/manifests/mosh.pp
index 49f56ca0..5282d239 100644
--- a/puppet/modules/site_sshd/manifests/mosh.pp
+++ b/puppet/modules/site_sshd/manifests/mosh.pp
@@ -1,3 +1,4 @@
+# setup mosh on server
class site_sshd::mosh ( $ensure = present, $ports = '60000-61000' ) {
package { 'mosh':
@@ -7,7 +8,7 @@ class site_sshd::mosh ( $ensure = present, $ports = '60000-61000' ) {
file { '/etc/shorewall/macro.mosh':
ensure => $ensure,
content => "PARAM - - udp ${ports}",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall'];
}
--
cgit v1.2.3