summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarcel Haerry <haerry@puzzle.ch>2011-08-04 13:39:27 +0200
committerMarcel Haerry <haerry@puzzle.ch>2011-08-04 13:39:27 +0200
commit8dde08a3acbf2815e0cacdc4121f4f8fa2f6c0e5 (patch)
tree73153b146eedb931f9d46dddb23cc92e3067b4cb
parent777f77d360b3ba97f2b35f04bf81fe894196c76d (diff)
refactor things to use the concat module
-rw-r--r--files/shorewall.conf2
-rw-r--r--files/shorewall.conf.Debian2
-rw-r--r--files/shorewall.conf.Debian.etch2
-rw-r--r--files/shorewall.conf.Gentoo2
-rw-r--r--files/shorewall.conf.Ubuntu.karmic2
-rw-r--r--manifests/base.pp26
-rw-r--r--manifests/blacklist.pp2
-rw-r--r--manifests/entry.pp15
-rw-r--r--manifests/host.pp2
-rw-r--r--manifests/init.pp9
-rw-r--r--manifests/interface.pp2
-rw-r--r--manifests/managed_file.pp28
-rw-r--r--manifests/masq.pp2
-rw-r--r--manifests/nat.pp2
-rw-r--r--manifests/params.pp2
-rw-r--r--manifests/policy.pp2
-rw-r--r--manifests/providers.pp2
-rw-r--r--manifests/proxyarp.pp2
-rw-r--r--manifests/rfc1918.pp2
-rw-r--r--manifests/routestopped.pp2
-rw-r--r--manifests/rule.pp8
-rw-r--r--manifests/rule_section.pp2
-rw-r--r--manifests/zone.pp2
23 files changed, 50 insertions, 72 deletions
diff --git a/files/shorewall.conf b/files/shorewall.conf
index 979e4ff..614e062 100644
--- a/files/shorewall.conf
+++ b/files/shorewall.conf
@@ -78,7 +78,7 @@ SUBSYSLOCK=/var/lock/subsys/shorewall
MODULESDIR=
-CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall
+CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
diff --git a/files/shorewall.conf.Debian b/files/shorewall.conf.Debian
index c348017..4d9b255 100644
--- a/files/shorewall.conf.Debian
+++ b/files/shorewall.conf.Debian
@@ -79,7 +79,7 @@ SUBSYSLOCK=""
MODULESDIR=
# add puppet delivered files in front
-CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall
+CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
diff --git a/files/shorewall.conf.Debian.etch b/files/shorewall.conf.Debian.etch
index e5c722d..5907945 100644
--- a/files/shorewall.conf.Debian.etch
+++ b/files/shorewall.conf.Debian.etch
@@ -77,7 +77,7 @@ SUBSYSLOCK=""
MODULESDIR=
# add puppet delivered files in front
-CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall
+CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
diff --git a/files/shorewall.conf.Gentoo b/files/shorewall.conf.Gentoo
index 7d8049d..b99f50c 100644
--- a/files/shorewall.conf.Gentoo
+++ b/files/shorewall.conf.Gentoo
@@ -77,7 +77,7 @@ SUBSYSLOCK="/var/lock/subsys/shorewall"
MODULESDIR=
# add puppet delivered files in front
-CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall
+CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
diff --git a/files/shorewall.conf.Ubuntu.karmic b/files/shorewall.conf.Ubuntu.karmic
index c348017..4d9b255 100644
--- a/files/shorewall.conf.Ubuntu.karmic
+++ b/files/shorewall.conf.Ubuntu.karmic
@@ -79,7 +79,7 @@ SUBSYSLOCK=""
MODULESDIR=
# add puppet delivered files in front
-CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall
+CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
diff --git a/manifests/base.pp b/manifests/base.pp
index c5ad790..c9fa660 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -4,9 +4,10 @@ class shorewall::base {
}
# This file has to be managed in place, so shorewall can find it
- file { "/etc/shorewall/shorewall.conf":
- # use OS specific defaults, but use Default if no other is found
- source => [
+ file {
+ '/etc/shorewall/shorewall.conf':
+ # use OS specific defaults, but use Default if no other is found
+ source => [
"puppet:///modules/site-shorewall/${fqdn}/shorewall.conf.$operatingsystem",
"puppet:///modules/site-shorewall/${fqdn}/shorewall.conf",
"puppet:///modules/site-shorewall/shorewall.conf.$operatingsystem.$lsbdistcodename",
@@ -19,6 +20,10 @@ class shorewall::base {
require => Package[shorewall],
notify => Service[shorewall],
owner => root, group => 0, mode => 0644;
+ '/etc/shorewall/puppet':
+ ensure => directory,
+ require => Package[shorewall],
+ owner => root, group => 0, mode => 0644;
}
service{shorewall:
@@ -26,21 +31,6 @@ class shorewall::base {
enable => true,
hasstatus => true,
hasrestart => true,
- subscribe => [
- File["/var/lib/puppet/modules/shorewall/zones"],
- File["/var/lib/puppet/modules/shorewall/interfaces"],
- File["/var/lib/puppet/modules/shorewall/hosts"],
- File["/var/lib/puppet/modules/shorewall/policy"],
- File["/var/lib/puppet/modules/shorewall/rules"],
- File["/var/lib/puppet/modules/shorewall/masq"],
- File["/var/lib/puppet/modules/shorewall/proxyarp"],
- File["/var/lib/puppet/modules/shorewall/nat"],
- File["/var/lib/puppet/modules/shorewall/blacklist"],
- File["/var/lib/puppet/modules/shorewall/rfc1918"],
- File["/var/lib/puppet/modules/shorewall/routestopped"],
- File["/var/lib/puppet/modules/shorewall/params"],
- File["/var/lib/puppet/modules/shorewall/providers"],
- ],
require => Package[shorewall],
}
}
diff --git a/manifests/blacklist.pp b/manifests/blacklist.pp
index 3700ace..afbe216 100644
--- a/manifests/blacklist.pp
+++ b/manifests/blacklist.pp
@@ -3,7 +3,7 @@ define shorewall::blacklist(
$port = '-',
$order='100'
){
- shorewall::entry{"blacklist.d/${order}-${name}":
+ shorewall::entry{"blacklist-${order}-${name}":
line => "${name} ${proto} ${port}",
}
}
diff --git a/manifests/entry.pp b/manifests/entry.pp
index 4e639bc..c8fffc7 100644
--- a/manifests/entry.pp
+++ b/manifests/entry.pp
@@ -2,12 +2,11 @@ define shorewall::entry(
$ensure = present,
$line
){
- $target = "/var/lib/puppet/modules/shorewall/${name}"
- $dir = dirname($target)
- file { $target:
- ensure => $ensure,
- content => "${line}\n",
- mode => 0600, owner => root, group => 0,
- notify => Exec["concat_${dir}"],
- }
+ $parts = split($name,'-')
+ concat::fragment{$name:
+ ensure => $ensure,
+ content => "${line}\n",
+ order => $parts[1],
+ target => "/etc/shorewall/puppet/${parts[0]}",
+ }
}
diff --git a/manifests/host.pp b/manifests/host.pp
index b431efe..f400223 100644
--- a/manifests/host.pp
+++ b/manifests/host.pp
@@ -3,7 +3,7 @@ define shorewall::host(
$options = 'tcpflags,blacklist,norfc1918',
$order='100'
){
- shorewall::entry{"hosts.d/${order}-${name}":
+ shorewall::entry{"hosts-${order}-${name}":
line => "${zone} ${name} ${options}"
}
}
diff --git a/manifests/init.pp b/manifests/init.pp
index a5ed0af..2e68089 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,8 +1,5 @@
class shorewall {
- include common::moduledir
- module_dir { "shorewall": }
-
case $operatingsystem {
gentoo: { include shorewall::gentoo }
debian: { include shorewall::debian }
@@ -19,12 +16,6 @@ class shorewall {
}
}
- file {"/var/lib/puppet/modules/shorewall":
- ensure => directory,
- force => true,
- owner => root, group => 0, mode => 0755;
- }
-
# See http://www.shorewall.net/3.0/Documentation.htm#Zones
shorewall::managed_file{ zones: }
# See http://www.shorewall.net/3.0/Documentation.htm#Interfaces
diff --git a/manifests/interface.pp b/manifests/interface.pp
index 1cb5042..1716a7e 100644
--- a/manifests/interface.pp
+++ b/manifests/interface.pp
@@ -20,7 +20,7 @@ define shorewall::interface(
}
}
- shorewall::entry { "interfaces.d/${order}-${name}":
+ shorewall::entry { "interfaces-${order}-${name}":
line => "${zone} ${name} ${broadcast} ${options_real}",
}
}
diff --git a/manifests/managed_file.pp b/manifests/managed_file.pp
index 548d6f6..2f02c51 100644
--- a/manifests/managed_file.pp
+++ b/manifests/managed_file.pp
@@ -1,17 +1,15 @@
define shorewall::managed_file () {
- $dir = "/var/lib/puppet/modules/shorewall/${name}.d"
- concatenated_file { "/var/lib/puppet/modules/shorewall/$name":
- dir => $dir,
- mode => 0600,
- }
- file {
- "${dir}/000-header":
- source => "puppet:///modules/shorewall/boilerplate/${name}.header",
- mode => 0600, owner => root, group => 0,
- notify => Exec["concat_${dir}"];
- "${dir}/999-footer":
- source => "puppet:///modules/shorewall/boilerplate/${name}.footer",
- mode => 0600, owner => root, group => 0,
- notify => Exec["concat_${dir}"];
- }
+ concat{ "/etc/shorewall/puppet/$name":
+ notify => Service['shorewall'],
+ require => File['/etc/shorewall/puppet'],
+ owner => root, group => 0, mode => 0600;
+ }
+ concat::fragment {
+ "${name}-header":
+ source => "puppet:///modules/shorewall/boilerplate/${name}.header",
+ order => '000';
+ "${name}-footer":
+ source => "puppet:///modules/shorewall/boilerplate/${name}.footer",
+ order => '999';
+ }
}
diff --git a/manifests/masq.pp b/manifests/masq.pp
index a9c9840..fb097e5 100644
--- a/manifests/masq.pp
+++ b/manifests/masq.pp
@@ -10,7 +10,7 @@ define shorewall::masq(
$mark = '',
$order='100'
){
- shorewall::entry{"masq.d/${order}-${name}":
+ shorewall::entry{"masq-${order}-${name}":
line => "# ${name}\n${interface} ${source} ${address} ${proto} ${port} ${ipsec} ${mark}"
}
}
diff --git a/manifests/nat.pp b/manifests/nat.pp
index e69c1c0..e29b784 100644
--- a/manifests/nat.pp
+++ b/manifests/nat.pp
@@ -5,7 +5,7 @@ define shorewall::nat(
$local = 'yes',
$order='100'
){
- shorewall::entry{"nat.d/${order}-${name}":
+ shorewall::entry{"nat-${order}-${name}":
line => "${name} ${interface} ${internal} ${all} ${local}"
}
}
diff --git a/manifests/params.pp b/manifests/params.pp
index 0a1ae11..3bc5663 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -1,5 +1,5 @@
define shorewall::params($value, $order='100'){
- shorewall::entry{"params.d/${order}-${name}":
+ shorewall::entry{"params-${order}-${name}":
line => "${name}=${value}",
}
}
diff --git a/manifests/policy.pp b/manifests/policy.pp
index cdaab71..efee05b 100644
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -5,7 +5,7 @@ define shorewall::policy(
$limitburst = '-',
$order
){
- shorewall::entry{"policy.d/${order}-${name}":
+ shorewall::entry{"policy-${order}-${name}":
line => "# ${name}\n${sourcezone} ${destinationzone} ${policy} ${shloglevel} ${limitburst}",
}
}
diff --git a/manifests/providers.pp b/manifests/providers.pp
index 860363e..a02a494 100644
--- a/manifests/providers.pp
+++ b/manifests/providers.pp
@@ -9,7 +9,7 @@ define shorewall::providers(
$copy = '',
$order='100'
){
- shorewall::entry{"providers.d/${order}-${name}":
+ shorewall::entry{"providers-${order}-${name}":
line => "# ${name}\n${provider} ${number} ${mark} ${duplicate} ${interface} ${gateway} ${options} ${copy}"
}
}
diff --git a/manifests/proxyarp.pp b/manifests/proxyarp.pp
index 75c853b..1af554f 100644
--- a/manifests/proxyarp.pp
+++ b/manifests/proxyarp.pp
@@ -5,7 +5,7 @@ define shorewall::proxyarp(
$persistent = no,
$order='100'
){
- shorewall::entry{"proxyarp.d/${order}-${name}":
+ shorewall::entry{"proxyarp-${order}-${name}":
line => "# ${name}\n${name} ${interface} ${external} ${haveroute} ${persistent}"
}
}
diff --git a/manifests/rfc1918.pp b/manifests/rfc1918.pp
index 6c2719c..31dce5d 100644
--- a/manifests/rfc1918.pp
+++ b/manifests/rfc1918.pp
@@ -2,7 +2,7 @@ define shorewall::rfc1918(
$action = 'logdrop',
$order='100'
){
- shorewall::entry{"rfc1918.d/${order}-${name}":
+ shorewall::entry{"rfc1918-${order}-${name}":
line => "${name} ${action}"
}
}
diff --git a/manifests/routestopped.pp b/manifests/routestopped.pp
index dab539c..0b53a1b 100644
--- a/manifests/routestopped.pp
+++ b/manifests/routestopped.pp
@@ -8,7 +8,7 @@ define shorewall::routestopped(
'' => $name,
default => $interface,
}
- shorewall::entry{"routestopped.d/${order}-${name}":
+ shorewall::entry{"routestopped-${order}-${name}":
line => "${real_interface} ${host} ${options}",
}
}
diff --git a/manifests/rule.pp b/manifests/rule.pp
index 8394970..2fe91e2 100644
--- a/manifests/rule.pp
+++ b/manifests/rule.pp
@@ -13,8 +13,8 @@ define shorewall::rule(
$mark = '',
$order
){
- shorewall::entry{"rules.d/${order}-${name}":
- ensure => $ensure,
- line => "# ${name}\n${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${originaldest} ${ratelimit} ${user} ${mark}",
- }
+ shorewall::entry{"rules-${order}-${name}":
+ ensure => $ensure,
+ line => "# ${name}\n${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${originaldest} ${ratelimit} ${user} ${mark}",
+ }
}
diff --git a/manifests/rule_section.pp b/manifests/rule_section.pp
index a885eae..82984ca 100644
--- a/manifests/rule_section.pp
+++ b/manifests/rule_section.pp
@@ -1,7 +1,7 @@
define shorewall::rule_section(
$order
){
- shorewall::entry{"rules.d/${order}-${name}":
+ shorewall::entry{"rules-${order}-${name}":
line => "SECTION ${name}",
}
}
diff --git a/manifests/zone.pp b/manifests/zone.pp
index fa83b0b..81e5771 100644
--- a/manifests/zone.pp
+++ b/manifests/zone.pp
@@ -7,7 +7,7 @@ define shorewall::zone(
$order = 100
){
$real_name = $parent ? { '-' => $name, default => "${name}:${parent}" }
- shorewall::entry { "zones.d/${order}-${name}":
+ shorewall::entry { "zones-${order}-${name}":
line => "${real_name} ${type} ${options} ${in} ${out}"
}
}