diff options
| author | Marcel Haerry <haerry@puzzle.ch> | 2011-08-04 13:39:27 +0200 |
|---|---|---|
| committer | Marcel Haerry <haerry@puzzle.ch> | 2011-08-04 13:39:27 +0200 |
| commit | 8dde08a3acbf2815e0cacdc4121f4f8fa2f6c0e5 (patch) | |
| tree | 73153b146eedb931f9d46dddb23cc92e3067b4cb | |
| parent | 777f77d360b3ba97f2b35f04bf81fe894196c76d (diff) | |
refactor things to use the concat module
| -rw-r--r-- | files/shorewall.conf | 2 | ||||
| -rw-r--r-- | files/shorewall.conf.Debian | 2 | ||||
| -rw-r--r-- | files/shorewall.conf.Debian.etch | 2 | ||||
| -rw-r--r-- | files/shorewall.conf.Gentoo | 2 | ||||
| -rw-r--r-- | files/shorewall.conf.Ubuntu.karmic | 2 | ||||
| -rw-r--r-- | manifests/base.pp | 26 | ||||
| -rw-r--r-- | manifests/blacklist.pp | 2 | ||||
| -rw-r--r-- | manifests/entry.pp | 15 | ||||
| -rw-r--r-- | manifests/host.pp | 2 | ||||
| -rw-r--r-- | manifests/init.pp | 9 | ||||
| -rw-r--r-- | manifests/interface.pp | 2 | ||||
| -rw-r--r-- | manifests/managed_file.pp | 28 | ||||
| -rw-r--r-- | manifests/masq.pp | 2 | ||||
| -rw-r--r-- | manifests/nat.pp | 2 | ||||
| -rw-r--r-- | manifests/params.pp | 2 | ||||
| -rw-r--r-- | manifests/policy.pp | 2 | ||||
| -rw-r--r-- | manifests/providers.pp | 2 | ||||
| -rw-r--r-- | manifests/proxyarp.pp | 2 | ||||
| -rw-r--r-- | manifests/rfc1918.pp | 2 | ||||
| -rw-r--r-- | manifests/routestopped.pp | 2 | ||||
| -rw-r--r-- | manifests/rule.pp | 8 | ||||
| -rw-r--r-- | manifests/rule_section.pp | 2 | ||||
| -rw-r--r-- | manifests/zone.pp | 2 |
23 files changed, 50 insertions, 72 deletions
diff --git a/files/shorewall.conf b/files/shorewall.conf index 979e4ff..614e062 100644 --- a/files/shorewall.conf +++ b/files/shorewall.conf @@ -78,7 +78,7 @@ SUBSYSLOCK=/var/lock/subsys/shorewall MODULESDIR= -CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall +CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall RESTOREFILE= diff --git a/files/shorewall.conf.Debian b/files/shorewall.conf.Debian index c348017..4d9b255 100644 --- a/files/shorewall.conf.Debian +++ b/files/shorewall.conf.Debian @@ -79,7 +79,7 @@ SUBSYSLOCK="" MODULESDIR= # add puppet delivered files in front -CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall +CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall RESTOREFILE= diff --git a/files/shorewall.conf.Debian.etch b/files/shorewall.conf.Debian.etch index e5c722d..5907945 100644 --- a/files/shorewall.conf.Debian.etch +++ b/files/shorewall.conf.Debian.etch @@ -77,7 +77,7 @@ SUBSYSLOCK="" MODULESDIR= # add puppet delivered files in front -CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall +CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall RESTOREFILE= diff --git a/files/shorewall.conf.Gentoo b/files/shorewall.conf.Gentoo index 7d8049d..b99f50c 100644 --- a/files/shorewall.conf.Gentoo +++ b/files/shorewall.conf.Gentoo @@ -77,7 +77,7 @@ SUBSYSLOCK="/var/lock/subsys/shorewall" MODULESDIR= # add puppet delivered files in front -CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall +CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall RESTOREFILE= diff --git a/files/shorewall.conf.Ubuntu.karmic b/files/shorewall.conf.Ubuntu.karmic index c348017..4d9b255 100644 --- a/files/shorewall.conf.Ubuntu.karmic +++ b/files/shorewall.conf.Ubuntu.karmic @@ -79,7 +79,7 @@ SUBSYSLOCK="" MODULESDIR= # add puppet delivered files in front -CONFIG_PATH=/var/lib/puppet/modules/shorewall:/etc/shorewall:/usr/share/shorewall +CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall RESTOREFILE= diff --git a/manifests/base.pp b/manifests/base.pp index c5ad790..c9fa660 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -4,9 +4,10 @@ class shorewall::base { } # This file has to be managed in place, so shorewall can find it - file { "/etc/shorewall/shorewall.conf": - # use OS specific defaults, but use Default if no other is found - source => [ + file { + '/etc/shorewall/shorewall.conf': + # use OS specific defaults, but use Default if no other is found + source => [ "puppet:///modules/site-shorewall/${fqdn}/shorewall.conf.$operatingsystem", "puppet:///modules/site-shorewall/${fqdn}/shorewall.conf", "puppet:///modules/site-shorewall/shorewall.conf.$operatingsystem.$lsbdistcodename", @@ -19,6 +20,10 @@ class shorewall::base { require => Package[shorewall], notify => Service[shorewall], owner => root, group => 0, mode => 0644; + '/etc/shorewall/puppet': + ensure => directory, + require => Package[shorewall], + owner => root, group => 0, mode => 0644; } service{shorewall: @@ -26,21 +31,6 @@ class shorewall::base { enable => true, hasstatus => true, hasrestart => true, - subscribe => [ - File["/var/lib/puppet/modules/shorewall/zones"], - File["/var/lib/puppet/modules/shorewall/interfaces"], - File["/var/lib/puppet/modules/shorewall/hosts"], - File["/var/lib/puppet/modules/shorewall/policy"], - File["/var/lib/puppet/modules/shorewall/rules"], - File["/var/lib/puppet/modules/shorewall/masq"], - File["/var/lib/puppet/modules/shorewall/proxyarp"], - File["/var/lib/puppet/modules/shorewall/nat"], - File["/var/lib/puppet/modules/shorewall/blacklist"], - File["/var/lib/puppet/modules/shorewall/rfc1918"], - File["/var/lib/puppet/modules/shorewall/routestopped"], - File["/var/lib/puppet/modules/shorewall/params"], - File["/var/lib/puppet/modules/shorewall/providers"], - ], require => Package[shorewall], } } diff --git a/manifests/blacklist.pp b/manifests/blacklist.pp index 3700ace..afbe216 100644 --- a/manifests/blacklist.pp +++ b/manifests/blacklist.pp @@ -3,7 +3,7 @@ define shorewall::blacklist( $port = '-', $order='100' ){ - shorewall::entry{"blacklist.d/${order}-${name}": + shorewall::entry{"blacklist-${order}-${name}": line => "${name} ${proto} ${port}", } } diff --git a/manifests/entry.pp b/manifests/entry.pp index 4e639bc..c8fffc7 100644 --- a/manifests/entry.pp +++ b/manifests/entry.pp @@ -2,12 +2,11 @@ define shorewall::entry( $ensure = present, $line ){ - $target = "/var/lib/puppet/modules/shorewall/${name}" - $dir = dirname($target) - file { $target: - ensure => $ensure, - content => "${line}\n", - mode => 0600, owner => root, group => 0, - notify => Exec["concat_${dir}"], - } + $parts = split($name,'-') + concat::fragment{$name: + ensure => $ensure, + content => "${line}\n", + order => $parts[1], + target => "/etc/shorewall/puppet/${parts[0]}", + } } diff --git a/manifests/host.pp b/manifests/host.pp index b431efe..f400223 100644 --- a/manifests/host.pp +++ b/manifests/host.pp @@ -3,7 +3,7 @@ define shorewall::host( $options = 'tcpflags,blacklist,norfc1918', $order='100' ){ - shorewall::entry{"hosts.d/${order}-${name}": + shorewall::entry{"hosts-${order}-${name}": line => "${zone} ${name} ${options}" } } diff --git a/manifests/init.pp b/manifests/init.pp index a5ed0af..2e68089 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,8 +1,5 @@ class shorewall { - include common::moduledir - module_dir { "shorewall": } - case $operatingsystem { gentoo: { include shorewall::gentoo } debian: { include shorewall::debian } @@ -19,12 +16,6 @@ class shorewall { } } - file {"/var/lib/puppet/modules/shorewall": - ensure => directory, - force => true, - owner => root, group => 0, mode => 0755; - } - # See http://www.shorewall.net/3.0/Documentation.htm#Zones shorewall::managed_file{ zones: } # See http://www.shorewall.net/3.0/Documentation.htm#Interfaces diff --git a/manifests/interface.pp b/manifests/interface.pp index 1cb5042..1716a7e 100644 --- a/manifests/interface.pp +++ b/manifests/interface.pp @@ -20,7 +20,7 @@ define shorewall::interface( } } - shorewall::entry { "interfaces.d/${order}-${name}": + shorewall::entry { "interfaces-${order}-${name}": line => "${zone} ${name} ${broadcast} ${options_real}", } } diff --git a/manifests/managed_file.pp b/manifests/managed_file.pp index 548d6f6..2f02c51 100644 --- a/manifests/managed_file.pp +++ b/manifests/managed_file.pp @@ -1,17 +1,15 @@ define shorewall::managed_file () { - $dir = "/var/lib/puppet/modules/shorewall/${name}.d" - concatenated_file { "/var/lib/puppet/modules/shorewall/$name": - dir => $dir, - mode => 0600, - } - file { - "${dir}/000-header": - source => "puppet:///modules/shorewall/boilerplate/${name}.header", - mode => 0600, owner => root, group => 0, - notify => Exec["concat_${dir}"]; - "${dir}/999-footer": - source => "puppet:///modules/shorewall/boilerplate/${name}.footer", - mode => 0600, owner => root, group => 0, - notify => Exec["concat_${dir}"]; - } + concat{ "/etc/shorewall/puppet/$name": + notify => Service['shorewall'], + require => File['/etc/shorewall/puppet'], + owner => root, group => 0, mode => 0600; + } + concat::fragment { + "${name}-header": + source => "puppet:///modules/shorewall/boilerplate/${name}.header", + order => '000'; + "${name}-footer": + source => "puppet:///modules/shorewall/boilerplate/${name}.footer", + order => '999'; + } } diff --git a/manifests/masq.pp b/manifests/masq.pp index a9c9840..fb097e5 100644 --- a/manifests/masq.pp +++ b/manifests/masq.pp @@ -10,7 +10,7 @@ define shorewall::masq( $mark = '', $order='100' ){ - shorewall::entry{"masq.d/${order}-${name}": + shorewall::entry{"masq-${order}-${name}": line => "# ${name}\n${interface} ${source} ${address} ${proto} ${port} ${ipsec} ${mark}" } } diff --git a/manifests/nat.pp b/manifests/nat.pp index e69c1c0..e29b784 100644 --- a/manifests/nat.pp +++ b/manifests/nat.pp @@ -5,7 +5,7 @@ define shorewall::nat( $local = 'yes', $order='100' ){ - shorewall::entry{"nat.d/${order}-${name}": + shorewall::entry{"nat-${order}-${name}": line => "${name} ${interface} ${internal} ${all} ${local}" } } diff --git a/manifests/params.pp b/manifests/params.pp index 0a1ae11..3bc5663 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,5 +1,5 @@ define shorewall::params($value, $order='100'){ - shorewall::entry{"params.d/${order}-${name}": + shorewall::entry{"params-${order}-${name}": line => "${name}=${value}", } } diff --git a/manifests/policy.pp b/manifests/policy.pp index cdaab71..efee05b 100644 --- a/manifests/policy.pp +++ b/manifests/policy.pp @@ -5,7 +5,7 @@ define shorewall::policy( $limitburst = '-', $order ){ - shorewall::entry{"policy.d/${order}-${name}": + shorewall::entry{"policy-${order}-${name}": line => "# ${name}\n${sourcezone} ${destinationzone} ${policy} ${shloglevel} ${limitburst}", } } diff --git a/manifests/providers.pp b/manifests/providers.pp index 860363e..a02a494 100644 --- a/manifests/providers.pp +++ b/manifests/providers.pp @@ -9,7 +9,7 @@ define shorewall::providers( $copy = '', $order='100' ){ - shorewall::entry{"providers.d/${order}-${name}": + shorewall::entry{"providers-${order}-${name}": line => "# ${name}\n${provider} ${number} ${mark} ${duplicate} ${interface} ${gateway} ${options} ${copy}" } } diff --git a/manifests/proxyarp.pp b/manifests/proxyarp.pp index 75c853b..1af554f 100644 --- a/manifests/proxyarp.pp +++ b/manifests/proxyarp.pp @@ -5,7 +5,7 @@ define shorewall::proxyarp( $persistent = no, $order='100' ){ - shorewall::entry{"proxyarp.d/${order}-${name}": + shorewall::entry{"proxyarp-${order}-${name}": line => "# ${name}\n${name} ${interface} ${external} ${haveroute} ${persistent}" } } diff --git a/manifests/rfc1918.pp b/manifests/rfc1918.pp index 6c2719c..31dce5d 100644 --- a/manifests/rfc1918.pp +++ b/manifests/rfc1918.pp @@ -2,7 +2,7 @@ define shorewall::rfc1918( $action = 'logdrop', $order='100' ){ - shorewall::entry{"rfc1918.d/${order}-${name}": + shorewall::entry{"rfc1918-${order}-${name}": line => "${name} ${action}" } } diff --git a/manifests/routestopped.pp b/manifests/routestopped.pp index dab539c..0b53a1b 100644 --- a/manifests/routestopped.pp +++ b/manifests/routestopped.pp @@ -8,7 +8,7 @@ define shorewall::routestopped( '' => $name, default => $interface, } - shorewall::entry{"routestopped.d/${order}-${name}": + shorewall::entry{"routestopped-${order}-${name}": line => "${real_interface} ${host} ${options}", } } diff --git a/manifests/rule.pp b/manifests/rule.pp index 8394970..2fe91e2 100644 --- a/manifests/rule.pp +++ b/manifests/rule.pp @@ -13,8 +13,8 @@ define shorewall::rule( $mark = '', $order ){ - shorewall::entry{"rules.d/${order}-${name}": - ensure => $ensure, - line => "# ${name}\n${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${originaldest} ${ratelimit} ${user} ${mark}", - } + shorewall::entry{"rules-${order}-${name}": + ensure => $ensure, + line => "# ${name}\n${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${originaldest} ${ratelimit} ${user} ${mark}", + } } diff --git a/manifests/rule_section.pp b/manifests/rule_section.pp index a885eae..82984ca 100644 --- a/manifests/rule_section.pp +++ b/manifests/rule_section.pp @@ -1,7 +1,7 @@ define shorewall::rule_section( $order ){ - shorewall::entry{"rules.d/${order}-${name}": + shorewall::entry{"rules-${order}-${name}": line => "SECTION ${name}", } } diff --git a/manifests/zone.pp b/manifests/zone.pp index fa83b0b..81e5771 100644 --- a/manifests/zone.pp +++ b/manifests/zone.pp @@ -7,7 +7,7 @@ define shorewall::zone( $order = 100 ){ $real_name = $parent ? { '-' => $name, default => "${name}:${parent}" } - shorewall::entry { "zones.d/${order}-${name}": + shorewall::entry { "zones-${order}-${name}": line => "${real_name} ${type} ${options} ${in} ${out}" } } |