diff options
author | mh <mh@immerda.ch> | 2017-04-07 17:05:39 +0200 |
---|---|---|
committer | mh <mh@immerda.ch> | 2017-04-07 17:05:39 +0200 |
commit | fd83e644a5ec2630ccc8b83d6029fbba7bfe1fe9 (patch) | |
tree | 9ce8275df9dcc40c4489600bb152ef8a22cc9716 | |
parent | 89a350feaa3e5f94d104ac7e98af608db659e871 (diff) |
first step towards shorewall6, basic service is running
-rw-r--r-- | manifests/base.pp | 78 | ||||
-rw-r--r-- | manifests/config6_setting.pp | 18 | ||||
-rw-r--r-- | manifests/config6_settings.pp | 10 | ||||
-rw-r--r-- | manifests/init.pp | 10 |
4 files changed, 103 insertions, 13 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 23d72e5..8c42757 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -20,18 +20,36 @@ class shorewall::base { group => 'root', mode => '0644'; } + if $shorewall::with_shorewall6 { + package{'shorewall6': + ensure => 'installed' + } + file { + '/etc/shorewall6/shorewall6.conf': + require => Package['shorewall6'], + notify => Exec['shorewall6_check'], + owner => 'root', + group => 'root', + mode => '0644'; + '/etc/shorewall6/puppet': + ensure => directory, + require => Package['shorewall6'], + owner => 'root', + group => 'root', + mode => '0644'; + } + } + if str2bool($shorewall::startup) { + $startup_str = 'Yes' + } else { + $startup_str = 'No' + } if $shorewall::conf_source { File['/etc/shorewall/shorewall.conf']{ source => $shorewall::conf_source, } } else { - - if str2bool($shorewall::startup) { - $startup_str = 'Yes' - } else { - $startup_str = 'No' - } shorewall::config_setting{ 'CONFIG_PATH': value => "\"\${CONFDIR}/shorewall/puppet:\${CONFDIR}/shorewall:\${SHAREDIR}/shorewall\""; @@ -44,7 +62,6 @@ class shorewall::base { settings => $shorewall::merged_settings; } } - exec{'shorewall_check': command => 'shorewall check', refreshonly => true, @@ -58,24 +75,59 @@ class shorewall::base { require => Package['shorewall'], } + if $shorewall::with_shorewall6 { + shorewall::config6_setting{ + 'CONFIG_PATH': + value => "\"\${CONFDIR}/shorewall6/puppet:\${CONFDIR}/shorewall6:/usr/share/shorewall6:\${SHAREDIR}/shorewall\""; + 'STARTUP_ENABLED': + value => $startup_str; + } + $cfs6 = keys($shorewall::settings6) + shorewall::config6_settings{ + $cfs6: + settings => $shorewall::settings6; + } + + exec{'shorewall6_check': + command => 'shorewall6 check', + refreshonly => true, + notify => Service['shorewall6'], + } + service{'shorewall6': + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, + require => Package['shorewall6'], + } + } + file{'/etc/cron.daily/shorewall_check':} if $shorewall::daily_check { + if $shorewall::with_shorewall6 { + $shorewall6_check_str = ' && shorewall6 check' + } else { + $shorewall6_check_str = '' + } File['/etc/cron.daily/shorewall_check']{ - content => '#!/bin/bash + content => "#!/bin/bash -output=$(shorewall check 2>&1) -if [ $? -gt 0 ]; then - echo "Error while checking firewall!" - echo $output +output=\$(shorewall check${shorewall6_check_str} 2>&1) +if [ \$? -gt 0 ]; then + echo 'Error while checking firewall!' + echo \$output exit 1 fi exit 0 -', +", owner => root, group => 0, mode => '0700', require => Service['shorewall'], } + if $shorewall::with_shorewall6 { + Service['shorewall6'] -> File['/etc/cron.daily/shorewall_check'] + } } else { File['/etc/cron.daily/shorewall_check']{ ensure => absent, diff --git a/manifests/config6_setting.pp b/manifests/config6_setting.pp new file mode 100644 index 0000000..2fbb1df --- /dev/null +++ b/manifests/config6_setting.pp @@ -0,0 +1,18 @@ +# set a particular config option for shorewall6 +# +# e.g. +# shorewall::config6_setting{ +# 'CONFIG_PATH': +# value => '"/etc/shorewall6/puppet:/etc/shorewall6:/usr/share/shorewall6"' +# } +define shorewall::config_setting( + $value, +){ + augeas { "shorewall6_module_${name}": + changes => "set /files/etc/shorewall6/shorewall6.conf/${name} ${value}", + lens => 'Shellvars.lns', + incl => '/etc/shorewall/shorewall6.conf', + notify => Exec['shorewall6_check'], + require => Package['shorewall6']; + } +} diff --git a/manifests/config6_settings.pp b/manifests/config6_settings.pp new file mode 100644 index 0000000..2eb47f0 --- /dev/null +++ b/manifests/config6_settings.pp @@ -0,0 +1,10 @@ +# a nice wrapper to make hiera config +# a bit easier +define shorewall::config6_settings( + $settings, +){ + shorewall::config6_setting{ + $name: + value => $settings[$name], + } +} diff --git a/manifests/init.pp b/manifests/init.pp index 44c703b..16d7170 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -3,6 +3,8 @@ class shorewall( $startup = true, $conf_source = false, $settings = {}, + $settings6 = {}, + $shorewall6 = 'auto', $ensure_version = 'present', $tor_transparent_proxy_host = '127.0.0.1', $tor_transparent_proxy_port = '9040', @@ -60,6 +62,14 @@ class shorewall( $merged_settings = merge($def_settings,$settings) + $with_shorewall6 = $shorewall6 ? { + 'auto' => $ipaddress6 ? { + undef => false, + default => true, + }, + default => str2bool($shorewall6), + } + case $::operatingsystem { 'Gentoo': { include ::shorewall::gentoo } 'Debian','Ubuntu': { include ::shorewall::debian } |