diff options
| author | duritong <peter.meier+github@immerda.ch> | 2017-01-12 15:47:48 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-01-12 15:47:48 +0100 |
| commit | 07f4d8f14ac5224ba900d27f51cd4ae8121f1578 (patch) | |
| tree | 8b66aeaf3df3be46ca603fc081d8293bc2114a35 /manifests/base.pp | |
| parent | 78b2f91caf4c7ade2630376c9c326773fdd5ef3c (diff) | |
| parent | 24076ddaa5c802b503e59e279750ab5d6353815d (diff) | |
Merge branch 'master' into master
Diffstat (limited to 'manifests/base.pp')
| -rw-r--r-- | manifests/base.pp | 66 |
1 files changed, 52 insertions, 14 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 12b8c34..22ef555 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -8,14 +8,14 @@ class shorewall::base { # This file has to be managed in place, so shorewall can find it file { '/etc/shorewall/shorewall.conf': - require => Package[shorewall], - notify => Service[shorewall], + require => Package['shorewall'], + notify => Exec['shorewall_check'], owner => 'root', group => 'root', mode => '0644'; '/etc/shorewall/puppet': ensure => directory, - require => Package[shorewall], + require => Package['shorewall'], owner => 'root', group => 'root', mode => '0644'; @@ -27,20 +27,58 @@ class shorewall::base { } } else { - augeas { 'shorewall_module_config_path': - changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'', - lens => 'Shellvars.lns', - incl => '/etc/shorewall/shorewall.conf', - notify => Service['shorewall'], - require => Package['shorewall']; + if str2bool($shorewall::startup) { + $startup_str = 'Yes' + } else { + $startup_str = 'No' + } + shorewall::config_setting{ + 'CONFIG_PATH': + value => "\"\${CONFDIR}/shorewall/puppet:\${CONFDIR}/shorewall:\${SHAREDIR}/shorewall\""; + 'STARTUP_ENABLED': + value => $startup_str; + } + $cfs = keys($shorewall::settings) + shorewall::config_settings{ + $cfs: + settings => $shorewall::settings; } } + exec{'shorewall_check': + command => 'shorewall check', + refreshonly => true, + notify => Service['shorewall'], + } service{'shorewall': - ensure => running, - enable => true, - hasstatus => true, - hasrestart => true, - require => Package['shorewall'], + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, + require => Package['shorewall'], + } + + file{'/etc/cron.daily/shorewall_check':} + if $shorewall::daily_check { + File['/etc/cron.daily/shorewall_check']{ + content => '#!/bin/bash + +output=$(shorewall check 2>&1) +if [ $? -gt 0 ]; then + echo "Error while checking firewall!" + echo $output + exit 1 +fi +exit 0 +', + owner => root, + group => 0, + mode => '0700', + require => Service['shorewall'], + } + } else { + File['/etc/cron.daily/shorewall_check']{ + ensure => absent, + } } } |