From fd83e644a5ec2630ccc8b83d6029fbba7bfe1fe9 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 7 Apr 2017 17:05:39 +0200 Subject: first step towards shorewall6, basic service is running --- manifests/base.pp | 78 +++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 65 insertions(+), 13 deletions(-) (limited to 'manifests/base.pp') diff --git a/manifests/base.pp b/manifests/base.pp index 23d72e5..8c42757 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -20,18 +20,36 @@ class shorewall::base { group => 'root', mode => '0644'; } + if $shorewall::with_shorewall6 { + package{'shorewall6': + ensure => 'installed' + } + file { + '/etc/shorewall6/shorewall6.conf': + require => Package['shorewall6'], + notify => Exec['shorewall6_check'], + owner => 'root', + group => 'root', + mode => '0644'; + '/etc/shorewall6/puppet': + ensure => directory, + require => Package['shorewall6'], + owner => 'root', + group => 'root', + mode => '0644'; + } + } + if str2bool($shorewall::startup) { + $startup_str = 'Yes' + } else { + $startup_str = 'No' + } if $shorewall::conf_source { File['/etc/shorewall/shorewall.conf']{ source => $shorewall::conf_source, } } else { - - if str2bool($shorewall::startup) { - $startup_str = 'Yes' - } else { - $startup_str = 'No' - } shorewall::config_setting{ 'CONFIG_PATH': value => "\"\${CONFDIR}/shorewall/puppet:\${CONFDIR}/shorewall:\${SHAREDIR}/shorewall\""; @@ -44,7 +62,6 @@ class shorewall::base { settings => $shorewall::merged_settings; } } - exec{'shorewall_check': command => 'shorewall check', refreshonly => true, @@ -58,24 +75,59 @@ class shorewall::base { require => Package['shorewall'], } + if $shorewall::with_shorewall6 { + shorewall::config6_setting{ + 'CONFIG_PATH': + value => "\"\${CONFDIR}/shorewall6/puppet:\${CONFDIR}/shorewall6:/usr/share/shorewall6:\${SHAREDIR}/shorewall\""; + 'STARTUP_ENABLED': + value => $startup_str; + } + $cfs6 = keys($shorewall::settings6) + shorewall::config6_settings{ + $cfs6: + settings => $shorewall::settings6; + } + + exec{'shorewall6_check': + command => 'shorewall6 check', + refreshonly => true, + notify => Service['shorewall6'], + } + service{'shorewall6': + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, + require => Package['shorewall6'], + } + } + file{'/etc/cron.daily/shorewall_check':} if $shorewall::daily_check { + if $shorewall::with_shorewall6 { + $shorewall6_check_str = ' && shorewall6 check' + } else { + $shorewall6_check_str = '' + } File['/etc/cron.daily/shorewall_check']{ - content => '#!/bin/bash + content => "#!/bin/bash -output=$(shorewall check 2>&1) -if [ $? -gt 0 ]; then - echo "Error while checking firewall!" - echo $output +output=\$(shorewall check${shorewall6_check_str} 2>&1) +if [ \$? -gt 0 ]; then + echo 'Error while checking firewall!' + echo \$output exit 1 fi exit 0 -', +", owner => root, group => 0, mode => '0700', require => Service['shorewall'], } + if $shorewall::with_shorewall6 { + Service['shorewall6'] -> File['/etc/cron.daily/shorewall_check'] + } } else { File['/etc/cron.daily/shorewall_check']{ ensure => absent, -- cgit v1.2.3