summaryrefslogtreecommitdiff
path: root/manifests/base.pp
blob: 0cf3dc6fd0208e025afcb5750dbf9b8ce410c981 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# base things for shorewall
class shorewall::base {

  package { 'shorewall':
    ensure => $shorewall::ensure_version,
  }

  # This file has to be managed in place, so shorewall can find it
  file {
    '/etc/shorewall/shorewall.conf':
      require => Package['shorewall'],
      notify  => Exec['shorewall_check'],
      owner   => 'root',
      group   => 'root',
      mode    => '0644';
    '/etc/shorewall/puppet':
      ensure  => directory,
      require => Package['shorewall'],
      owner   => 'root',
      group   => 'root',
      mode    => '0644';
  }

  if $shorewall::conf_source {
    File['/etc/shorewall/shorewall.conf']{
      source => $shorewall::conf_source,
    }
  } else {

    Class['augeas'] -> Class['shorewall::base']

    augeas { 'shorewall_module_config_path':
      changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'',
      lens    => 'Shellvars.lns',
      incl    => '/etc/shorewall/shorewall.conf',
      notify  => Exec['shorewall_check'],
      require => Package['shorewall'];
    }
  }

  exec{'shorewall_check':
    command     => 'shorewall check',
    refreshonly => true,
    notify      => Service['shorewall'],
  }
  service{'shorewall':
    ensure     => running,
    enable     => true,
    hasstatus  => true,
    hasrestart => true,
    require    => Package['shorewall'],
  }

  file{'/etc/cron.daily/shorewall_check':}
  if $shorewall::daily_check {
    File['/etc/cron.daily/shorewall_check']{
      content => '#!/bin/bash

output=$(shorewall check 2>&1)
if [ $? -gt 0 ]; then
  echo "Error while checking firewall!"
  echo $output
  exit 1
fi
exit 0
',
      owner   => root,
      group   => 0,
      mode    => '0700',
      require => Service['shorewall'],
    }
  } else {
    File['/etc/cron.daily/shorewall_check']{
      ensure => absent,
    }
  }
}