modules/ferm/manifests/init.pp

   1 class ferm {
   2     define rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
   3         file {
   4             "/etc/ferm/dsa.d/${prio}_${name}":
   5                 ensure  => present,
   6                 owner   => root,
   7                 group   => root,
   8                 mode    => 0400,
   9                 content => template("ferm/ferm-rule.erb"),
  10                 notify  => Exec["ferm restart"],
  11         }
  12     }
  13
  14     # realize (i.e. enable) all @ferm::rule virtual resources
  15     Ferm::Rule <| |>
  16
  17     package {
  18             ferm: ensure => installed;
  19             ulogd: ensure => installed;
  20     }
  21
  22     file {
  23         "/etc/ferm/dsa.d":
  24             ensure => directory,
  25             purge   => true,
  26             force   => true,
  27             recurse => true,
  28             source  => "puppet:///files/empty/",
  29             require => Package["ferm"];
  30         "/etc/ferm/conf.d":
  31             ensure => directory,
  32             require => Package["ferm"];
  33         "/etc/default/ferm":
  34             source  => "puppet:///ferm/ferm.default",
  35             require => Package["ferm"],
  36             notify  => Exec["ferm restart"];
  37         "/etc/ferm/ferm.conf":
  38             source  => "puppet:///ferm/ferm.conf",
  39             require => Package["ferm"],
  40             mode    => 0400,
  41             notify  => Exec["ferm restart"];
  42         "/etc/ferm/conf.d/me.conf":
  43             content => template("ferm/me.conf.erb"),
  44             require => Package["ferm"],
  45             mode    => 0400,
  46             notify  => Exec["ferm restart"];
  47         "/etc/ferm/conf.d/defs.conf":
  48             content => template("ferm/defs.conf.erb"),
  49             require => Package["ferm"],
  50             mode    => 0400,
  51             notify  => Exec["ferm restart"];
  52         "/etc/ferm/conf.d/interfaces.conf":
  53             content => template("ferm/interfaces.conf.erb"),
  54             require => Package["ferm"],
  55             mode    => 0400,
  56             notify  => Exec["ferm restart"];
  57     }
  58
  59     $munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
  60
  61     activate_munin_check {
  62         $munin_ips: script => "ip_";
  63     }
  64
  65     case extractnodeinfo($nodeinfo, 'buildd') {
  66         file {
  67             "/etc/ferm/conf.d/load_ftp_conntrack.conf":
  68                 source => "puppet:///ferm/ferm.default",
  69                 require => Package["ferm"],
  70                 notify  => Exec["ferm restart"];
  71         }
  72     }
  73
  74     case $v6ips {
  75         'no': {}
  76         default: {
  77             $munin6_ips = split(regsubst($v6ips, '([^,]+)', 'ip6_\1', 'G'), ',')
  78             activate_munin_check {
  79                 $munin6_ips: script => "ip6_";
  80             }
  81         }
  82     }
  83
  84     exec {
  85         "ferm restart":
  86             command     => "/etc/init.d/ferm restart",
  87             refreshonly => true,
  88     }
  89 }
  90 # vim:set et:
  91 # vim:set sts=4 ts=4:
  92 # vim:set shiftwidth=4: