X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Finit.pp;h=62ad57376daea0c62ec60600c8a67e2f89127fbf;hb=61b1f29e849df28f2892efc5f98318611e99eeeb;hp=95da151e6354048f1d414e51f21f7f15031c6371;hpb=ed9c052bcce0377d8c9f1f7de79fe3114c8f8bf8;p=dsa-puppet.git

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index 95da151e..62ad5737 100644
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -1,102 +1,93 @@
+# = Class: ferm
+#
+# This class installs ferm and sets up rules
+#
+# == Sample Usage:
+#
+#   include ferm
+#
 class ferm {
-    define rule($domain="ip", $table="filter", $chain="INPUT", $rule, $description="", $prio="00", $notarule=false) {
-        file {
-            "/etc/ferm/dsa.d/${prio}_${name}":
-                ensure  => present,
-                owner   => root,
-                group   => root,
-                mode    => 0400,
-                content => template("ferm/ferm-rule.erb"),
-                notify  => Exec["ferm restart"],
-        }
-    }
+	# realize (i.e. enable) all @ferm::rule virtual resources
+	Ferm::Rule <| |>
 
-    # realize (i.e. enable) all @ferm::rule virtual resources
-    Ferm::Rule <| |>
+	File { mode => '0400' }
 
-    package {
-            ferm: ensure => installed;
-            ulogd: ensure => installed;
-    }
+	package { 'ferm':
+		ensure => installed
+	}
+	package { 'ulogd':
+		ensure => installed
+	}
 
-    file {
-        "/etc/ferm/dsa.d":
-            ensure => directory,
-            purge   => true,
-            force   => true,
-            recurse => true,
-            source  => "puppet:///files/empty/",
-            notify  => Exec["ferm restart"],
-            require => Package["ferm"];
-        "/etc/ferm":
-            ensure  => directory,
-            mode    => 0755;
-        "/etc/ferm/conf.d":
-            ensure => directory,
-            require => Package["ferm"];
-        "/etc/default/ferm":
-            source  => "puppet:///modules/ferm/ferm.default",
-            require => Package["ferm"],
-            notify  => Exec["ferm restart"];
-        "/etc/ferm/ferm.conf":
-            source  => "puppet:///modules/ferm/ferm.conf",
-            require => Package["ferm"],
-            mode    => 0400,
-            notify  => Exec["ferm restart"];
-        "/etc/ferm/conf.d/me.conf":
-            content => template("ferm/me.conf.erb"),
-            require => Package["ferm"],
-            mode    => 0400,
-            notify  => Exec["ferm restart"];
-        "/etc/ferm/conf.d/defs.conf":
-            content => template("ferm/defs.conf.erb"),
-            require => Package["ferm"],
-            mode    => 0400,
-            notify  => Exec["ferm restart"];
-        "/etc/ferm/conf.d/interfaces.conf":
-            content => template("ferm/interfaces.conf.erb"),
-            require => Package["ferm"],
-            mode    => 0400,
-            notify  => Exec["ferm restart"];
-        "/etc/logrotate.d/ulogd":
-            source => "puppet:///modules/ferm/logrotate-ulogd",
-            require => Package["logrotate"],
-            ;
-    }
+	service { 'ferm':
+		hasstatus   => false,
+		status      => '/bin/true',
+	}
 
-    $munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
+	$munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
 
-    activate_munin_check {
-        $munin_ips: script => "ip_";
-    }
+	munin::check { $munin_ips: script => 'ip_', }
 
-    case extractnodeinfo($nodeinfo, 'buildd') {
-        'true': {
-            file {
-                "/etc/ferm/conf.d/load_ftp_conntrack.conf":
-                    source => "puppet:///modules/ferm/conntrack_ftp.conf",
-                    require => Package["ferm"],
-                    notify  => Exec["ferm restart"];
-            }
-        }
-    }
+	if $v6ips {
+		$munin6_ips = split(regsubst($v6ips, '([^,]+)', 'ip_\1', 'G'), ',')
+		munin::ipv6check { $munin6_ips: }
+	}
 
-    case $v6ips {
-        'no': {}
-        default: {
-            $munin6_ips = split(regsubst($v6ips, '([^,]+)', 'ip6_\1', 'G'), ',')
-            activate_munin_check {
-                $munin6_ips: script => "ip6_";
-            }
-        }
-    }
+	# get rid of old stuff
+	$munin6_ip6s = split(regsubst($v6ips, '([^,]+)', 'ip6_\1', 'G'), ',')
+	munin::check { $munin6_ip6s: ensure => absent }
+
+	file { '/etc/ferm':
+		ensure  => directory,
+		notify  => Service['ferm'],
+		require => Package['ferm'],
+		mode    => '0755'
+	}
+	file { '/etc/ferm/dsa.d':
+		ensure => directory,
+		mode   => '0555',
+		purge   => true,
+		force   => true,
+		recurse => true,
+		source  => 'puppet:///files/empty/',
+	}
+	file { '/etc/ferm/conf.d':
+		ensure => directory,
+		mode   => '0555',
+	}
+	file { '/etc/default/ferm':
+		source  => 'puppet:///modules/ferm/ferm.default',
+		require => Package['ferm'],
+		notify  => Service['ferm'],
+		mode    => '0444',
+	}
+	file { '/etc/ferm/ferm.conf':
+		source  => 'puppet:///modules/ferm/ferm.conf',
+		notify  => Service['ferm'],
+	}
+	file { '/etc/ferm/conf.d/me.conf':
+		content => template('ferm/me.conf.erb'),
+		notify  => Service['ferm'],
+	}
+	file { '/etc/ferm/conf.d/defs.conf':
+		content => template('ferm/defs.conf.erb'),
+		notify  => Service['ferm'],
+	}
+	file { '/etc/ferm/conf.d/interfaces.conf':
+		content => template('ferm/interfaces.conf.erb'),
+		notify  => Service['ferm'],
+	}
+	file { '/etc/logrotate.d/ulogd':
+		source  => 'puppet:///modules/ferm/logrotate-ulogd',
+		mode    => '0444',
+		require => Package['debian.org'],
+	}
+
+	if getfromhash($site::nodeinfo, 'buildd') {
+		file { '/etc/ferm/conf.d/load_ftp_conntrack.conf':
+			source => 'puppet:///modules/ferm/conntrack_ftp.conf',
+			notify  => Service['ferm'],
+		}
+	}
 
-    exec {
-        "ferm restart":
-            command     => "/etc/init.d/ferm restart",
-            refreshonly => true,
-    }
 }
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4: