X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fnfs-server%2Fmanifests%2Finit.pp;fp=modules%2Fnfs-server%2Fmanifests%2Finit.pp;h=b9ff8885ffd124ae30d3b3a83739bdeb865aa2df;hb=3eb533e5499e66423bafdedaf6c7d08ead1772de;hp=d14a6ca38661fab2c9b4d0f74b9f85e4e38a9f86;hpb=103df6353b04261dda4f6db60925961f0a9cce5c;p=dsa-puppet.git

diff --git a/modules/nfs-server/manifests/init.pp b/modules/nfs-server/manifests/init.pp
index d14a6ca3..b9ff8885 100644
--- a/modules/nfs-server/manifests/init.pp
+++ b/modules/nfs-server/manifests/init.pp
@@ -1,31 +1,60 @@
 class nfs-server {
 
-    include ferm::nfs-server
+	package { [
+			'nfs-common',
+			'nfs-kernel-server'
+		]:
+			ensure => installed
+	}
 
-    package {
-        nfs-common: ensure => installed;
-        nfs-kernel-server: ensure => installed;
-    }
+	service { 'nfs-common':
+		hasstatus   => false,
+		status      => '/bin/true',
+		refreshonly => true,
+	}
+	service { 'nfs-kernel-server':
+		hasstatus   => false,
+		status      => '/bin/true',
+		refreshonly => true,
+	}
 
-    file {
-        "/etc/default/nfs-common":
-            source  => "puppet:///modules/nfs-server/nfs-common.default",
-            require => Package["nfs-common"],
-            notify  => Exec["nfs-common restart"];
-        "/etc/default/nfs-kernel-server":
-            source  => "puppet:///modules/nfs-server/nfs-kernel-server.default",
-            require => Package["nfs-kernel-server"],
-            notify  => Exec["nfs-kernel-server restart"];
-        "/etc/modprobe.d/lockd.local":
-            source  => "puppet:///modules/nfs-server/lockd.local.modprobe";
-    }
+	@ferm::rule { 'dsa-portmap':
+		domain      => '(ip ip6)',
+		description => 'Allow portmap access',
+		rule        => '&TCP_UDP_SERVICE(111)'
+	}
+	@ferm::rule { 'dsa-nfs':
+		domain      => '(ip ip6)',
+		description => 'Allow nfsd access',
+		rule        => '&TCP_UDP_SERVICE(2049)'
+	}
+	@ferm::rule { 'dsa-status':
+		domain      => '(ip ip6)',
+		description => 'Allow statd access',
+		rule        => '&TCP_UDP_SERVICE(10000)'
+	}
+	@ferm::rule { 'dsa-mountd':
+		domain      => '(ip ip6)',
+		description => 'Allow mountd access',
+		rule        => '&TCP_UDP_SERVICE(10002)'
+	}
+	@ferm::rule { 'dsa-lockd':
+		domain      => '(ip ip6)',
+		description => 'Allow lockd access',
+		rule        => '&TCP_UDP_SERVICE(10003)'
+	}
 
-    exec {
-        "nfs-common restart":
-            path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
-            refreshonly => true;
-        "nfs-kernel-server restart":
-            path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
-            refreshonly => true;
-    }
+	file { '/etc/default/nfs-common':
+		source  => 'puppet:///modules/nfs-server/nfs-common.default',
+		require => Package['nfs-common'],
+		notify  => Service['nfs-common'],
+	}
+	file { '/etc/default/nfs-kernel-server':
+		source  => 'puppet:///modules/nfs-server/nfs-kernel-server.default',
+		require => Package['nfs-kernel-server'],
+		notify  => Service['nfs-kernel-server'],
+	}
+	file { '/etc/modprobe.d/lockd.local':
+		source => 'puppet:///modules/nfs-server/lockd.local.modprobe'
+	}
 }