class ferm {
- define rule($domain="ip", $table="filter", $chain="INPUT", $rule, $description="", $prio="00", $notarule=false) {
- file {
- "/etc/ferm/dsa.d/${prio}_${name}":
- ensure => present,
- owner => root,
- group => root,
- mode => 0400,
- content => template("ferm/ferm-rule.erb"),
- notify => Exec["ferm restart"],
- }
- }
+ # realize (i.e. enable) all @ferm::rule virtual resources
+ Ferm::Rule <| |>
- # realize (i.e. enable) all @ferm::rule virtual resources
- Ferm::Rule <| |>
+ File { mode => '0400' }
- package {
- ferm: ensure => installed;
- ulogd: ensure => installed;
- }
+ package { 'ferm':
+ ensure => installed
+ }
+ package { 'ulogd':
+ ensure => installed
+ }
- file {
- "/etc/ferm/dsa.d":
- ensure => directory,
- purge => true,
- force => true,
- recurse => true,
- source => "puppet:///files/empty/",
- notify => Exec["ferm restart"],
- require => Package["ferm"];
- "/etc/ferm":
- ensure => directory,
- mode => 0755;
- "/etc/ferm/conf.d":
- ensure => directory,
- require => Package["ferm"];
- "/etc/default/ferm":
- source => "puppet:///modules/ferm/ferm.default",
- require => Package["ferm"],
- notify => Exec["ferm restart"];
- "/etc/ferm/ferm.conf":
- source => "puppet:///modules/ferm/ferm.conf",
- require => Package["ferm"],
- mode => 0400,
- notify => Exec["ferm restart"];
- "/etc/ferm/conf.d/me.conf":
- content => template("ferm/me.conf.erb"),
- require => Package["ferm"],
- mode => 0400,
- notify => Exec["ferm restart"];
- "/etc/ferm/conf.d/defs.conf":
- content => template("ferm/defs.conf.erb"),
- require => Package["ferm"],
- mode => 0400,
- notify => Exec["ferm restart"];
- "/etc/ferm/conf.d/interfaces.conf":
- content => template("ferm/interfaces.conf.erb"),
- require => Package["ferm"],
- mode => 0400,
- notify => Exec["ferm restart"];
- "/etc/logrotate.d/ulogd":
- source => "puppet:///modules/ferm/logrotate-ulogd",
- require => Package["debian.org"],
- ;
- }
+ service { 'ferm':
+ hasstatus => false,
+ status => '/bin/true',
+ refreshonly => true,
+ }
- $munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
+ $munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
- activate_munin_check {
- $munin_ips: script => "ip_";
- }
+ munin::check { $munin_ips: script => 'ip_', }
- define munin_ipv6_plugin() {
- file {
- "/etc/munin/plugins/$name":
- content => "#!/bin/bash\n# This file is under puppet control\n. /usr/share/munin/plugins/ip_\n",
- mode => 555,
- notify => Exec["munin-node restart"],
- ;
- }
- }
- case $v6ips {
- 'no': {}
- default: {
- $munin6_ips = split(regsubst($v6ips, '([^,]+)', 'ip_\1', 'G'), ',')
- munin_ipv6_plugin {
- $munin6_ips: ;
- }
- # get rid of old stuff
- $munin6_ip6s = split(regsubst($v6ips, '([^,]+)', 'ip6_\1', 'G'), ',')
- activate_munin_check {
- $munin6_ip6s: ensure => absent;
- }
- }
- }
+ if $v6ips {
+ $munin6_ips = split(regsubst($v6ips, '([^,]+)', 'ip_\1', 'G'), ',')
+ munin::check { $munin6_ips: script => 'ip_', }
+ }
+ # get rid of old stuff
+ $munin6_ip6s = split(regsubst($v6ips, '([^,]+)', 'ip6_\1', 'G'), ',')
+ munin::check { $munin6_ip6s: ensure => absent }
- case getfromhash($nodeinfo, 'buildd') {
- true: {
- file {
- "/etc/ferm/conf.d/load_ftp_conntrack.conf":
- source => "puppet:///modules/ferm/conntrack_ftp.conf",
- require => Package["ferm"],
- notify => Exec["ferm restart"];
- }
- }
- }
+ file { '/etc/ferm':
+ ensure => directory,
+ notify => Service['ferm'],
+ require => Package['ferm'],
+ mode => '0755'
+ }
+ file { '/etc/ferm/dsa.d':
+ ensure => directory,
+ purge => true,
+ force => true,
+ recurse => true,
+ source => 'puppet:///files/empty/',
+ }
+ file { '/etc/ferm/conf.d':
+ ensure => directory,
+ }
+ file { '/etc/default/ferm':
+ source => 'puppet:///modules/ferm/ferm.default',
+ require => Package['ferm'],
+ notify => Service['ferm'],
+ }
+ file { '/etc/ferm/ferm.conf':
+ source => 'puppet:///modules/ferm/ferm.conf',
+ }
+ file { '/etc/ferm/conf.d/me.conf':
+ content => template('ferm/me.conf.erb'),
+ }
+ file { '/etc/ferm/conf.d/defs.conf':
+ content => template('ferm/defs.conf.erb'),
+ }
+ file { '/etc/ferm/conf.d/interfaces.conf':
+ content => template('ferm/interfaces.conf.erb'),
+ }
+ file { '/etc/logrotate.d/ulogd':
+ source => 'puppet:///modules/ferm/logrotate-ulogd',
+ require => Package['debian.org'],
+ }
+
+ if getfromhash($site::nodeinfo, 'buildd') {
+ file { '/etc/ferm/conf.d/load_ftp_conntrack.conf':
+ source => 'puppet:///modules/ferm/conntrack_ftp.conf',
+ }
+ }
- exec {
- "ferm restart":
- command => "/etc/init.d/ferm restart",
- refreshonly => true,
- }
}
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4:
projects / dsa-puppet.git / blobdiff