some more ferm fixups

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/manifests/site.pp b/manifests/site.pp
index 2fecb32c593fb7e358eeb084a0e8e6490cb76b97..52e1e0d766ca5d5345ea09d14bea7e5397c90c0d 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -74,10 +74,10 @@ node default {
     }
 
     case extractnodeinfo($nodeinfo, 'buildd') {
-         true:  {
+         'true':  {
              include buildd
              case $kernel {
-                 'Linux': {
+                 Linux: {
                      include ferm
                  }
              }

diff --git a/modules/ferm/files/ferm.default b/modules/ferm/files/ferm.default
new file mode 100644 (file)
index 0000000..7864a2e
--- /dev/null
+++ b/modules/ferm/files/ferm.default
@@ -0,0 +1,14 @@
+# configuration for /etc/init.d/ferm
+
+# use iptables-restore for fast firewall initialization?
+FAST=yes
+
+# cache the output of ferm --lines in /var/cache/ferm?
+CACHE=yes
+
+# additional paramaters for ferm (like --def '$foo=bar')
+OPTIONS=
+
+# Enable ferm on bootup?
+ENABLED=yes
+

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index ff57e9140357cd588ef91b42ff917b5efe237ab5..5f63ea7c1af47174de7ecbb540e141494704ade8 100644 (file)
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -26,6 +26,10 @@ class ferm {
                 "/etc/ferm/conf.d":
                         ensure => directory,
                         require => Package["ferm"];
+                "/etc/default/ferm":
+                        source  => "puppet:///ferm/ferm.default",
+                        require => Package["ferm"],
+                        notify  => Exec["ferm restart"];
                 "/etc/ferm/ferm.conf":
                         source  => "puppet:///ferm/ferm.conf",
                         require => Package["ferm"],