3 # This class installs ferm and sets up rules
10 File { mode => '0400' }
19 # Remove instead of purge ulogd because it deletes log files on purge.
25 status => '/bin/true',
28 command => 'service ferm reload',
33 $munin_ips = getfromhash($deprecated::nodeinfo, 'misc', 'v4addrs')
34 .map |$addr| { "ip_${addr}" }
36 munin::check { $munin_ips: script => 'ip_', }
38 $munin6_ips = getfromhash($deprecated::nodeinfo, 'misc', 'v6addrs')
39 .map |$addr| { "ip_${addr}" }
40 munin::ipv6check { $munin6_ips: }
44 notify => Exec['ferm reload'],
45 require => Package['ferm'],
48 file { '/etc/ferm/dsa.d':
54 source => 'puppet:///files/empty/',
56 file { '/etc/ferm/conf.d':
62 source => 'puppet:///files/empty/',
64 file { '/etc/default/ferm':
65 source => 'puppet:///modules/ferm/ferm.default',
66 require => Package['ferm'],
67 notify => Exec['ferm reload'],
70 file { '/etc/ferm/ferm.conf':
71 content => template('ferm/ferm.conf.erb'),
72 notify => Exec['ferm reload'],
74 file { '/etc/ferm/conf.d/00-init.conf':
75 content => template('ferm/00-init.conf.erb'),
76 notify => Exec['ferm reload'],
78 file { '/etc/ferm/conf.d/me.conf':
79 content => template('ferm/me.conf.erb'),
80 notify => Exec['ferm reload'],
82 file { '/etc/ferm/conf.d/defs.conf':
83 content => template('ferm/defs.conf.erb'),
84 notify => Exec['ferm reload'],
87 file { '/etc/ferm/conf.d/50-munin-interfaces.conf':
88 content => template('ferm/conf.d-munin-interfaces.conf.erb'),
89 notify => Exec['ferm reload'],
91 ferm::rule { 'dsa-munin-interfaces-in':
93 description => 'munin accounting',
96 rule => 'daddr ($MUNIN_IPS) NOP'
98 ferm::rule { 'dsa-munin-interfaces-out':
100 description => 'munin accounting',
102 domain => '(ip ip6)',
103 rule => 'saddr ($MUNIN_IPS) NOP'
106 file { '/etc/ferm/dsa.d/010-base.conf':
107 content => template('ferm/dsa.d-010-base.conf.erb'),
108 notify => Exec['ferm reload'],
111 augeas { 'logrotate_ulogd2':
112 context => '/files/etc/logrotate.d/ulogd2',
114 'set rule/schedule daily',
115 'set rule/delaycompress delaycompress',
116 'set rule/rotate 10',
117 'set rule/ifempty notifempty',
120 file { '/etc/logrotate.d/ulogd':
123 file { '/etc/logrotate.d/ulogd.dpkg-bak':
126 file { '/etc/logrotate.d/ulogd.dpkg-dist':