3 # This class installs ferm and sets up rules
10 File { mode => '0400' }
19 # Remove instead of purge ulogd because it deletes log files on purge.
25 status => '/bin/true',
29 command => "service ferm reload",
34 $munin_ips = getfromhash($site::nodeinfo, 'misc', 'v4addrs')
35 .map |$addr| { "ip_${addr}" }
37 munin::check { $munin_ips: script => 'ip_', }
39 $munin6_ips = getfromhash($site::nodeinfo, 'misc', 'v6addrs')
40 .map |$addr| { "ip_${addr}" }
41 munin::ipv6check { $munin6_ips: }
45 notify => Exec['ferm reload'],
46 require => Package['ferm'],
49 file { '/etc/ferm/dsa.d':
55 source => 'puppet:///files/empty/',
57 file { '/etc/ferm/conf.d':
63 source => 'puppet:///files/empty/',
65 file { '/etc/default/ferm':
66 source => 'puppet:///modules/ferm/ferm.default',
67 require => Package['ferm'],
68 notify => Exec['ferm reload'],
71 file { '/etc/ferm/ferm.conf':
72 content => template('ferm/ferm.conf.erb'),
73 notify => Exec['ferm reload'],
75 file { '/etc/ferm/conf.d/00-init.conf':
76 content => template('ferm/00-init.conf.erb'),
77 notify => Exec['ferm reload'],
79 file { '/etc/ferm/conf.d/me.conf':
80 content => template('ferm/me.conf.erb'),
81 notify => Exec['ferm reload'],
83 file { '/etc/ferm/conf.d/defs.conf':
84 content => template('ferm/defs.conf.erb'),
85 notify => Exec['ferm reload'],
88 file { '/etc/ferm/conf.d/50-munin-interfaces.conf':
89 content => template('ferm/conf.d-munin-interfaces.conf.erb'),
90 notify => Exec['ferm reload'],
92 ferm::rule { 'dsa-munin-interfaces-in':
94 description => 'munin accounting',
97 rule => 'daddr ($MUNIN_IPS) NOP'
99 ferm::rule { 'dsa-munin-interfaces-out':
101 description => 'munin accounting',
103 domain => '(ip ip6)',
104 rule => 'saddr ($MUNIN_IPS) NOP'
107 file { '/etc/ferm/dsa.d/010-base.conf':
108 content => template('ferm/dsa.d-010-base.conf.erb'),
109 notify => Exec['ferm reload'],
112 augeas { 'logrotate_ulogd2':
113 context => '/files/etc/logrotate.d/ulogd2',
115 'set rule/schedule daily',
116 'set rule/delaycompress delaycompress',
117 'set rule/rotate 10',
118 'set rule/ifempty notifempty',
121 file { '/etc/logrotate.d/ulogd':
124 file { '/etc/logrotate.d/ulogd.dpkg-bak':
127 file { '/etc/logrotate.d/ulogd.dpkg-dist':