3 # This class installs ferm and sets up rules
10 # realize (i.e. enable) all @ferm::rule virtual resources
14 File { mode => '0400' }
23 # Remove instead of purge ulogd because it deletes log files on purge.
29 status => '/bin/true',
32 $munin_ips = getfromhash($site::nodeinfo, 'misc', 'v4addrs')
33 .map |$addr| { "ip_${addr}" }
35 munin::check { $munin_ips: script => 'ip_', }
37 $munin6_ips = getfromhash($site::nodeinfo, 'misc', 'v6addrs')
38 .map |$addr| { "ip_${addr}" }
39 munin::ipv6check { $munin6_ips: }
43 notify => Service['ferm'],
44 require => Package['ferm'],
47 file { '/etc/ferm/dsa.d':
53 source => 'puppet:///files/empty/',
55 file { '/etc/ferm/conf.d':
61 source => 'puppet:///files/empty/',
63 file { '/etc/default/ferm':
64 source => 'puppet:///modules/ferm/ferm.default',
65 require => Package['ferm'],
66 notify => Service['ferm'],
69 file { '/etc/ferm/ferm.conf':
70 content => template('ferm/ferm.conf.erb'),
71 notify => Service['ferm'],
73 file { '/etc/ferm/conf.d/00-init.conf':
74 content => template('ferm/00-init.conf.erb'),
75 notify => Service['ferm'],
77 file { '/etc/ferm/conf.d/me.conf':
78 content => template('ferm/me.conf.erb'),
79 notify => Service['ferm'],
81 file { '/etc/ferm/conf.d/defs.conf':
82 content => template('ferm/defs.conf.erb'),
83 notify => Service['ferm'],
86 file { '/etc/ferm/conf.d/50-munin-interfaces.conf':
87 content => template('ferm/conf.d-munin-interfaces.conf.erb'),
88 notify => Service['ferm'],
90 @ferm::rule { 'dsa-munin-interfaces-in':
92 description => 'munin accounting',
95 rule => 'daddr ($MUNIN_IPS) NOP'
97 @ferm::rule { 'dsa-munin-interfaces-out':
99 description => 'munin accounting',
101 domain => '(ip ip6)',
102 rule => 'saddr ($MUNIN_IPS) NOP'
105 file { '/etc/ferm/dsa.d/010-base.conf':
106 content => template('ferm/dsa.d-010-base.conf.erb'),
107 notify => Service['ferm'],
110 augeas { 'logrotate_ulogd2':
111 context => '/files/etc/logrotate.d/ulogd2',
113 'set rule/schedule daily',
114 'set rule/delaycompress delaycompress',
115 'set rule/rotate 10',
116 'set rule/ifempty notifempty',
119 file { '/etc/logrotate.d/ulogd':
122 file { '/etc/logrotate.d/ulogd.dpkg-bak':
125 file { '/etc/logrotate.d/ulogd.dpkg-dist':