modules/ferm/manifests/init.pp

   1 class ferm {
   2     define rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
   3         file {
   4             "/etc/ferm/dsa.d/${prio}_${name}":
   5                 ensure  => present,
   6                 owner   => root,
   7                 group   => root,
   8                 mode    => 0400,
   9                 content => template("ferm/ferm-rule.erb"),
  10                 notify  => Exec["ferm restart"],
  11         }
  12     }
  13
  14     # realize (i.e. enable) all @ferm::rule virtual resources
  15     Ferm::Rule <| |>
  16
  17     package {
  18             ferm: ensure => installed;
  19             ulogd: ensure => installed;
  20             logrotate: ensure => installed;
  21     }
  22
  23     file {
  24         "/etc/ferm/dsa.d":
  25             ensure => directory,
  26             purge   => true,
  27             force   => true,
  28             recurse => true,
  29             source  => "puppet:///files/empty/",
  30             require => Package["ferm"];
  31         "/etc/ferm/conf.d":
  32             ensure => directory,
  33             require => Package["ferm"];
  34         "/etc/default/ferm":
  35             source  => "puppet:///ferm/ferm.default",
  36             require => Package["ferm"],
  37             notify  => Exec["ferm restart"];
  38         "/etc/ferm/ferm.conf":
  39             source  => "puppet:///ferm/ferm.conf",
  40             require => Package["ferm"],
  41             mode    => 0400,
  42             notify  => Exec["ferm restart"];
  43         "/etc/ferm/conf.d/me.conf":
  44             content => template("ferm/me.conf.erb"),
  45             require => Package["ferm"],
  46             mode    => 0400,
  47             notify  => Exec["ferm restart"];
  48         "/etc/ferm/conf.d/defs.conf":
  49             content => template("ferm/defs.conf.erb"),
  50             require => Package["ferm"],
  51             mode    => 0400,
  52             notify  => Exec["ferm restart"];
  53         "/etc/ferm/conf.d/interfaces.conf":
  54             content => template("ferm/interfaces.conf.erb"),
  55             require => Package["ferm"],
  56             mode    => 0400,
  57             notify  => Exec["ferm restart"];
  58         "/etc/logrotate.d/ulogd":
  59             source => "puppet:///ferm/logrotate-ulogd",
  60             require => Package["logrotate"],
  61             ;
  62     }
  63
  64     $munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
  65
  66     activate_munin_check {
  67         $munin_ips: script => "ip_";
  68     }
  69
  70     case extractnodeinfo($nodeinfo, 'buildd') {
  71         'true': {
  72             file {
  73                 "/etc/ferm/conf.d/load_ftp_conntrack.conf":
  74                     source => "puppet:///ferm/conntrack_ftp.conf",
  75                     require => Package["ferm"],
  76                     notify  => Exec["ferm restart"];
  77             }
  78         }
  79     }
  80
  81     case $v6ips {
  82         'no': {}
  83         default: {
  84             $munin6_ips = split(regsubst($v6ips, '([^,]+)', 'ip6_\1', 'G'), ',')
  85             activate_munin_check {
  86                 $munin6_ips: script => "ip6_";
  87             }
  88         }
  89     }
  90
  91     exec {
  92         "ferm restart":
  93             command     => "/etc/init.d/ferm restart",
  94             refreshonly => true,
  95     }
  96 }
  97 # vim:set et:
  98 # vim:set sts=4 ts=4:
  99 # vim:set shiftwidth=4: