allow ssh access to ubc-node-arm* from ubc-bulwark (internal)

[mirror/dsa-puppet.git] / modules / xinetd / manifests / service.pp

diff --git a/modules/xinetd/manifests/service.pp b/modules/xinetd/manifests/service.pp
index 2ece74c..9924761 100644 (file)
--- a/modules/xinetd/manifests/service.pp
+++ b/modules/xinetd/manifests/service.pp
@@ -2,7 +2,7 @@ define xinetd::service (
        $id,
        $server,
        $service,
-       $port=$service,
+       $port='',
        $bind='',
        $type='',
        $socket_type=stream,
@@ -21,22 +21,22 @@ define xinetd::service (
 ) {
        include xinetd
 
-       case $ensure {
-               present,absent,file: {}
-               default: { fail("Invalid ensure for '$name'") }
+       file { "/etc/xinetd.d/${name}":
+               ensure  => $ensure,
+               content => template('xinetd/service.erb'),
+               notify  => Service['xinetd'],
+               require => Package['xinetd'],
        }
 
        if $ferm {
+               $fermport = $port ? {
+                       "" => $service,
+                       default => $port
+               }
+
                @ferm::rule { "dsa-xinetd-${name}":
                        description => "Allow traffic to ${service}",
-                       rule        => "&SERVICE(${protocol}, ${port})"
+                       rule        => "&SERVICE(${protocol}, ${fermport})"
                }
        }
-
-       file { "/etc/xinetd.d/${name}":
-               ensure  => $ensure,
-               content => template('xinetd/service.erb'),
-               notify  => Service['xinetd'],
-               require => Package['xinetd'],
-       }
 }