X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Finit.pp;h=869a3d6603f577002f10ea1e8e58830184ed3fb3;hb=249b713a08d35bffb1cd52739be6f5808baa5a5f;hp=c07449fb19ac06a210edaea64c82a760f162ae82;hpb=31cc527d395038046cf965a79fc3b9ea9aed6160;p=mirror%2Fdsa-puppet.git diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp index c07449fb1..869a3d660 100644 --- a/modules/ferm/manifests/init.pp +++ b/modules/ferm/manifests/init.pp @@ -1,25 +1,122 @@ +# = Class: ferm +# +# This class installs ferm and sets up rules +# +# == Sample Usage: +# +# include ferm +# class ferm { - define rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") { - file { "/etc/ferm/dsa.d/${prio}_${name}": - ensure => present, - owner => root, - group => root, - mode => 0600, - content => template("ferm/ferm-rule.erb"), - notify => Exec["ferm restart"], - } - } - - file { - "/etc/ferm": - ensure => directory; - "/etc/ferm/dsa.d": - ensure => directory; - } - - exec { "ferm restart": - command => "/bin/true", - refreshonly => true, - } + # realize (i.e. enable) all @ferm::rule virtual resources + Ferm::Rule <| |> + Ferm::Conf <| |> + + File { mode => '0400' } + + package { 'ferm': + ensure => installed + } + if ($::lsbmajdistrelease >= '8') { + package { 'ulogd2': + ensure => installed + } + package { 'ulogd': + # Remove instead of purge ulogd because it deletes log files on purge. + ensure => absent + } + } else { + package { 'ulogd': + ensure => installed + } + } + + service { 'ferm': + hasstatus => false, + status => '/bin/true', + } + + $munin_ips = split(regsubst($::v4ips, '([^,]+)', 'ip_\1', 'G'), ',') + + munin::check { $munin_ips: script => 'ip_', } + + if $v6ips { + $munin6_ips = split(regsubst($::v6ips, '([^,]+)', 'ip_\1', 'G'), ',') + munin::ipv6check { $munin6_ips: } + } + + # get rid of old stuff + $munin6_ip6s = split(regsubst($::v6ips, '([^,]+)', 'ip6_\1', 'G'), ',') + munin::check { $munin6_ip6s: ensure => absent } + + file { '/etc/ferm': + ensure => directory, + notify => Service['ferm'], + require => Package['ferm'], + mode => '0755' + } + file { '/etc/ferm/dsa.d': + ensure => directory, + mode => '0555', + purge => true, + force => true, + recurse => true, + source => 'puppet:///files/empty/', + } + file { '/etc/ferm/conf.d': + ensure => directory, + mode => '0555', + purge => true, + force => true, + recurse => true, + source => 'puppet:///files/empty/', + } + file { '/etc/default/ferm': + source => 'puppet:///modules/ferm/ferm.default', + require => Package['ferm'], + notify => Service['ferm'], + mode => '0444', + } + file { '/etc/ferm/ferm.conf': + content => template('ferm/ferm.conf.erb'), + notify => Service['ferm'], + } + file { '/etc/ferm/conf.d/me.conf': + content => template('ferm/me.conf.erb'), + notify => Service['ferm'], + } + file { '/etc/ferm/conf.d/defs.conf': + content => template('ferm/defs.conf.erb'), + notify => Service['ferm'], + } + file { '/etc/ferm/conf.d/interfaces.conf': + content => template('ferm/interfaces.conf.erb'), + notify => Service['ferm'], + } + if ($::lsbmajdistrelease >= '8') { + augeas { 'logrotate_ulogd2': + context => '/files/etc/logrotate.d/ulogd2', + changes => [ + 'set rule/schedule daily', + 'set rule/delaycompress delaycompress', + 'set rule/rotate 10', + 'set rule/ifempty notifempty', + ], + } + file { '/etc/logrotate.d/ulogd': + ensure => absent, + } + file { '/etc/logrotate.d/ulogd.dpkg-bak': + ensure => absent, + } + file { '/etc/logrotate.d/ulogd.dpkg-dist': + ensure => absent, + } + } else { + file { '/etc/logrotate.d/ulogd': + source => 'puppet:///modules/ferm/logrotate-ulogd', + mode => '0444', + require => Package['debian.org'], + } + } }