expose a ferm::module interface for hooks

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/buildd/manifests/init.pp b/modules/buildd/manifests/init.pp
index 364267a..8f2065d 100644 (file)
--- a/modules/buildd/manifests/init.pp
+++ b/modules/buildd/manifests/init.pp
@@ -17,6 +17,7 @@ class buildd {
        }
 
        site::linux_module { 'dm_snapshot': }
+       ferm::module { 'ftp_conntrack': }
 
        site::aptrepo { 'buildd':
                ensure => absent,

diff --git a/modules/ferm/files/conntrack_ftp.conf b/modules/ferm/files/conntrack_ftp.conf
deleted file mode 100644 (file)
index d8c3a51..0000000
--- a/modules/ferm/files/conntrack_ftp.conf
+++ /dev/null
@@ -1 +0,0 @@
-hook pre 'modprobe nf_conntrack_ftp || true';

diff --git a/modules/ferm/files/conntrack_sip.conf b/modules/ferm/files/conntrack_sip.conf
deleted file mode 100644 (file)
index f93ce2c..0000000
--- a/modules/ferm/files/conntrack_sip.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-hook pre 'modprobe nf_conntrack_sip || true';
-hook pre 'modprobe nf_conntrack_h323 || true';

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index 62ad573..a977e98 100644 (file)
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -83,11 +83,4 @@ class ferm {
                require => Package['debian.org'],
        }
 
-       if getfromhash($site::nodeinfo, 'buildd') {
-               file { '/etc/ferm/conf.d/load_ftp_conntrack.conf':
-                       source => 'puppet:///modules/ferm/conntrack_ftp.conf',
-                       notify  => Service['ferm'],
-               }
-       }
-
 }

diff --git a/modules/ferm/manifests/module.pp b/modules/ferm/manifests/module.pp
new file mode 100644 (file)
index 0000000..cec6496
--- /dev/null
+++ b/modules/ferm/manifests/module.pp
@@ -0,0 +1,12 @@
+define ferm::module (
+       $module,
+       $hookstage='pre',
+       $ensure=present
+) {
+       file { "/etc/ferm/conf.d/load_${module}.conf":
+               ensure  => $ensure,
+               content => template('ferm/load_module.erb'),
+               require => Package['ferm'],
+               notify  => Service['ferm']
+       }
+}

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 65b056d..862d2d7 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -121,12 +121,9 @@ class ferm::per-host {
                        }
                }
                cilea: {
-                       file {
-                               '/etc/ferm/conf.d/load_sip_conntrack.conf':
-                                       source => 'puppet:///modules/ferm/conntrack_sip.conf',
-                                       require => Package['ferm'],
-                                       notify  => Service['ferm'],
-                       }
+                       ferm::module { 'nf_conntrack_sip': }
+                       ferm::module { 'nf_conntrack_h323': }
+
                        @ferm::rule { 'dsa-sip':
                                domain          => '(ip ip6)',
                                description     => 'Allow sip access',

diff --git a/modules/ferm/templates/load_module.erb b/modules/ferm/templates/load_module.erb
new file mode 100644 (file)
index 0000000..4b69d50
--- /dev/null
+++ b/modules/ferm/templates/load_module.erb
@@ -0,0 +1 @@
+hook <%= scope.lookupvar('hookstage') %> 'modprobe <%= scope.lookupvar('module') %>  || true';