From: Stephen Gran <steve@lobefin.net>
Date: Mon, 16 Apr 2012 12:27:04 +0000 (+0100)
Subject: expose a ferm::module interface for hooks
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=59963405a47cc9a41af273aff5cac242af17a018;p=mirror%2Fdsa-puppet.git

expose a ferm::module interface for hooks

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/buildd/manifests/init.pp b/modules/buildd/manifests/init.pp
index 364267a71..8f2065de4 100644
--- a/modules/buildd/manifests/init.pp
+++ b/modules/buildd/manifests/init.pp
@@ -17,6 +17,7 @@ class buildd {
 	}
 
 	site::linux_module { 'dm_snapshot': }
+	ferm::module { 'ftp_conntrack': }
 
 	site::aptrepo { 'buildd':
 		ensure => absent,
diff --git a/modules/ferm/files/conntrack_ftp.conf b/modules/ferm/files/conntrack_ftp.conf
deleted file mode 100644
index d8c3a516b..000000000
--- a/modules/ferm/files/conntrack_ftp.conf
+++ /dev/null
@@ -1 +0,0 @@
-hook pre 'modprobe nf_conntrack_ftp || true';
diff --git a/modules/ferm/files/conntrack_sip.conf b/modules/ferm/files/conntrack_sip.conf
deleted file mode 100644
index f93ce2ce7..000000000
--- a/modules/ferm/files/conntrack_sip.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-hook pre 'modprobe nf_conntrack_sip || true';
-hook pre 'modprobe nf_conntrack_h323 || true';
diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index 62ad57376..a977e9899 100644
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -83,11 +83,4 @@ class ferm {
 		require => Package['debian.org'],
 	}
 
-	if getfromhash($site::nodeinfo, 'buildd') {
-		file { '/etc/ferm/conf.d/load_ftp_conntrack.conf':
-			source => 'puppet:///modules/ferm/conntrack_ftp.conf',
-			notify  => Service['ferm'],
-		}
-	}
-
 }
diff --git a/modules/ferm/manifests/module.pp b/modules/ferm/manifests/module.pp
new file mode 100644
index 000000000..cec6496f7
--- /dev/null
+++ b/modules/ferm/manifests/module.pp
@@ -0,0 +1,12 @@
+define ferm::module (
+	$module,
+	$hookstage='pre',
+	$ensure=present
+) {
+	file { "/etc/ferm/conf.d/load_${module}.conf":
+		ensure  => $ensure,
+		content => template('ferm/load_module.erb'),
+		require => Package['ferm'],
+		notify  => Service['ferm']
+	}
+}
diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 65b056d87..862d2d77e 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -121,12 +121,9 @@ class ferm::per-host {
 			}
 		}
 		cilea: {
-			file {
-				'/etc/ferm/conf.d/load_sip_conntrack.conf':
-					source => 'puppet:///modules/ferm/conntrack_sip.conf',
-					require => Package['ferm'],
-					notify  => Service['ferm'],
-			}
+			ferm::module { 'nf_conntrack_sip': }
+			ferm::module { 'nf_conntrack_h323': }
+
 			@ferm::rule { 'dsa-sip':
 				domain          => '(ip ip6)',
 				description     => 'Allow sip access',
diff --git a/modules/ferm/templates/load_module.erb b/modules/ferm/templates/load_module.erb
new file mode 100644
index 000000000..4b69d507b
--- /dev/null
+++ b/modules/ferm/templates/load_module.erb
@@ -0,0 +1 @@
+hook <%= scope.lookupvar('hookstage') %> 'modprobe <%= scope.lookupvar('module') %>  || true';