modules/ferm/manifests/init.pp

   1 # = Class: ferm
   2 #
   3 # This class installs ferm and sets up rules
   4 #
   5 # == Sample Usage:
   6 #
   7 #   include ferm
   8 #
   9 class ferm {
  10         # realize (i.e. enable) all @ferm::rule virtual resources
  11         Ferm::Rule <| |>
  12         Ferm::Conf <| |>
  13
  14         File { mode => '0400' }
  15
  16         package { 'ferm':
  17                 ensure => installed
  18         }
  19         if (versioncmp($::lsbmajdistrelease, '8') >= 0) {
  20                 package { 'ulogd2':
  21                         ensure => installed
  22                 }
  23                 package { 'ulogd':
  24                         # Remove instead of purge ulogd because it deletes log files on purge.
  25                         ensure => absent
  26                 }
  27         } else {
  28                 package { 'ulogd':
  29                         ensure => installed
  30                 }
  31         }
  32
  33         service { 'ferm':
  34                 hasstatus   => false,
  35                 status      => '/bin/true',
  36         }
  37
  38         $munin_ips = split(regsubst($::v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
  39
  40         munin::check { $munin_ips: script => 'ip_', }
  41
  42         if $v6ips {
  43                 $munin6_ips = split(regsubst($::v6ips, '([^,]+)', 'ip_\1', 'G'), ',')
  44                 munin::ipv6check { $munin6_ips: }
  45         }
  46
  47         # get rid of old stuff
  48         $munin6_ip6s = split(regsubst($::v6ips, '([^,]+)', 'ip6_\1', 'G'), ',')
  49         munin::check { $munin6_ip6s: ensure => absent }
  50
  51         file { '/etc/ferm':
  52                 ensure  => directory,
  53                 notify  => Service['ferm'],
  54                 require => Package['ferm'],
  55                 mode    => '0755'
  56         }
  57         file { '/etc/ferm/dsa.d':
  58                 ensure => directory,
  59                 mode   => '0555',
  60                 purge   => true,
  61                 force   => true,
  62                 recurse => true,
  63                 source  => 'puppet:///files/empty/',
  64         }
  65         file { '/etc/ferm/conf.d':
  66                 ensure => directory,
  67                 mode   => '0555',
  68                 purge   => true,
  69                 force   => true,
  70                 recurse => true,
  71                 source  => 'puppet:///files/empty/',
  72         }
  73         file { '/etc/default/ferm':
  74                 source  => 'puppet:///modules/ferm/ferm.default',
  75                 require => Package['ferm'],
  76                 notify  => Service['ferm'],
  77                 mode    => '0444',
  78         }
  79         file { '/etc/ferm/ferm.conf':
  80                 content => template('ferm/ferm.conf.erb'),
  81                 notify  => Service['ferm'],
  82         }
  83         file { '/etc/ferm/conf.d/00-init.conf':
  84                 content => template('ferm/00-init.conf.erb'),
  85                 notify  => Service['ferm'],
  86         }
  87         file { '/etc/ferm/conf.d/me.conf':
  88                 content => template('ferm/me.conf.erb'),
  89                 notify  => Service['ferm'],
  90         }
  91         file { '/etc/ferm/conf.d/defs.conf':
  92                 content => template('ferm/defs.conf.erb'),
  93                 notify  => Service['ferm'],
  94         }
  95         file { '/etc/ferm/conf.d/interfaces.conf':
  96                 content => template('ferm/interfaces.conf.erb'),
  97                 notify  => Service['ferm'],
  98         }
  99         if (versioncmp($::lsbmajdistrelease, '8') >= 0) {
 100                 augeas { 'logrotate_ulogd2':
 101                         context => '/files/etc/logrotate.d/ulogd2',
 102                         changes => [
 103                                 'set rule/schedule daily',
 104                                 'set rule/delaycompress delaycompress',
 105                                 'set rule/rotate 10',
 106                                 'set rule/ifempty notifempty',
 107                         ],
 108                 }
 109                 file { '/etc/logrotate.d/ulogd':
 110                         ensure  => absent,
 111                 }
 112                 file { '/etc/logrotate.d/ulogd.dpkg-bak':
 113                         ensure  => absent,
 114                 }
 115                 file { '/etc/logrotate.d/ulogd.dpkg-dist':
 116                         ensure  => absent,
 117                 }
 118         } else {
 119                 file { '/etc/logrotate.d/ulogd':
 120                         source  => 'puppet:///modules/ferm/logrotate-ulogd',
 121                         mode    => '0444',
 122                         require => Package['debian.org'],
 123                 }
 124         }
 125
 126 }