modules/ferm/manifests/init.pp

   1 class ferm {
   2     define rule($domain="ip", $table="filter", $chain="INPUT", $rule, $description="", $prio="00") {
   3         file {
   4             "/etc/ferm/dsa.d/${prio}_${name}":
   5                 ensure  => present,
   6                 owner   => root,
   7                 group   => root,
   8                 mode    => 0400,
   9                 content => template("ferm/ferm-rule.erb"),
  10                 notify  => Exec["ferm restart"],
  11         }
  12     }
  13
  14     # realize (i.e. enable) all @ferm::rule virtual resources
  15     Ferm::Rule <| |>
  16
  17     package {
  18             ferm: ensure => installed;
  19             ulogd: ensure => installed;
  20     }
  21
  22     file {
  23         "/etc/ferm/dsa.d":
  24             ensure => directory,
  25             purge   => true,
  26             force   => true,
  27             recurse => true,
  28             source  => "puppet:///files/empty/",
  29             require => Package["ferm"];
  30         "/etc/ferm":
  31             ensure  => directory,
  32             mode    => 0755;
  33         "/etc/ferm/conf.d":
  34             ensure => directory,
  35             require => Package["ferm"];
  36         "/etc/default/ferm":
  37             source  => "puppet:///modules/ferm/ferm.default",
  38             require => Package["ferm"],
  39             notify  => Exec["ferm restart"];
  40         "/etc/ferm/ferm.conf":
  41             source  => "puppet:///modules/ferm/ferm.conf",
  42             require => Package["ferm"],
  43             mode    => 0400,
  44             notify  => Exec["ferm restart"];
  45         "/etc/ferm/conf.d/me.conf":
  46             content => template("ferm/me.conf.erb"),
  47             require => Package["ferm"],
  48             mode    => 0400,
  49             notify  => Exec["ferm restart"];
  50         "/etc/ferm/conf.d/defs.conf":
  51             content => template("ferm/defs.conf.erb"),
  52             require => Package["ferm"],
  53             mode    => 0400,
  54             notify  => Exec["ferm restart"];
  55         "/etc/ferm/conf.d/interfaces.conf":
  56             content => template("ferm/interfaces.conf.erb"),
  57             require => Package["ferm"],
  58             mode    => 0400,
  59             notify  => Exec["ferm restart"];
  60         "/etc/logrotate.d/ulogd":
  61             source => "puppet:///modules/ferm/logrotate-ulogd",
  62             require => Package["logrotate"],
  63             ;
  64     }
  65
  66     $munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
  67
  68     activate_munin_check {
  69         $munin_ips: script => "ip_";
  70     }
  71
  72     case extractnodeinfo($nodeinfo, 'buildd') {
  73         'true': {
  74             file {
  75                 "/etc/ferm/conf.d/load_ftp_conntrack.conf":
  76                     source => "puppet:///modules/ferm/conntrack_ftp.conf",
  77                     require => Package["ferm"],
  78                     notify  => Exec["ferm restart"];
  79             }
  80         }
  81     }
  82
  83     case $v6ips {
  84         'no': {}
  85         default: {
  86             $munin6_ips = split(regsubst($v6ips, '([^,]+)', 'ip6_\1', 'G'), ',')
  87             activate_munin_check {
  88                 $munin6_ips: script => "ip6_";
  89             }
  90         }
  91     }
  92
  93     exec {
  94         "ferm restart":
  95             command     => "/etc/init.d/ferm restart",
  96             refreshonly => true,
  97     }
  98 }
  99 # vim:set et:
 100 # vim:set sts=4 ts=4:
 101 # vim:set shiftwidth=4: