Mercurial > repos > other > Puppet

annotate modules/firewall/manifests/init.pp @ 478:adf6fe9bbc17

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Puppet modules to latest versions
author IBBoard <dev@ibboard.co.uk>
date Thu, 29 Aug 2024 18:47:29 +0100
parents 66c406eec60d
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
275
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
1 # @summary
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
2 # Performs the basic setup tasks required for using the firewall resources.
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
3 #
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
4 # At the moment this takes care of:
39
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
5 #
275
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
6 # iptables-persistent package installation
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
7 # Include the firewall class for nodes that need to use the resources in this module:
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
8 #
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
9 # @example
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
10 # class { 'firewall': }
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
11 #
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
12 # @param ensure
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
13 # Controls the state of the ipv4 iptables service on your system. Valid options: 'running' or 'stopped'.
39
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
14 #
275
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
15 # @param ensure_v6
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
16 # Controls the state of the ipv6 iptables service on your system. Valid options: 'running' or 'stopped'.
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
17 #
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
18 # @param pkg_ensure
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 398
diff changeset
19 # Controls the state of the iptables package on your system. Valid options: 'present', 'installed' or 'latest'.
275
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
20 #
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
21 # @param service_name
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
22 # Specify the name of the IPv4 iptables service.
39
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
23 #
275
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
24 # @param service_name_v6
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
25 # Specify the name of the IPv6 iptables service.
39
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
26 #
275
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
27 # @param package_name
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
28 # Specify the platform-specific package(s) to install.
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
29 #
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
30 # @param ebtables_manage
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
31 # Controls whether puppet manages the ebtables package or not. If managed, the package will use the value of pkg_ensure.
39
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
32 #
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
33 class firewall (
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 398
diff changeset
34 Enum[running, stopped, 'running', 'stopped'] $ensure = running,
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 398
diff changeset
35 Optional[Enum[running, stopped, 'running', 'stopped']] $ensure_v6 = undef,
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 398
diff changeset
36 Enum[present, installed, latest, 'present', 'installed', 'latest'] $pkg_ensure = present,
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 398
diff changeset
37 Variant[String[1], Array[String[1]]] $service_name = $firewall::params::service_name,
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 398
diff changeset
38 Optional[String[1]] $service_name_v6 = $firewall::params::service_name_v6,
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 398
diff changeset
39 Optional[Variant[String[1], Array[String[1]]]] $package_name = $firewall::params::package_name,
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 398
diff changeset
40 Boolean $ebtables_manage = false,
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 398
diff changeset
41 ) inherits firewall::params {
275
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
42 $_ensure_v6 = pick($ensure_v6, $ensure)
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
43
39
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
44 case $ensure {
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
45 /^(running|stopped)$/: {
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
46 # Do nothing.
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
47 }
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
48 default: {
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
49 fail("${title}: Ensure value '${ensure}' is not supported")
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
50 }
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
51 }
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
52
275
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
53 if $ensure_v6 {
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
54 case $ensure_v6 {
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
55 /^(running|stopped)$/: {
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
56 # Do nothing.
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
57 }
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
58 default: {
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
59 fail("${title}: ensure_v6 value '${ensure_v6}' is not supported")
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
60 }
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
61 }
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
62 }
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
63
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 398
diff changeset
64 case $facts['kernel'] {
39
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
65 'Linux': {
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
66 class { "${title}::linux":
275
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
67 ensure => $ensure,
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
68 ensure_v6 => $_ensure_v6,
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
69 pkg_ensure => $pkg_ensure,
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
70 service_name => $service_name,
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
71 service_name_v6 => $service_name_v6,
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
72 package_name => $package_name,
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
73 ebtables_manage => $ebtables_manage,
39
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
74 }
275
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
75 contain "${title}::linux"
d9352a684e62 Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents: 39
diff changeset
76 }
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 398
diff changeset
77 'FreeBSD', 'OpenBSD', 'windows': {
39
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
78 }
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
79 default: {
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 398
diff changeset
80 fail("${title}: Kernel '${facts['kernel']}' is not currently supported")
39
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
81 }
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
82 }
d6f2a0ee45c0 Add "Firewall" module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
83 }