other/Puppet: modules/firewall/manifests/linux/redhat.pp annotate

annotate modules/firewall/manifests/linux/redhat.pp @ 478:adf6fe9bbc17

Update Puppet modules to latest versions

author	IBBoard <dev@ibboard.co.uk>
date	Thu, 29 Aug 2024 18:47:29 +0100
parents	66c406eec60d
children

rev	line source
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	1 # @summary
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	2 # Manages the `iptables` service on RedHat-alike systems.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	3 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	4 # @param ensure
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	5 # Ensure parameter passed onto Service[] resources. Valid options: 'running' or 'stopped'. Defaults to 'running'.
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	6 #
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	7 # @param ensure_v6
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	8 # Ensure parameter passed onto Service[] resources. Valid options: 'running' or 'stopped'. Defaults to 'undef'.
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	9 #
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	10 # @param enable
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	11 # Enable parameter passed onto Service[] resources. Defaults to 'true'.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	12 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	13 # @param enable_v6
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	14 # Enable parameter passed onto Service[] resources. Defaults to 'undef'.
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	15 #
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	16 # @param service_name
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	17 # Specify the name of the IPv4 iptables service. Defaults defined in firewall::params.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	18 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	19 # @param service_name_v6
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	20 # Specify the name of the IPv4 iptables service. Defaults defined in firewall::params.
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	21 #
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	22 # @param package_name
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	23 # Specify the platform-specific package(s) to install. Defaults defined in firewall::params.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	24 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	25 # @param package_ensure
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	26 # Controls the state of the iptables package on your system. Valid options: 'present' or 'latest'. Defaults to 'latest'.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	27 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	28 # @param sysconfig_manage
398 66c406eec60d Update and fix firewall for Ubuntu IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	29 # Enable sysconfig configuration for iptables/ip6tables files. Defaults defined in firewall::params.
66c406eec60d Update and fix firewall for Ubuntu IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	30 # This is disabled for RedHat/CentOS 8+.
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	31 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	32 # @api private
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	33 #
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	34 class firewall::linux::redhat (
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	35 Enum[running, stopped, 'running', 'stopped'] $ensure = running,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	36 Optional[Enum[running, stopped, 'running', 'stopped']] $ensure_v6 = undef,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	37 Variant[Boolean, String[1]] $enable = true,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	38 Optional[Variant[Boolean, String[1]]] $enable_v6 = undef,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	39 Variant[String[1], Array[String[1]]] $service_name = $firewall::params::service_name,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	40 Optional[String[1]] $service_name_v6 = $firewall::params::service_name_v6,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	41 Optional[Variant[String[1], Array[String[1]]]] $package_name = $firewall::params::package_name,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	42 Enum[present, latest, 'present', 'latest'] $package_ensure = $firewall::params::package_ensure,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	43 Boolean $sysconfig_manage = $firewall::params::sysconfig_manage,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	44 Boolean $firewalld_manage = $firewall::params::firewalld_manage,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	45 ) inherits firewall::params {
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	46 $_ensure_v6 = pick($ensure_v6, $ensure)
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	47 $_enable_v6 = pick($enable_v6, $enable)
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	48
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	49 # RHEL 7 / CentOS 7 and later and Fedora 15 and later require the iptables-services
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	50 # package, which provides the /usr/libexec/iptables/iptables.init used by
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	51 # lib/puppet/util/firewall.rb.
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	52 if ($facts['os']['name'] != 'Amazon') {
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	53 if $firewalld_manage {
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	54 service { 'firewalld':
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	55 ensure => stopped,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	56 enable => false,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	57 before => [Package[$package_name], Service[$service_name]],
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	58 }
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	59 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	60 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	61
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	62 # in RHEL 8 / CentOS 8 nftables provides a replacement iptables cli
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	63 # but there is no nftables specific for ipv6 so throw a warning
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	64 if !$service_name_v6 and ($ensure_v6 or $enable_v6) {
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	65 warning('No v6 service available, $ensure_v6 and $enable_v6 are ignored')
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	66 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	67
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	68 if $package_name {
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	69 stdlib::ensure_packages($package_name, {
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	70 'ensure' => $package_ensure,
398 66c406eec60d Update and fix firewall for Ubuntu IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	71 'before' => Service[$service_name] }
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	72 )
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	73 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	74
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	75 if ($facts['os']['name'] != 'Amazon') {
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	76 if $ensure == 'running' {
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	77 $running_command = ['/usr/bin/systemctl', 'daemon-reload']
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	78
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	79 exec { '/usr/bin/systemctl daemon-reload':
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	80 command => $running_command,
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	81 require => Package[$package_name],
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	82 before => Service[$service_name, $service_name_v6],
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	83 subscribe => Package[$package_name],
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	84 refreshonly => true,
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	85 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	86 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	87 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	88
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	89 if ($facts['os']['name'] == 'Amazon') and (versioncmp($facts['os']['release']['major'], '4') >= 0)
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	90 or ($facts['os']['name'] == 'Amazon') and (versioncmp($facts['os']['release']['major'], '2') >= 0) {
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	91 service { $service_name:
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	92 ensure => $ensure,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	93 enable => $enable,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	94 hasstatus => true,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	95 provider => systemd,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	96 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	97 if $service_name_v6 {
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	98 service { $service_name_v6:
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	99 ensure => $_ensure_v6,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	100 enable => $_enable_v6,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	101 hasstatus => true,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	102 provider => systemd,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	103 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	104 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	105 } else {
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	106 service { $service_name:
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	107 ensure => $ensure,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	108 enable => $enable,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	109 hasstatus => true,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	110 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	111 if $service_name_v6 {
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	112 service { $service_name_v6:
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	113 ensure => $_ensure_v6,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	114 enable => $_enable_v6,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	115 hasstatus => true,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	116 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	117 }
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	118 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	119
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	120 if $sysconfig_manage {
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	121 file { "/etc/sysconfig/${service_name}":
398 66c406eec60d Update and fix firewall for Ubuntu IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	122 ensure => file,
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	123 owner => 'root',
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	124 group => 'root',
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	125 mode => '0600',
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	126 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	127 if $service_name_v6 {
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	128 file { "/etc/sysconfig/${service_name_v6}":
398 66c406eec60d Update and fix firewall for Ubuntu IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	129 ensure => file,
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	130 owner => 'root',
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	131 group => 'root',
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	132 mode => '0600',
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	133 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	134 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	135
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	136 # Redhat 7 selinux user context for /etc/sysconfig/iptables is set to system_u
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	137 # Redhat 7 selinux type context for /etc/sysconfig/iptables is set to system_conf_t
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	138 case $facts['os']['selinux']['enabled'] {
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	139 #lint:ignore:quoted_booleans
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	140 'true',true: {
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	141 case $facts['os']['name'] {
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	142 'RedHat': {
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	143 case $facts['os']['release']['full'] {
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	144 /^7\..*/: {
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	145 $seluser = 'unconfined_u'
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	146 $seltype = 'system_conf_t'
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	147 }
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	148 default : {
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	149 $seluser = 'system_u'
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	150 $seltype = 'system_conf_t'
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	151 }
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	152 }
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	153
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	154 File<\| title == "/etc/sysconfig/${service_name}" \|> { seluser => $seluser, seltype => $seltype }
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	155 File<\| title == "/etc/sysconfig/${service_name_v6}" \|> { seluser => $seluser, seltype => $seltype }
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	156 }
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	157 'CentOS': {
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	158 case $facts['os']['release']['full'] {
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	159 /^6\..*/: {
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	160 $seluser = 'unconfined_u'
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	161 $seltype = 'system_conf_t'
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	162 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	163
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	164 /^7\..*/: {
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	165 $seluser = 'system_u'
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	166 $seltype = 'system_conf_t'
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	167 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	168
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	169 /^8\..*/: {
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	170 $seluser = 'system_u'
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	171 $seltype = 'etc_t'
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	172 }
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	173
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	174 /^9\..*/: {
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	175 $seluser = 'system_u'
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	176 $seltype = 'etc_t'
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	177 }
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 398 diff changeset	178
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	179 default : {
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	180 $seluser = 'unconfined_u'
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	181 $seltype = 'etc_t'
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	182 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	183 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	184 File<\| title == "/etc/sysconfig/${service_name}" \|> { seluser => $seluser, seltype => $seltype }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	185 File<\| title == "/etc/sysconfig/${service_name_v6}" \|> { seluser => $seluser, seltype => $seltype }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	186 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	187
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	188 # Fedora uses the same SELinux context as Redhat
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	189 'Fedora': {
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	190 $seluser = 'system_u'
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	191 $seltype = 'system_conf_t'
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	192 File<\| title == "/etc/sysconfig/${service_name}" \|> { seluser => $seluser, seltype => $seltype }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	193 File<\| title == "/etc/sysconfig/${service_name_v6}" \|> { seluser => $seluser, seltype => $seltype }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	194 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	195
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	196 default: {}
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	197 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	198 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	199 default: {}
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	200 #lint:endignore
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 39 diff changeset	201 }
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	202 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	203 }

Mercurial > repos > other > Puppet

annotate modules/firewall/manifests/linux/redhat.pp @ 478:adf6fe9bbc17