Mercurial > repos > other > Puppet

view modules/firewall/manifests/linux.pp @ 398:66c406eec60d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update and fix firewall for Ubuntu * Use later version of module (not latest because our Puppet isn't supported) * Change how we define "ensure" because Ubuntu doesn't use IPv6 methods
author IBBoard <dev@ibboard.co.uk>
date Wed, 20 Apr 2022 19:04:13 +0100
parents d9352a684e62
children adf6fe9bbc17
line wrap: on
line source

# @summary Main linux class, includes all other classes
#
# @param ensure
#   Controls the state of the ipv4 iptables service on your system. Valid options: 'running' or 'stopped'. Defaults to 'running'.
#
# @param ensure_v6
#   Controls the state of the ipv6 iptables service on your system. Valid options: 'running' or 'stopped'. Defaults to 'running'.
#
# @param pkg_ensure
#   Controls the state of the iptables package on your system. Valid options: 'present' or 'latest'. Defaults to 'latest'.
#
# @param service_name
#   Specify the name of the IPv4 iptables service. Defaults defined in firewall::params.
#
# @param service_name_v6
#   Specify the name of the IPv6 iptables service. Defaults defined in firewall::params.
#
# @param package_name
#   Specify the platform-specific package(s) to install. Defaults defined in firewall::params.
#
# @param ebtables_manage
#   Controls whether puppet manages the ebtables package or not. If managed, the package will use the value of pkg_ensure.
#
# @api private
#
class firewall::linux (
  $ensure          = running,
  $ensure_v6       = undef,
  $pkg_ensure      = present,
  $service_name    = $firewall::params::service_name,
  $service_name_v6 = $firewall::params::service_name_v6,
  $package_name    = $firewall::params::package_name,
  $ebtables_manage = false,
) inherits ::firewall::params {
  $enable = $ensure ? {
    'running' => true,
    'stopped' => false,
  }

  $_ensure_v6 = pick($ensure_v6, $ensure)

  $_enable_v6 = $_ensure_v6 ? {
    'running' => true,
    'stopped' => false,
  }

  package { 'iptables':
    ensure => $pkg_ensure,
  }

  if $ebtables_manage {
    package { 'ebtables':
      ensure => $pkg_ensure,
    }
  }

  case $::operatingsystem {
    'RedHat', 'CentOS', 'Fedora', 'Scientific', 'SL', 'SLC', 'Ascendos',
    'CloudLinux', 'PSBM', 'OracleLinux', 'OVS', 'OEL', 'Amazon', 'XenServer',
    'VirtuozzoLinux': {
      class { "${title}::redhat":
        ensure          => $ensure,
        ensure_v6       => $_ensure_v6,
        enable          => $enable,
        enable_v6       => $_enable_v6,
        package_name    => $package_name,
        service_name    => $service_name,
        service_name_v6 => $service_name_v6,
        require         => Package['iptables'],
      }
    }
    'Debian', 'Ubuntu': {
      class { "${title}::debian":
        ensure       => $ensure,
        enable       => $enable,
        package_name => $package_name,
        service_name => $service_name,
        require      => Package['iptables'],
      }
    }
    'Archlinux': {
      class { "${title}::archlinux":
        ensure       => $ensure,
        enable       => $enable,
        package_name => $package_name,
        service_name => $service_name,
        require      => Package['iptables'],
      }
    }
    'Gentoo': {
      class { "${title}::gentoo":
        ensure       => $ensure,
        enable       => $enable,
        package_name => $package_name,
        service_name => $service_name,
        require      => Package['iptables'],
      }
    }
    default: {}
  }
}