opendev/system-config
Code Issues Proposed changes

Puppet lint fixes

Browse Source 
Change-Id: I00cfd6765bf3f7acd44263347655228d5a839852
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-on: https://review.openstack.org/15844
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
This commit is contained in:
Paul Belanger 2012-11-11 14:21:49 -05:00 committed by Jenkins
parent 387591a44d
commit ca5b3448f6
1 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
modules/iptables/manifests/init.pp
View File

@ -1,13 +1,18 @@
#http://projects.puppetlabs.com/projects/1/wiki/Module_Iptables_Patterns # Class: iptables
#
class iptables($rules='', $public_tcp_ports=[], $public_udp_ports=[]) { # http://projects.puppetlabs.com/projects/1/wiki/Module_Iptables_Patterns
#
class iptables(
$rules = '',
$public_tcp_ports = [],
$public_udp_ports = []
) {
package { 'iptables-persistent': package { 'iptables-persistent':
ensure => present, ensure => present,
} }
service { 'iptables-persistent': service { 'iptables-persistent':
require => Package['iptables-persistent'], require => Package['iptables-persistent'],
# Because there is no running process for this service, the normal status # Because there is no running process for this service, the normal status
# checks fail. Because puppet then thinks the service has been manually # checks fail. Because puppet then thinks the service has been manually
# stopped, it won't restart it. This fake status command will trick puppet # stopped, it won't restart it. This fake status command will trick puppet
@ -15,11 +20,9 @@ class iptables($rules='', $public_tcp_ports=[], $public_udp_ports=[]) {
# iptables is part of the kernel.) # iptables is part of the kernel.)
hasstatus => true, hasstatus => true,
status => true, status => true,
# Under Debian, the "restart" parameter does not reload the rules, so tell # Under Debian, the "restart" parameter does not reload the rules, so tell
# Puppet to fall back to stop/start, which does work. # Puppet to fall back to stop/start, which does work.
hasrestart => false, hasrestart => false,
} }
file { '/etc/iptables': file { '/etc/iptables':
@ -27,11 +30,15 @@ class iptables($rules='', $public_tcp_ports=[], $public_udp_ports=[]) {
} }
file { '/etc/iptables/rules': file { '/etc/iptables/rules':
ensure => present,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0640', mode => '0640',
content => template('iptables/rules.erb'), content => template('iptables/rules.erb'),
require => [Package['iptables-persistent'], File['/etc/iptables']], require => [
Package['iptables-persistent'],
File['/etc/iptables'],
],
# When this file is updated, make sure the rules get reloaded. # When this file is updated, make sure the rules get reloaded.
notify => Service['iptables-persistent'], notify => Service['iptables-persistent'],
} }
@ -47,11 +54,15 @@ class iptables($rules='', $public_tcp_ports=[], $public_udp_ports=[]) {
} }
file { '/etc/iptables/rules.v6': file { '/etc/iptables/rules.v6':
ensure => present,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0640', mode => '0640',
content => template('iptables/rules.v6.erb'), content => template('iptables/rules.v6.erb'),
require => [Package['iptables-persistent'], File['/etc/iptables']], require => [
Package['iptables-persistent'],
File['/etc/iptables'],
],
# When this file is updated, make sure the rules get reloaded. # When this file is updated, make sure the rules get reloaded.
notify => Service['iptables-persistent'], notify => Service['iptables-persistent'],
replace => true, replace => true,