migrate away from hiera stuff

diff --git a/README b/README
index 77a845c88b0ac7eb59651613af0c54df52425de3..f6d9b99567899151e0db7a42cfa58d1de48f807c 100644 (file)
--- a/README
+++ b/README
@@ -51,10 +51,9 @@ class config::site_shorewall($startup = '1') {
     order => 100;
   }
 
-  $shorewall_main_interface hiera('shorewall_main_interface','eth0')
-  shorewall::interface { $shorewall_main_interface:
+  shorewall::interface { 'eth0':
     zone    => 'net',
-    rfc1918  => hiera('shorewall_rfc1918_maineth',true)
+    rfc1918  => true,
     options => 'tcpflags,blacklist,nosmurfs';
   }
 

diff --git a/manifests/rules/munin.pp b/manifests/rules/munin.pp
index 26cebfea59656daeec511bb3a6bc986635ed3069..0c86abe543ab54c4ebf618efc392a7786d9362e0 100644 (file)
--- a/manifests/rules/munin.pp
+++ b/manifests/rules/munin.pp
@@ -1,10 +1,10 @@
 class shorewall::rules::munin(
-  $munin_port = hiera('munin_port','4949'),
-  $munin_collector = hiera('munin_collector','127.0.0.1'),
-  $collector_source = hiera('shorewall_munin_in_collector_source','net')
+  $munin_port = '4949',
+  $munin_collector = '127.0.0.1',
+  $collector_source = 'net'
 ){
     shorewall::params { 'MUNINPORT': value => $munin_port }
-    shorewall::params { 'MUNINCOLLECTOR': value => $munin_collector }
+    shorewall::params { 'MUNINCOLLECTOR': value => join($munin_collector,',') }
     shorewall::rule{'net-me-munin-tcp':
         source          => "${collector_source}:\$MUNINCOLLECTOR",
         destination     => '$FW',

diff --git a/manifests/rules/out/ibackup.pp b/manifests/rules/out/ibackup.pp
index 48714affcc8869272b778031d8543e8ed8c9d057..856bcdb9139dc0a5213437dd63d1c2ddb3a18395 100644 (file)
--- a/manifests/rules/out/ibackup.pp
+++ b/manifests/rules/out/ibackup.pp
@@ -1,12 +1,12 @@
 class shorewall::rules::out::ibackup(
-  $backup_host = hiera('shorewall_ibackup_host')
-) {
-    shorewall::rule { 'me-net-tcp_backupssh':
-        source          => '$FW',
-        destination     => "net:${backup_host}",
-        proto           => 'tcp',
-        destinationport => 'ssh',
-        order           => 240,
-        action          => 'ACCEPT';
-    }
+  $backup_host
+){
+  shorewall::rule { 'me-net-tcp_backupssh':
+    source          => '$FW',
+    destination     => "net:${backup_host}",
+    proto           => 'tcp',
+    destinationport => 'ssh',
+    order           => 240,
+    action          => 'ACCEPT';
+  }
 }

diff --git a/manifests/rules/out/munin.pp b/manifests/rules/out/munin.pp
index 7b0a0150c58b8680bb857a8c961934ffcb003df4..004a3d5bad64c70c319e79f001bb9f1dae20d8f7 100644 (file)
--- a/manifests/rules/out/munin.pp
+++ b/manifests/rules/out/munin.pp
@@ -1,10 +1,10 @@
 class shorewall::rules::out::munin {
-    shorewall::rule { 'me-net-rcp_muninhost':
-        source          => '$FW',
-        destination     => 'net',
-        proto           => 'tcp',
-        destinationport => '4949',
-        order           => 340,
-        action          => 'ACCEPT';
-    }
+  shorewall::rule { 'me-net-rcp_muninhost':
+    source          => '$FW',
+    destination     => 'net',
+    proto           => 'tcp',
+    destinationport => '4949',
+    order           => 340,
+    action          => 'ACCEPT';
+  }
 }

diff --git a/manifests/rules/out/puppet.pp b/manifests/rules/out/puppet.pp
index 5cd4643cf74de3a9ba8c3ddcd736b0b4cc188cbb..cbe8cce730f971c97395ce6bb51f19f57ec974b5 100644 (file)
--- a/manifests/rules/out/puppet.pp
+++ b/manifests/rules/out/puppet.pp
@@ -1,12 +1,20 @@
-class shorewall::rules::out::puppet {
-    include ::shorewall::rules::puppet
-    # we want to connect to the puppet server
-    shorewall::rule { 'me-net-puppet_tcp':
-        source          =>      '$FW',
-        destination     =>      'net:$PUPPETSERVER',
-        proto           =>      'tcp',
-        destinationport =>      '$PUPPETSERVER_PORT,$PUPPETSERVER_SIGN_PORT',
-        order           =>      340,
-        action          =>      'ACCEPT';
-    }
+class shorewall::rules::out::puppet(
+  $puppetserver = "puppet.${::domain}",
+  $puppetserver_port = 8140,
+  $puppetserver_signport = 8141
+) {
+  class{'shorewall::rules::puppet':
+    puppetserver          => $puppetserver,
+    puppetserver_port     => $puppetserver_port,
+    puppetserver_signport => $puppetserver_signport,
+  }
+  # we want to connect to the puppet server
+  shorewall::rule { 'me-net-puppet_tcp':
+    source          =>      '$FW',
+    destination     =>      'net:$PUPPETSERVER',
+    proto           =>      'tcp',
+    destinationport =>      '$PUPPETSERVER_PORT,$PUPPETSERVER_SIGN_PORT',
+    order           =>      340,
+    action          =>      'ACCEPT';
+  }
 }

diff --git a/manifests/rules/puppet.pp b/manifests/rules/puppet.pp
index c6fc09b3e1b1d7009697a4b40e0ad47543ba5411..84e7d8133c9213b88af97557e30f57e7468601be 100644 (file)
--- a/manifests/rules/puppet.pp
+++ b/manifests/rules/puppet.pp
@@ -1,11 +1,11 @@
 class shorewall::rules::puppet(
-  $puppetserver = hiera('shorewall_puppetserver',"puppet.${domain}"),
-  $puppetserver_port = hiera('shorewall_puppetserver_port',8140) ,
-  $puppetserver_signport = hiera('shorewall_puppetserver_signport',8141) ,
-) {
+  $puppetserver = "puppet.${::domain}",
+  $puppetserver_port = 8140,
+  $puppetserver_signport = 8141
+){
   shorewall::params{
-        'PUPPETSERVER':             value => $puppetserver;
-        'PUPPETSERVER_PORT':        value => $puppetserver_port;
-        'PUPPETSERVER_SIGN_PORT':   value => $puppetserver_signport;
+    'PUPPETSERVER':             value => $puppetserver;
+    'PUPPETSERVER_PORT':        value => $puppetserver_port;
+    'PUPPETSERVER_SIGN_PORT':   value => $puppetserver_signport;
   }
 }

diff --git a/manifests/rules/ssh.pp b/manifests/rules/ssh.pp
index 3b7efa2271a4ee9d129249a996727eeb39439c04..3a1b5309b5200a14b606ab6cfc2118fa20156fcb 100644 (file)
--- a/manifests/rules/ssh.pp
+++ b/manifests/rules/ssh.pp
@@ -1,6 +1,6 @@
 class shorewall::rules::ssh(
   $ports,
-  $source = hiera('shorewall_ssh_in_source','net')
+  $source = 'net'
 ) {
   shorewall::rule { 'net-me-tcp_ssh':
     source          => $shorewall::rules::ssh::source,