Changing class firewall::local to use hiera

author Silvio Rhatto <rhatto@riseup.net>

Wed, 23 Jan 2013 13:12:23 +0000 (11:12 -0200)

committer Silvio Rhatto <rhatto@riseup.net>

Wed, 23 Jan 2013 13:12:23 +0000 (11:12 -0200)
author Silvio Rhatto <rhatto@riseup.net>
Wed, 23 Jan 2013 13:12:23 +0000 (11:12 -0200)
committer Silvio Rhatto <rhatto@riseup.net>
Wed, 23 Jan 2013 13:12:23 +0000 (11:12 -0200)
diff --git a/manifests/host.pp b/manifests/host.pp

index 9464e967abc21ef005bdcd1433d5dbdb5dd0aa9a..c7af23a8e2b0200482965a8272b532df06217838 100644 (file)
--- a/manifests/host.pp
+++ b/manifests/host.pp
@@ -11,7 +11,7 @@ class nodo::host inherits nodo {
    class { 'syslog-ng': }
  
    # Firewall configuration
-  include firewall
+  class { 'firewall': }
  
    # Vserver configuration
    $vserver_vdirbase = "/var/vservers"
diff --git a/manifests/plug.pp b/manifests/plug.pp

index 58aa844784ebbc889f98fc195ee945aa4230a5da..74c7d78e5125db9da692c22e32c9292f3b6483b8 100644 (file)
--- a/manifests/plug.pp
+++ b/manifests/plug.pp
@@ -2,11 +2,12 @@ class nodo::plug inherits nodo {
    include ntpdate
    include syslog-ng
    include utils::plug
-  include firewall
    include sysctl
    include resolver
    include monkeysphere_nodo
  
+  class { 'firewall': }
+
    backupninja::sys { "sys":
      ensure     => present,
    }
diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp

index 293b827f24e397fa9100806e9fe2e0ae122f126a..59bc1f13c3073eb493330dd48783d15870902ad3 100644 (file)
--- a/manifests/subsystems/firewall.pp
+++ b/manifests/subsystems/firewall.pp
@@ -1,8 +1,10 @@
  # firewall definitions for physical servers
-class firewall {
+class firewall(
+  $local_net = hiera('firewall::local_net',              false),
+) {
    class { 'shorewall': }
  
-  $rfc1918 = $shorewall_local_net ? {
+  $rfc1918 = $local_net ? {
      true    => true,
      false   => false,
      default => false,
@@ -201,12 +203,7 @@ class firewall {
      options   => "default",
    }
  
-  if $shorewall_local_net {
-    class { "firewall::local":
-      network          => $shorewall_local_net_network,
-      interface        => $shorewall_local_net_iface,
-      manage_host      => $shorewall_local_net_manage_host,
-      manage_interface => $shorewall_local_net_manage_iface,
-    }
+  if $local_net {
+    class { "firewall::local": }
    }
  }
diff --git a/manifests/subsystems/firewall/local.pp b/manifests/subsystems/firewall/local.pp

index d998b8e09fcf256d054cb5da8727bd8abe66077a..f24ac0c035261b979309fc9115545395bbeca703 100644 (file)
--- a/manifests/subsystems/firewall/local.pp
+++ b/manifests/subsystems/firewall/local.pp
@@ -1,4 +1,9 @@
-class firewall::local($network = '192.168.1.0/24', $interface = 'eth0', $manage_host = true, $manage_interface = false) {
+class firewall::local(
+  $network          = hiera('firewall::local::network,       '192.168.1.0/24'),
+  $interface        = hiera('firewall::local::interface',    'eth0'),
+  $manage_host      = hiera('firewall::local::manage_host',  True),
+  $manage_interface = hiera('firewall::local::manage_iface,  false)
+) {
  
    if $manage_host {
      shorewall::host { "$interface-loc":
author	Silvio Rhatto <rhatto@riseup.net>
	Wed, 23 Jan 2013 13:12:23 +0000 (11:12 -0200)
committer	Silvio Rhatto <rhatto@riseup.net>
	Wed, 23 Jan 2013 13:12:23 +0000 (11:12 -0200)
manifests/host.pp		patch \| blob \| history
manifests/plug.pp		patch \| blob \| history
manifests/subsystems/firewall.pp		patch \| blob \| history
manifests/subsystems/firewall/local.pp		patch \| blob \| history