Hiera 5 migration

diff --git a/manifests/init.pp b/manifests/init.pp
index c812955ce88ea222f99d34c09366bb991868132a..c7608950f018eaee83faf1a7d6d7c017fe50cb5e 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,12 +1,12 @@
 # Firewall definitions for physical servers
 class firewall(
-  $device          = hiera('firewall::device',         'eth0'),
-  $zone            = hiera('firewall::zone',           '-'),
-  $local_net       = hiera('firewall::local_net',      false),
-  $device_options  = hiera('firewall::device_options', 'tcpflags,blacklist,routefilter,nosmurfs,logmartians'),
-  $vm_address      = hiera('firewall::vm_address',     '192.168.0.0/24'),
-  $vm_device       = hiera('firewall::vm_device',      false),
-  $ssh             = hiera('firewall::ssh',            'ACCEPT'),
+  $device          = lookup('firewall::device', undef, undef,         'eth0'),
+  $zone            = lookup('firewall::zone', undef, undef,           '-'),
+  $local_net       = lookup('firewall::local_net', undef, undef,      false),
+  $device_options  = lookup('firewall::device_options', undef, undef, 'tcpflags,blacklist,routefilter,nosmurfs,logmartians'),
+  $vm_address      = lookup('firewall::vm_address', undef, undef,     '192.168.0.0/24'),
+  $vm_device       = lookup('firewall::vm_device', undef, undef,      false),
+  $ssh             = lookup('firewall::ssh', undef, undef,            'ACCEPT'),
 ) {
   class { 'shorewall': }
 
@@ -175,7 +175,7 @@ class firewall(
     destination     => '$FW',
     proto           => '-',
     destinationport => '-',
-    ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
+    ratelimit       => lookup("firewall::ssl_ratelimit", undef, undef, '-'),
     order           => 103,
   }
 

diff --git a/manifests/local.pp b/manifests/local.pp
index 804bce585ca4e9899877cd0595abdcd9f4790b2a..a44b9b86df96839ea7a9a9c97225b6cdef2f2144 100644 (file)
--- a/manifests/local.pp
+++ b/manifests/local.pp
@@ -1,8 +1,8 @@
 class firewall::local(
-  $network          = hiera('firewall::local::network',      '192.168.1.0/24'),
-  $interface        = hiera('firewall::local::interface',    'eth0'),
-  $manage_host      = hiera('firewall::local::manage_host',  true),
-  $manage_interface = hiera('firewall::local::manage_iface', false)
+  $network          = lookup('firewall::local::network', undef, undef,      '192.168.1.0/24'),
+  $interface        = lookup('firewall::local::interface', undef, undef,    'eth0'),
+  $manage_host      = lookup('firewall::local::manage_host', undef, undef,  true),
+  $manage_interface = lookup('firewall::local::manage_iface', undef, undef, false)
 ) {
 
   if $manage_host {

diff --git a/manifests/redirect.pp b/manifests/redirect.pp
index d3785a15d603555b421da8face0eb981cac4b23a..dee9a98ee19c4ae977f18f1e84319eff4e84bc8e 100644 (file)
--- a/manifests/redirect.pp
+++ b/manifests/redirect.pp
@@ -2,7 +2,7 @@ class firewall::redirect::ssh($destinationport) {
   # When the box is in an internal network and we want to provide
   # and external access through a shared real IP, we have to
   # redirect requests coming from another port to port 22.
-  $ip = hiera('firewall::external_ip', $::ipaddress)
+  $ip = lookup('firewall::external_ip', undef, undef, $::ipaddress)
 
   shorewall::rule { "ssh-redirect-1":
     action          => 'DNAT',

diff --git a/manifests/router/torrent.pp b/manifests/router/torrent.pp
index be8007192a529d3fb903c0a6cada8161453d3a25..08f4c7ef507601b1401b012e97dba44f8d9be9d3 100644 (file)
--- a/manifests/router/torrent.pp
+++ b/manifests/router/torrent.pp
@@ -2,7 +2,7 @@ class firewall::router::torrent(
   $destination,
   $zone         = 'loc',
   $originaldest = $ipaddress,
-  $range        = hiera('firewall::torrent::range', '6881:6999')
+  $range        = lookup('firewall::torrent::range', undef, undef, '6881:6999')
 ) {
   shorewall::rule { "torrent-tcp-1":
     action          => 'DNAT',

diff --git a/manifests/shaping.pp b/manifests/shaping.pp
index 63bd464e1cf6cf1db17ccaa709817515dfa874be..277f82c8e85681d3657469cdd9aa752b0a0a2a63 100644 (file)
--- a/manifests/shaping.pp
+++ b/manifests/shaping.pp
@@ -1,7 +1,7 @@
 class firewall::shaping(
-  $device         = hiera('firewall::device',         'eth0'),
-  $in_bandwidth   = hiera('firewall::in_bandwidth',   '1000mbps'),
-  $out_bandwidth  = hiera('firewall::out_bandwidth',  '1000mbps')
+  $device         = lookup('firewall::device', undef, undef,         'eth0'),
+  $in_bandwidth   = lookup('firewall::in_bandwidth', undef, undef,   '1000mbps'),
+  $out_bandwidth  = lookup('firewall::out_bandwidth', undef, undef,  '1000mbps')
 ) {
   #
   # Traffic shaping

diff --git a/manifests/torrent.pp b/manifests/torrent.pp
index e7eb02a29ed2593875005c30a1ab012bbc8bd25e..bc3a914cef3e7950edb6314abfc243c8146b0bb0 100644 (file)
--- a/manifests/torrent.pp
+++ b/manifests/torrent.pp
@@ -1,5 +1,5 @@
 class firewall::torrent(
-  $range = hiera('firewall::torrent::range', '6881:6999')
+  $range = lookup('firewall::torrent::range', undef, undef, '6881:6999')
 ) {
   shorewall::rule { "torrent-tcp":
     action          => 'ACCEPT',

diff --git a/manifests/virtual/dns.pp b/manifests/virtual/dns.pp
index f3899294035c5e46ab62116529a7f3416fd9eab9..1bf3872c09e2ce1a00d151cf74e29db889f14ac2 100644 (file)
--- a/manifests/virtual/dns.pp
+++ b/manifests/virtual/dns.pp
@@ -25,7 +25,7 @@ class firewall::virtual::dns($destination, $zone = 'vm') {
     destination     => "fw:$destination:53",
     proto           => 'tcp',
     destinationport => '53',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 2002,
   }
@@ -46,7 +46,7 @@ class firewall::virtual::dns($destination, $zone = 'vm') {
     destination     => "fw:$destination:53",
     proto           => 'udp',
     destinationport => '53',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 2004,
   }

diff --git a/manifests/virtual/gitd.pp b/manifests/virtual/gitd.pp
index 02c4fb9d352ec0d7e440ab6fb503027c8ee7b3d4..b760f03d6399b5610b1ec4c506257ccd6bf676d2 100644 (file)
--- a/manifests/virtual/gitd.pp
+++ b/manifests/virtual/gitd.pp
@@ -5,7 +5,7 @@ class firewall::virtual::gitd($destination) {
     destination     => "vm:$destination:9418",
     proto           => 'tcp',
     destinationport => '9418',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 800,
   }
@@ -16,7 +16,7 @@ class firewall::virtual::gitd($destination) {
     destination     => "fw:$destination:9418",
     proto           => 'tcp',
     destinationport => '9418',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 801,
   }

diff --git a/manifests/virtual/gobby.pp b/manifests/virtual/gobby.pp
index 162fe1de536ec87dc1abe39c33a6c0245d31850f..cc2c9fefffd9b3ec7a4f0a92754ee30c819e3796 100644 (file)
--- a/manifests/virtual/gobby.pp
+++ b/manifests/virtual/gobby.pp
@@ -5,7 +5,7 @@ class firewall::virtual::gobby($destination) {
     destination     => "fw:$destination:6523",
     proto           => 'tcp',
     destinationport => '6523',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 2400,
   }
@@ -16,7 +16,7 @@ class firewall::virtual::gobby($destination) {
     destination     => "vm:$destination:6523",
     proto           => 'tcp',
     destinationport => '6523',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 2400,
   }

diff --git a/manifests/virtual/http.pp b/manifests/virtual/http.pp
index efd3dca393c7b8c7e01d98ff0df63d6969b30b7f..bb8e232e9dc2f9acc804afaf432c06b43302ded3 100644 (file)
--- a/manifests/virtual/http.pp
+++ b/manifests/virtual/http.pp
@@ -5,7 +5,7 @@ class firewall::virtual::http($destination) {
     destination     => "fw:$destination:80",
     proto           => 'tcp',
     destinationport => '80',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 600,
   }
@@ -16,7 +16,7 @@ class firewall::virtual::http($destination) {
     destination     => "vm:$destination:80",
     proto           => 'tcp',
     destinationport => '80',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 601,
   }

diff --git a/manifests/virtual/https.pp b/manifests/virtual/https.pp
index 36e0c9f7169dc89f630e694975e90fe94bbf7dc3..70a10a46deb00b17ebe67d221a1b62acb202599f 100644 (file)
--- a/manifests/virtual/https.pp
+++ b/manifests/virtual/https.pp
@@ -5,8 +5,8 @@ class firewall::virtual::https($destination) {
     destination     => "fw:$destination:443",
     proto           => 'tcp',
     destinationport => '443',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
-    ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
+    ratelimit       => lookup("firewall::ssl_ratelimit", undef, undef, '-'),
     order           => 602,
   }
 
@@ -16,8 +16,8 @@ class firewall::virtual::https($destination) {
     destination     => "vm:$destination:443",
     proto           => 'tcp',
     destinationport => '443',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
-    ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
+    ratelimit       => lookup("firewall::ssl_ratelimit", undef, undef, '-'),
     order           => 602,
   }
 }

diff --git a/manifests/virtual/icecast.pp b/manifests/virtual/icecast.pp
index 1681f1843b6e583327fb12f6c984ddd14ab8c61f..3c392b6b659034b1305f5fff2ed98087e8d2c698 100644 (file)
--- a/manifests/virtual/icecast.pp
+++ b/manifests/virtual/icecast.pp
@@ -15,7 +15,7 @@ class firewall::virtual::icecast($destination, $zone = 'fw') {
     destination     => "$zone:$destination:8000",
     proto           => 'tcp',
     destinationport => '8000',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 901,
   }

diff --git a/manifests/virtual/jabber.pp b/manifests/virtual/jabber.pp
index 0bba4e9d8845f95da45c1cb1978c00c793b31324..703b9a949f7f2d7d17ebf667b4cbf4ac4cee9d57 100644 (file)
--- a/manifests/virtual/jabber.pp
+++ b/manifests/virtual/jabber.pp
@@ -15,7 +15,7 @@ class firewall::virtual::jabber($destination, $zone = 'fw') {
     destination     => "$zone:$destination:5223",
     proto           => 'tcp',
     destinationport => '5223',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 2201,
   }
@@ -36,7 +36,7 @@ class firewall::virtual::jabber($destination, $zone = 'fw') {
     destination     => "$zone:$destination:4369",
     proto           => 'tcp',
     destinationport => '4369',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 2203,
   }
@@ -47,7 +47,7 @@ class firewall::virtual::jabber($destination, $zone = 'fw') {
     destination     => "$zone:$destination:4370",
     proto           => 'tcp',
     destinationport => '4370:4375',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 2204,
   }

diff --git a/manifests/virtual/mail.pp b/manifests/virtual/mail.pp
index 75eec5f57633c96bde77cdb4a699b245f923c4b5..c16f8984fca8724298169727c0e12f894a5732d6 100644 (file)
--- a/manifests/virtual/mail.pp
+++ b/manifests/virtual/mail.pp
@@ -5,7 +5,7 @@ class firewall::virtual::mail($destination) {
     destination     => "fw:$destination:25",
     proto           => 'tcp',
     destinationport => '25',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 1000,
   }
@@ -16,7 +16,7 @@ class firewall::virtual::mail($destination) {
     destination     => "vm:$destination:25",
     proto           => 'tcp',
     destinationport => '25',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 1001,
   }
@@ -27,8 +27,8 @@ class firewall::virtual::mail($destination) {
     destination     => "fw:$destination:993",
     proto           => 'tcp',
     destinationport => '993',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
-    ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
+    ratelimit       => lookup("firewall::ssl_ratelimit", undef, undef, '-'),
     order           => 1002,
   }
 
@@ -38,8 +38,8 @@ class firewall::virtual::mail($destination) {
     destination     => "vm:$destination:993",
     proto           => 'tcp',
     destinationport => '993',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
-    ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
+    ratelimit       => lookup("firewall::ssl_ratelimit", undef, undef, '-'),
     order           => 1003,
   }
 
@@ -49,8 +49,8 @@ class firewall::virtual::mail($destination) {
     destination     => "fw:$destination:587",
     proto           => 'tcp',
     destinationport => '587',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
-    ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
+    ratelimit       => lookup("firewall::ssl_ratelimit", undef, undef, '-'),
     order           => 1004,
   }
 
@@ -60,8 +60,8 @@ class firewall::virtual::mail($destination) {
     destination     => "vm:$destination:587",
     proto           => 'tcp',
     destinationport => '587',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
-    ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
+    ratelimit       => lookup("firewall::ssl_ratelimit", undef, undef, '-'),
     order           => 1005,
   }
 }

diff --git a/manifests/virtual/mumble.pp b/manifests/virtual/mumble.pp
index 45ab393def20c5a1c497dd0f2e13631560476d9e..b523dcae4cb10b20f0f8250271e3f0dee7b2d231 100644 (file)
--- a/manifests/virtual/mumble.pp
+++ b/manifests/virtual/mumble.pp
@@ -15,7 +15,7 @@ class firewall::virtual::mumble($destination, $zone = 'fw') {
     destination     => "$zone:$destination:64738",
     proto           => 'udp',
     destinationport => '64738',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 2301,
   }

diff --git a/manifests/virtual/munin.pp b/manifests/virtual/munin.pp
index b8bfce18b6c1fe3b6082e252c31cf62f7e3863c4..79514c61836f70c285b1ab0b8d0685aee72c3b5f 100644 (file)
--- a/manifests/virtual/munin.pp
+++ b/manifests/virtual/munin.pp
@@ -21,7 +21,7 @@ define firewall::virtual::munin($destination, $port_orig, $port_dest = '', $orde
     },
     proto           => 'tcp',
     destinationport => "$port_orig",
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => $order,
   }

diff --git a/manifests/virtual/ssh.pp b/manifests/virtual/ssh.pp
index 4832b58004a7c2f63405753973847eb530c1dcf6..7ad93fce139e990aa00a3cfb5158c963d5db779a 100644 (file)
--- a/manifests/virtual/ssh.pp
+++ b/manifests/virtual/ssh.pp
@@ -21,7 +21,7 @@ define firewall::virtual::ssh($destination, $port_orig = '22', $port_dest = '',
     },
     proto           => 'tcp',
     destinationport => "$port_orig",
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => "2$port_orig",
   }

diff --git a/manifests/virtual/tor.pp b/manifests/virtual/tor.pp
index f4a1cb6098b1aad60a161b4ce1b3057d75f6883b..7cca6d6702361a22c2ac2a4e9c40a9877ef64955 100644 (file)
--- a/manifests/virtual/tor.pp
+++ b/manifests/virtual/tor.pp
@@ -15,7 +15,7 @@ class firewall::virtual::tor($destination, $zone = 'vm') {
     destination     => "fw:$destination:9000",
     proto           => 'tcp',
     destinationport => '9000',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 2101,
   }
@@ -36,7 +36,7 @@ class firewall::virtual::tor($destination, $zone = 'vm') {
     destination     => "fw:$destination:9001",
     proto           => 'tcp',
     destinationport => '9001',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 2103,
   }
@@ -57,7 +57,7 @@ class firewall::virtual::tor($destination, $zone = 'vm') {
     destination     => "fw:$destination:9100",
     proto           => 'tcp',
     destinationport => '9100',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 2105,
   }
@@ -78,7 +78,7 @@ class firewall::virtual::tor($destination, $zone = 'vm') {
     destination     => "fw:$destination:9101",
     proto           => 'tcp',
     destinationport => '9101',
-    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
     ratelimit       => '-',
     order           => 2107,
   }