Projet

Général

Profil

Révision 008c95d7

ID008c95d75ced5a8eb679aaac279dd25554266168
Parent 462a783f
Enfant 8647ee9e

Ajouté par Kienan Stewart il y a presque 3 ans

Add Debian support

Voir les différences:

data/os/Archlinux.yaml
5 5 

  		




  6
  6
  
    
nftables::configuration_path: /etc/nftables.conf


  		




  7
  7
  
    
nftables::nft_path: /usr/bin/nft


  		




  
  8
  
    
nftables::echo: /usr/bin/echo


  		












  

    
      data/os/Debian.yaml
    
  





  
  1
  
    
---


  		




  
  2
  
    

  		




  
  3
  
    
# firewalld is not installed by default in Debian


  		




  
  4
  
    
nftables::firewalld_enable: false


  		




  
  5
  
    
nftables::echo: /bin/echo


  		




  
  6
  
    
nftables::configuration_path: /etc/nftables.conf


  		




  
  7
  
    
nftables::nft_path: /usr/sbin/nft


  		












  

    
      data/os/RedHat.yaml
    
  





  1
  1
  
    
---


  		




  2
  2
  
    
nftables::nft_path: /usr/sbin/nft


  		




  
  3
  
    
nftables::echo: /usr/bin/echo


  		












  

    
      manifests/init.pp
    
  





  117
  117
  
    
  Variant[Boolean[false], Pattern[/icmp(v6|x)? type .+|tcp reset/]] $reject_with = 'icmpx type port-unreachable',


  		




  118
  118
  
    
  Variant[Boolean[false], Enum['mask']] $firewalld_enable = 'mask',


  		




  119
  119
  
    
  Optional[Array[Pattern[/^(ip|ip6|inet)-[-a-zA-Z0-9_]+$/],1]] $noflush_tables = undef,


  		




  120
  
  
    
  Stdlib::Unixpath $echo = '/usr/bin/echo',


  		




  
  120
  
    
  Stdlib::Unixpath $echo,


  		




  121
  121
  
    
  Stdlib::Unixpath $configuration_path,


  		




  122
  122
  
    
  Stdlib::Unixpath $nft_path,


  		




  123
  123
  
    
) {


  		












  

    
      metadata.json
    
  





  51
  51
  
    
    },


  		




  52
  52
  
    
    {


  		




  53
  53
  
    
      "operatingsystem": "Archlinux"


  		




  
  54
  
    
    },


  		




  
  55
  
    
    {


  		




  
  56
  
    
      "operatingsystem": "Debian",


  		




  
  57
  
    
      "operatingsystemrelease": [


  		




  
  58
  
    
        "11"


  		




  
  59
  
    
      ]


  		




  54
  60
  
    
    }


  		




  55
  61
  
    
  ],


  		




  56
  62
  
    
  "requirements": [


  		












  

    
      spec/acceptance/all_rules_spec.rb
    
  





  80
  80
  
    
      }


  		




  81
  81
  
    
      $config_path = $facts['os']['family'] ? {


  		




  82
  82
  
    
        'Archlinux' => '/etc/nftables.conf',


  		




  
  83
  
    
        'Debian' => '/etc/nftables.conf',


  		




  83
  84
  
    
        default => '/etc/sysconfig/nftables.conf',


  		




  84
  85
  
    
      }


  		




  85
  86
  
    
      $nft_path = $facts['os']['family'] ? {


  		












  

    
      spec/acceptance/default_spec.rb
    
  





  13
  13
  
    
      }


  		




  14
  14
  
    
      $config_path = $facts['os']['family'] ? {


  		




  15
  15
  
    
        'Archlinux' => '/etc/nftables.conf',


  		




  
  16
  
    
        'Debian' => '/etc/nftables.conf',


  		




  16
  17
  
    
        default => '/etc/sysconfig/nftables.conf',


  		




  17
  18
  
    
      }


  		




  18
  19
  
    
      $nft_path = $facts['os']['family'] ? {


  		




  ......




  68
  69
  
    
      }


  		




  69
  70
  
    
      $config_path = $facts['os']['family'] ? {


  		




  70
  71
  
    
        'Archlinux' => '/etc/nftables.conf',


  		




  
  72
  
    
        'Debian' => '/etc/nftables.conf',


  		




  71
  73
  
    
        default => '/etc/sysconfig/nftables.conf',


  		




  72
  74
  
    
      }


  		




  73
  75
  
    
      $nft_path = $facts['os']['family'] ? {


  		




  ......




  108
  110
  
    
      }


  		




  109
  111
  
    
      $config_path = $facts['os']['family'] ? {


  		




  110
  112
  
    
        'Archlinux' => '/etc/nftables.conf',


  		




  
  113
  
    
        'Debian' => '/etc/nftables.conf',


  		




  111
  114
  
    
        default => '/etc/sysconfig/nftables.conf',


  		




  112
  115
  
    
      }


  		




  113
  116
  
    
      $nft_path = $facts['os']['family'] ? {


  		




  ......




  148
  151
  
    
      }


  		




  149
  152
  
    
      $config_path = $facts['os']['family'] ? {


  		




  150
  153
  
    
        'Archlinux' => '/etc/nftables.conf',


  		




  
  154
  
    
        'Debian' => '/etc/nftables.conf',


  		




  151
  155
  
    
        default => '/etc/sysconfig/nftables.conf',


  		




  152
  156
  
    
      }


  		




  153
  157
  
    
      $nft_path = $facts['os']['family'] ? {


  		












  

    
      spec/classes/nftables_spec.rb
    
  





  15
  15
  
    
                 else


  		




  16
  16
  
    
                   '/usr/sbin/nft'


  		




  17
  17
  
    
                 end


  		




  
  18
  
    
      nft_config = case os_facts[:os]['family']


  		




  
  19
  
    
                   when 'RedHat'


  		




  
  20
  
    
                     '/etc/sysconfig/nftables.conf'


  		




  
  21
  
    
                   else


  		




  
  22
  
    
                     '/etc/nftables.conf'


  		




  
  23
  
    
                   end


  		




  18
  24
  
    

  		




  19
  25
  
    
      it { is_expected.to compile.with_all_deps }


  		




  20
  26
  
    

  		




  ......




  89
  95
  
    
        )


  		




  90
  96
  
    
      }


  		




  91
  97
  
    

  		




  92
  
  
    
      if os_facts[:os]['family'] == 'Archlinux'


  		




  93
  
  
    
        it {


  		




  94
  
  
    
          expect(subject).to contain_systemd__dropin_file('puppet_nft.conf').with(


  		




  95
  
  
    
            content: %r{^ExecReload=#{nft_path} -I /etc/nftables/puppet -f /etc/nftables.conf$}


  		




  96
  
  
    
          )


  		




  97
  
  
    
        }


  		




  
  98
  
    
      it {


  		




  
  99
  
    
        expect(subject).to contain_systemd__dropin_file('puppet_nft.conf').with(


  		




  
  100
  
    
          content: %r{^ExecReload=#{nft_path} -I /etc/nftables/puppet -f #{nft_config}$}


  		




  
  101
  
    
        )


  		




  
  102
  
    
      }


  		




  
  103
  
    

  		




  
  104
  
    
      case os_facts[:os]['family']


  		




  
  105
  
    
      when 'Archlinux'


  		




  98
  106
  
    

  		




  99
  107
  
    
        it {


  		




  100
  108
  
    
          expect(subject).to contain_service('firewalld').with(


  		




  ......




  102
  110
  
    
            enable: false


  		




  103
  111
  
    
          )


  		




  104
  112
  
    
        }


  		




  105
  
  
    
      else


  		




  
  113
  
    
      when 'Debian'


  		




  106
  114
  
    
        it {


  		




  107
  
  
    
          expect(subject).to contain_systemd__dropin_file('puppet_nft.conf').with(


  		




  108
  
  
    
            content: %r{^ExecReload=#{nft_path} -I /etc/nftables/puppet -f /etc/sysconfig/nftables.conf$}


  		




  
  115
  
    
          is_expected.to contain_service('firewalld').with(


  		




  
  116
  
    
            ensure: 'stopped',


  		




  
  117
  
    
            enable: false


  		




  109
  118
  
    
          )


  		




  110
  119
  
    
        }


  		




  111
  
  
    

  		




  
  120
  
    
      else


  		




  112
  121
  
    
        it {


  		




  113
  122
  
    
          expect(subject).to contain_service('firewalld').with(


  		




  114
  123
  
    
            ensure: 'stopped',


  		












Formats disponibles :  Unified diff