/manifests/config.pp - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / manifests / config.pp @ 04176b0e

Historique | Voir | Annoter | Télécharger (1,6 ko)

1	0ba57c66	mh	# manage a config snippet
2	11bf7237	Steve Traylen	define nftables::config (
3	c5418fd3	Nacho Barrientos	Pattern[/^\w+-\w+$/] $tablespec = $title,
4	31b17627	Steve Traylen	Optional[String] $content = undef,
5			Optional[Variant[String,Array[String,1]]] $source = undef,
6	948ebc98	Nacho Barrientos	String $prefix = 'custom-',
7	11bf7237	Steve Traylen	) {
8	294a38ff	Nacho Barrientos	if $content and $source {
9			fail('Please pass only $content or $source, not both.')
10			}
11
12	e4c32222	Nacho Barrientos	$concat_name = "nftables-${name}"
13
14	11bf7237	Steve Traylen	Package['nftables'] -> concat {
15	e4c32222	Nacho Barrientos	$concat_name:
16	948ebc98	Nacho Barrientos	path => "/etc/nftables/puppet-preflight/${prefix}${name}.nft",
17	e4c32222	Nacho Barrientos	ensure_newline => true,
18			owner => root,
19			group => root,
20			mode => '0640',
21	11bf7237	Steve Traylen	} ~> Exec['nft validate'] -> file {
22	948ebc98	Nacho Barrientos	"/etc/nftables/puppet/${prefix}${name}.nft":
23	11bf7237	Steve Traylen	ensure => file,
24	948ebc98	Nacho Barrientos	source => "/etc/nftables/puppet-preflight/${prefix}${name}.nft",
25	11bf7237	Steve Traylen	owner => root,
26			group => root,
27			mode => '0640',
28	0ba57c66	mh	} ~> Service['nftables']
29
30	e4c32222	Nacho Barrientos	$data = split($name, '-')
31
32			concat::fragment {
33			"${concat_name}-header":
34			target => $concat_name,
35			order => '00',
36			content => "table ${data[0]} ${data[1]} {",
37			}
38
39	0ba57c66	mh	if $source {
40	e4c32222	Nacho Barrientos	concat::fragment {
41			"${concat_name}-body":
42			target => $concat_name,
43			order => 98,
44			source => $source,
45	0ba57c66	mh	}
46			} else {
47	fcb1d356	Nacho Barrientos	if $content {
48			$_content = $content
49			} else {
50			$_content = " include \"${name}-chain-*.nft\""
51			}
52	e4c32222	Nacho Barrientos	concat::fragment {
53			"${concat_name}-body":
54			target => $concat_name,
55			order => '98',
56	fcb1d356	Nacho Barrientos	content => $_content,
57	0ba57c66	mh	}
58			}
59	e4c32222	Nacho Barrientos
60			concat::fragment {
61			"${concat_name}-footer":
62			target => $concat_name,
63			order => '99',
64			content => '}',
65			}
66	0ba57c66	mh	}

Projet

Général

Profil

puppet nftables

root / manifests / config.pp @ 04176b0e