Révision 0b7bcb5d
Align filemode on RedHat to distro default
The RPM acutally ships the configuration and directory with
0600/0700 while this module sets the mode to 0640/0750.
However, this has the drawback that on new nftables RPM versions,
we are setting it back to the modules mode and triggering an nft
validate.
| manifests/init.pp | ||
|---|---|---|
| 96 | 96 |
# @param echo |
| 97 | 97 |
# Path to the echo binary |
| 98 | 98 |
# |
| 99 |
# @param default_config_mode |
|
| 100 |
# The default file & dir mode for configuration files and directories. The |
|
| 101 |
# default varies depending on the system, and is set in the module's data. |
|
| 102 |
# |
|
| 99 | 103 |
class nftables ( |
| 100 | 104 |
Boolean $in_ssh = true, |
| 101 | 105 |
Boolean $in_icmp = true, |
| ... | ... | |
| 120 | 124 |
Stdlib::Unixpath $echo, |
| 121 | 125 |
Stdlib::Unixpath $configuration_path, |
| 122 | 126 |
Stdlib::Unixpath $nft_path, |
| 127 |
Stdlib::Filemode $default_config_mode, |
|
| 123 | 128 |
) {
|
| 124 | 129 |
package { 'nftables':
|
| 125 | 130 |
ensure => installed, |
| ... | ... | |
| 132 | 137 |
default: |
| 133 | 138 |
owner => 'root', |
| 134 | 139 |
group => 'root', |
| 135 |
mode => '0640';
|
|
| 140 |
mode => $default_config_mode;
|
|
| 136 | 141 |
'/etc/nftables': |
| 137 | 142 |
ensure => directory, |
| 138 |
mode => '0750';
|
|
| 143 |
mode => $default_config_mode;
|
|
| 139 | 144 |
'/etc/nftables/puppet-preflight': |
| 140 | 145 |
ensure => directory, |
| 141 |
mode => '0750',
|
|
| 146 |
mode => $default_config_mode,
|
|
| 142 | 147 |
purge => true, |
| 143 | 148 |
force => true, |
| 144 | 149 |
recurse => true; |
| ... | ... | |
| 158 | 163 |
default: |
| 159 | 164 |
owner => 'root', |
| 160 | 165 |
group => 'root', |
| 161 |
mode => '0640';
|
|
| 166 |
mode => $default_config_mode;
|
|
| 162 | 167 |
'/etc/nftables/puppet.nft': |
| 163 | 168 |
ensure => file, |
| 164 | 169 |
content => epp('nftables/config/puppet.nft.epp', {
|
| ... | ... | |
| 169 | 174 |
); |
| 170 | 175 |
'/etc/nftables/puppet': |
| 171 | 176 |
ensure => directory, |
| 172 |
mode => '0750',
|
|
| 177 |
mode => $default_config_mode,
|
|
| 173 | 178 |
purge => true, |
| 174 | 179 |
force => true, |
| 175 | 180 |
recurse => true; |
Formats disponibles : Unified diff