Projet

Général

Profil

Révision 0c9bc308

ID0c9bc3084e3f6ee8dbbd9e2c8d3564fb150ee61d
Parent d8b8b3f4
Enfant c3145917

Ajouté par hashworks il y a environ 3 ans

Add support for Arch Linux

Arch Linux stores the configuration in a different path and does not
provide firewalld without explicit installation.

This basically the same as #66 – I've reused their code since it hasn't
been merged in a while.

Voir les différences:

spec/acceptance/default_spec.rb
11 11 
      class { 'nftables':
12 12 
        firewalld_enable => false,
13 13 
      }
14 
      $config_path = case $facts['os']['family'] {
15 
        'Archlinux': {
16 
          '/etc/nftables.conf'
17 
        }
18 
        default: {
19 
          '/etc/sysconfig/nftables.conf'
20 
        }
21 
      }
14 22 
      # nftables cannot be started in docker so replace service with a validation only.
15 23 
      systemd::dropin_file{"zzz_docker_nft.conf":
16 24 
        ensure  => present,
......
18 26 
        content => [
19 27 
          "[Service]",
20 28 
          "ExecStart=",
21 
          "ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f /etc/sysconfig/nftables.conf",
29 
          "ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
22 30 
          "ExecReload=",
23 
          "ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f /etc/sysconfig/nftables.conf",
31 
          "ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
24 32 
          "",
25 33 
          ].join("\n"),
26 34 
        notify  => Service["nftables"],
......
58 66 
      nftables::rule{'default_out-junk':
59 67 
        content => 'A load of junk',
60 68 
      }
69 
      $config_path = case $facts['os']['family'] {
70 
        'Archlinux': {
71 
          '/etc/nftables.conf'
72 
        }
73 
        default: {
74 
          '/etc/sysconfig/nftables.conf'
75 
        }
76 
      }
61 77 
      # nftables cannot be started in docker so replace service with a validation only.
62 78 
      systemd::dropin_file{"zzz_docker_nft.conf":
63 79 
        ensure  => present,
......
65 81 
        content => [
66 82 
          "[Service]",
67 83 
          "ExecStart=",
68 
          "ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f /etc/sysconfig/nftables.conf",
84 
          "ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
69 85 
          "ExecReload=",
70 
          "ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f /etc/sysconfig/nftables.conf",
86 
          "ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
71 87 
          "",
72 88 
          ].join("\n"),
73 89 
        notify  => Service["nftables"],
......
90 106 
        inet_filter => false,
91 107 
        nat => false,
92 108 
      }
109 
      $config_path = case $facts['os']['family'] {
110 
        'Archlinux': {
111 
          '/etc/nftables.conf'
112 
        }
113 
        default: {
114 
          '/etc/sysconfig/nftables.conf'
115 
        }
116 
      }
93 117 
      # nftables cannot be started in docker so replace service with a validation only.
94 118 
      systemd::dropin_file{"zzz_docker_nft.conf":
95 119 
        ensure  => present,
......
97 121 
        content => [
98 122 
          "[Service]",
99 123 
          "ExecStart=",
100 
          "ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f /etc/sysconfig/nftables.conf",
124 
          "ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
101 125 
          "ExecReload=",
102 
          "ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f /etc/sysconfig/nftables.conf",
126 
          "ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
103 127 
          "",
104 128 
          ].join("\n"),
105 129 
        notify  => Service["nftables"],
......
122 146 
        nat => true,
123 147 
        nat_table_name => 'mycustomtablename',
124 148 
      }
149 
      $config_path = case $facts['os']['family'] {
150 
        'Archlinux': {
151 
          '/etc/nftables.conf'
152 
        }
153 
        default: {
154 
          '/etc/sysconfig/nftables.conf'
155 
        }
156 
      }
125 157 
      # nftables cannot be started in docker so replace service with a validation only.
126 158 
      systemd::dropin_file{"zzz_docker_nft.conf":
127 159 
        ensure  => present,
......
129 161 
        content => [
130 162 
          "[Service]",
131 163 
          "ExecStart=",
132 
          "ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f /etc/sysconfig/nftables.conf",
164 
          "ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
133 165 
          "ExecReload=",
134 
          "ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f /etc/sysconfig/nftables.conf",
166 
          "ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
135 167 
          "",
136 168 
          ].join("\n"),
137 169 
        notify  => Service["nftables"],

Formats disponibles : Unified diff