/manifests/rule.pp - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / manifests / rule.pp @ 11bf7237

Historique | Voir | Annoter | Télécharger (1,19 ko)

1	8efbdf9a	tr	# manage a chain rule
2	0ba57c66	mh	# Name should be:
3	a534e044	mh	# CHAIN_NAME-rulename
4	11bf7237	Steve Traylen	define nftables::rule (
5	0ba57c66	mh	Enum['present','absent']
6	11bf7237	Steve Traylen	$ensure = 'present',
7	a074dec2	tr	Pattern[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(-\d+)?$/]
8	11bf7237	Steve Traylen	$rulename = $title,
9	0ba57c66	mh	Pattern[/^\d\d$/]
10	11bf7237	Steve Traylen	$order = '50',
11	0ba57c66	mh	Optional[String]
12	11bf7237	Steve Traylen	$table = 'inet-filter',
13	8efbdf9a	tr	Optional[String]
14	11bf7237	Steve Traylen	$content = undef,
15	0ba57c66	mh	Optional[Variant[String,Array[String,1]]]
16	11bf7237	Steve Traylen	$source = undef,
17			) {
18	0ba57c66	mh	if $ensure == 'present' {
19	8efbdf9a	tr	$data = split($rulename, '-')
20
21	18ec6f48	tr	if $data[2] {
22			$fragment = "nftables-${table}-chain-${data[0]}-rule-${data[1]}-${data[2]}"
23			} else {
24			$fragment = "nftables-${table}-chain-${data[0]}-rule-${data[1]}"
25			}
26
27	11bf7237	Steve Traylen	concat::fragment { "${fragment}_header":
28	e53053ce	Steve Traylen	content => "# Start of fragment order:${order} rulename:${rulename}",
29	61f03b47	Steve Traylen	order => "${order}-${fragment}-a",
30	e53053ce	Steve Traylen	target => "nftables-${table}-chain-${data[0]}",
31			}
32
33	11bf7237	Steve Traylen	concat::fragment {
34	18ec6f48	tr	$fragment:
35	61f03b47	Steve Traylen	order => "${order}-${fragment}-b",
36	8efbdf9a	tr	target => "nftables-${table}-chain-${data[0]}",
37	0ba57c66	mh	}
38
39			if $content {
40	11bf7237	Steve Traylen	Concat::Fragment[$fragment] {
41	0ba57c66	mh	content => " ${content}",
42			}
43			} else {
44	11bf7237	Steve Traylen	Concat::Fragment[$fragment] {
45	0ba57c66	mh	source => $source,
46			}
47			}
48			}
49			}

Projet

Général

Profil

puppet nftables

root / manifests / rule.pp @ 11bf7237