root / manifests / set.pp @ 11bf7237
Historique | Voir | Annoter | Télécharger (1,91 ko)
| 1 | 20b96360 | Nacho Barrientos | # manage a named set |
|---|---|---|---|
| 2 | 11bf7237 | Steve Traylen | define nftables::set ( |
| 3 | 20b96360 | Nacho Barrientos | Enum['present','absent'] |
| 4 | 11bf7237 | Steve Traylen | $ensure = 'present', |
| 5 | 7bb485c5 | Nacho Barrientos | Pattern[/^[-a-zA-Z0-9_]+$/] |
| 6 | 11bf7237 | Steve Traylen | $setname = $title, |
| 7 | 20b96360 | Nacho Barrientos | Pattern[/^\d\d$/] |
| 8 | 11bf7237 | Steve Traylen | $order = '10', |
| 9 | 9f0498e3 | Nacho Barrientos | Optional[Enum['ipv4_addr', 'ipv6_addr', 'ether_addr', 'inet_proto', 'inet_service', 'mark']] |
| 10 | 11bf7237 | Steve Traylen | $type = undef, |
| 11 | 20b96360 | Nacho Barrientos | String |
| 12 | 11bf7237 | Steve Traylen | $table = 'inet-filter', |
| 13 | 20b96360 | Nacho Barrientos | Array[Enum['constant', 'dynamic', 'interval', 'timeout'], 0, 4] |
| 14 | 11bf7237 | Steve Traylen | $flags = [], |
| 15 | 20b96360 | Nacho Barrientos | Optional[Integer] |
| 16 | 11bf7237 | Steve Traylen | $timeout = undef, |
| 17 | 20b96360 | Nacho Barrientos | Optional[Integer] |
| 18 | 11bf7237 | Steve Traylen | $gc_interval = undef, |
| 19 | 20b96360 | Nacho Barrientos | Optional[Array[String]] |
| 20 | 11bf7237 | Steve Traylen | $elements = undef, |
| 21 | 20b96360 | Nacho Barrientos | Optional[Integer] |
| 22 | 11bf7237 | Steve Traylen | $size = undef, |
| 23 | 20b96360 | Nacho Barrientos | Optional[Enum['performance', 'memory']] |
| 24 | 11bf7237 | Steve Traylen | $policy = undef, |
| 25 | 20b96360 | Nacho Barrientos | Boolean |
| 26 | 11bf7237 | Steve Traylen | $auto_merge = false, |
| 27 | 20b96360 | Nacho Barrientos | Optional[String] |
| 28 | 11bf7237 | Steve Traylen | $content = undef, |
| 29 | 20b96360 | Nacho Barrientos | Optional[Variant[String,Array[String,1]]] |
| 30 | 11bf7237 | Steve Traylen | $source = undef, |
| 31 | ) {
|
||
| 32 | 20b96360 | Nacho Barrientos | if $size and $elements {
|
| 33 | if length($elements) > $size {
|
||
| 34 | fail("Max size of set ${setname} of ${size} is not being respected")
|
||
| 35 | } |
||
| 36 | } |
||
| 37 | |||
| 38 | if $ensure == 'present' {
|
||
| 39 | 11bf7237 | Steve Traylen | concat::fragment {
|
| 40 | 20b96360 | Nacho Barrientos | "nftables-${table}-set-${setname}":
|
| 41 | order => $order, |
||
| 42 | target => "nftables-${table}",
|
||
| 43 | } |
||
| 44 | |||
| 45 | if $content {
|
||
| 46 | 11bf7237 | Steve Traylen | Concat::Fragment["nftables-${table}-set-${setname}"] {
|
| 47 | 20b96360 | Nacho Barrientos | content => " ${content}",
|
| 48 | } |
||
| 49 | } elsif $source {
|
||
| 50 | 11bf7237 | Steve Traylen | Concat::Fragment["nftables-${table}-set-${setname}"] {
|
| 51 | 20b96360 | Nacho Barrientos | source => $source, |
| 52 | } |
||
| 53 | } else {
|
||
| 54 | 9f0498e3 | Nacho Barrientos | if $type == undef {
|
| 55 | fail('The way the resource is configured must have a type set')
|
||
| 56 | } |
||
| 57 | 11bf7237 | Steve Traylen | Concat::Fragment["nftables-${table}-set-${setname}"] {
|
| 58 | 20b96360 | Nacho Barrientos | content => epp('nftables/set.epp',
|
| 59 | {
|
||
| 60 | 'name' => $setname, |
||
| 61 | 'type' => $type, |
||
| 62 | 'flags' => $flags, |
||
| 63 | 'timeout' => $timeout, |
||
| 64 | 'gc_interval' => $gc_interval, |
||
| 65 | 'elements' => $elements, |
||
| 66 | 'size' => $size, |
||
| 67 | 'policy' => $policy, |
||
| 68 | 'auto_merge' => $auto_merge, |
||
| 69 | } |
||
| 70 | ) |
||
| 71 | } |
||
| 72 | } |
||
| 73 | } |
||
| 74 | } |