/manifests/config.pp - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / manifests / config.pp @ 7030bde0

Historique | Voir | Annoter | Télécharger (1,71 ko)

1	0ba57c66	mh	# manage a config snippet
2	11bf7237	Steve Traylen	define nftables::config (
3	09cba182	Steve Traylen	# lint:ignore:parameter_documentation
4	c5418fd3	Nacho Barrientos	Pattern[/^\w+-\w+$/] $tablespec = $title,
5	31b17627	Steve Traylen	Optional[String] $content = undef,
6			Optional[Variant[String,Array[String,1]]] $source = undef,
7	948ebc98	Nacho Barrientos	String $prefix = 'custom-',
8	09cba182	Steve Traylen	# lint:endignore
9	11bf7237	Steve Traylen	) {
10	294a38ff	Nacho Barrientos	if $content and $source {
11			fail('Please pass only $content or $source, not both.')
12			}
13
14	e4c32222	Nacho Barrientos	$concat_name = "nftables-${name}"
15
16	11bf7237	Steve Traylen	Package['nftables'] -> concat {
17	e4c32222	Nacho Barrientos	$concat_name:
18	948ebc98	Nacho Barrientos	path => "/etc/nftables/puppet-preflight/${prefix}${name}.nft",
19	e4c32222	Nacho Barrientos	ensure_newline => true,
20			owner => root,
21			group => root,
22	0b7bcb5d	mh	mode => $nftables::default_config_mode,
23	11bf7237	Steve Traylen	} ~> Exec['nft validate'] -> file {
24	948ebc98	Nacho Barrientos	"/etc/nftables/puppet/${prefix}${name}.nft":
25	11bf7237	Steve Traylen	ensure => file,
26	948ebc98	Nacho Barrientos	source => "/etc/nftables/puppet-preflight/${prefix}${name}.nft",
27	11bf7237	Steve Traylen	owner => root,
28			group => root,
29	0b7bcb5d	mh	mode => $nftables::default_config_mode,
30	0ba57c66	mh	} ~> Service['nftables']
31
32	e4c32222	Nacho Barrientos	$data = split($name, '-')
33
34			concat::fragment {
35			"${concat_name}-header":
36			target => $concat_name,
37			order => '00',
38			content => "table ${data[0]} ${data[1]} {",
39			}
40
41	0ba57c66	mh	if $source {
42	e4c32222	Nacho Barrientos	concat::fragment {
43			"${concat_name}-body":
44			target => $concat_name,
45			order => 98,
46			source => $source,
47	0ba57c66	mh	}
48			} else {
49	fcb1d356	Nacho Barrientos	if $content {
50			$_content = $content
51			} else {
52			$_content = " include \"${name}-chain-*.nft\""
53			}
54	e4c32222	Nacho Barrientos	concat::fragment {
55			"${concat_name}-body":
56			target => $concat_name,
57			order => '98',
58	fcb1d356	Nacho Barrientos	content => $_content,
59	0ba57c66	mh	}
60			}
61	e4c32222	Nacho Barrientos
62			concat::fragment {
63			"${concat_name}-footer":
64			target => $concat_name,
65			order => '99',
66			content => '}',
67			}
68	0ba57c66	mh	}

Projet

Général

Profil

puppet nftables

root / manifests / config.pp @ 7030bde0