Révision 7fb93f38
make path to echo configureable
| manifests/init.pp | ||
|---|---|---|
| 93 | 93 |
# @param nft_path |
| 94 | 94 |
# Path to the nft binary |
| 95 | 95 |
# |
| 96 |
# @param echo |
|
| 97 |
# Path to the echo binary |
|
| 98 |
# |
|
| 96 | 99 |
class nftables ( |
| 97 | 100 |
Boolean $in_ssh = true, |
| 98 | 101 |
Boolean $in_icmp = true, |
| ... | ... | |
| 114 | 117 |
Variant[Boolean[false], Pattern[/icmp(v6|x)? type .+|tcp reset/]] $reject_with = 'icmpx type port-unreachable', |
| 115 | 118 |
Variant[Boolean[false], Enum['mask']] $firewalld_enable = 'mask', |
| 116 | 119 |
Optional[Array[Pattern[/^(ip|ip6|inet)-[-a-zA-Z0-9_]+$/],1]] $noflush_tables = undef, |
| 120 |
Stdlib::Unixpath $echo = '/usr/bin/echo', |
|
| 117 | 121 |
Stdlib::Unixpath $configuration_path, |
| 118 | 122 |
Stdlib::Unixpath $nft_path, |
| 119 | 123 |
) {
|
| ... | ... | |
| 149 | 153 |
} ~> exec {
|
| 150 | 154 |
'nft validate': |
| 151 | 155 |
refreshonly => true, |
| 152 |
command => "${nft_path} -I /etc/nftables/puppet-preflight -c -f /etc/nftables/puppet-preflight.nft || ( /usr/bin/echo '#CONFIG BROKEN' >> /etc/nftables/puppet-preflight.nft && /bin/false)";
|
|
| 156 |
command => "${nft_path} -I /etc/nftables/puppet-preflight -c -f /etc/nftables/puppet-preflight.nft || ( ${echo} '#CONFIG BROKEN' >> /etc/nftables/puppet-preflight.nft && /bin/false)";
|
|
| 153 | 157 |
} -> file {
|
| 154 | 158 |
default: |
| 155 | 159 |
owner => 'root', |
Formats disponibles : Unified diff