Révision 8842a597
make path to `nft` binary configureable
| manifests/init.pp | ||
|---|---|---|
| 90 | 90 |
# The absolute path to the principal nftables configuration file. The default |
| 91 | 91 |
# varies depending on the system, and is set in the module's data. |
| 92 | 92 |
# |
| 93 |
# @param nft_path |
|
| 94 |
# Path to the nft binary |
|
| 95 |
# |
|
| 93 | 96 |
class nftables ( |
| 94 | 97 |
Boolean $in_ssh = true, |
| 95 | 98 |
Boolean $in_icmp = true, |
| ... | ... | |
| 112 | 115 |
Variant[Boolean[false], Enum['mask']] $firewalld_enable = 'mask', |
| 113 | 116 |
Optional[Array[Pattern[/^(ip|ip6|inet)-[-a-zA-Z0-9_]+$/],1]] $noflush_tables = undef, |
| 114 | 117 |
Stdlib::Unixpath $configuration_path, |
| 118 |
Stdlib::Unixpath $nft_path, |
|
| 115 | 119 |
) {
|
| 116 | 120 |
package { 'nftables':
|
| 117 | 121 |
ensure => installed, |
| ... | ... | |
| 145 | 149 |
} ~> exec {
|
| 146 | 150 |
'nft validate': |
| 147 | 151 |
refreshonly => true, |
| 148 |
command => '/usr/sbin/nft -I /etc/nftables/puppet-preflight -c -f /etc/nftables/puppet-preflight.nft || ( /usr/bin/echo "#CONFIG BROKEN" >> /etc/nftables/puppet-preflight.nft && /bin/false)';
|
|
| 152 |
command => "${nft_path} -I /etc/nftables/puppet-preflight -c -f /etc/nftables/puppet-preflight.nft || ( /usr/bin/echo '#CONFIG BROKEN' >> /etc/nftables/puppet-preflight.nft && /bin/false)";
|
|
| 149 | 153 |
} -> file {
|
| 150 | 154 |
default: |
| 151 | 155 |
owner => 'root', |
| ... | ... | |
| 177 | 181 |
unit => 'nftables.service', |
| 178 | 182 |
content => epp('nftables/systemd/puppet_nft.conf.epp', {
|
| 179 | 183 |
'configuration_path' => $configuration_path, |
| 184 |
'nft_path' => $nft_path, |
|
| 180 | 185 |
}), |
| 181 | 186 |
notify => Service['nftables'], |
| 182 | 187 |
} |
Formats disponibles : Unified diff