Révision 8842a597
make path to `nft` binary configureable
| spec/acceptance/all_rules_spec.rb | ||
|---|---|---|
| 78 | 78 |
elements => ['192.168.0.1', '10.0.0.2'], |
| 79 | 79 |
table => ['inet-filter', 'ip-nat'], |
| 80 | 80 |
} |
| 81 |
$config_path = case $facts['os']['family'] {
|
|
| 82 |
'Archlinux': {
|
|
| 83 |
'/etc/nftables.conf'
|
|
| 84 |
}
|
|
| 85 |
default: {
|
|
| 86 |
'/etc/sysconfig/nftables.conf'
|
|
| 87 |
}
|
|
| 81 |
$config_path = $facts['os']['family'] ? {
|
|
| 82 |
'Archlinux' => '/etc/nftables.conf',
|
|
| 83 |
default => '/etc/sysconfig/nftables.conf',
|
|
| 84 |
} |
|
| 85 |
$nft_path = $facts['os']['family'] ? {
|
|
| 86 |
'Archlinux' => '/usr/bin/nft',
|
|
| 87 |
default => '/usr/sbin/nft',
|
|
| 88 | 88 |
} |
| 89 | 89 |
# nftables cannot be started in docker so replace service with a validation only. |
| 90 | 90 |
systemd::dropin_file{"zzz_docker_nft.conf":
|
| ... | ... | |
| 93 | 93 |
content => [ |
| 94 | 94 |
"[Service]", |
| 95 | 95 |
"ExecStart=", |
| 96 |
"ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
|
|
| 96 |
"ExecStart=${nft_path} -c -I /etc/nftables/puppet -f ${config_path}",
|
|
| 97 | 97 |
"ExecReload=", |
| 98 |
"ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
|
|
| 98 |
"ExecReload=${nft_path} -c -I /etc/nftables/puppet -f ${config_path}",
|
|
| 99 | 99 |
"", |
| 100 | 100 |
].join("\n"),
|
| 101 | 101 |
notify => Service["nftables"], |
Formats disponibles : Unified diff