Projet

Général

Profil

Révision 8842a597

ID8842a597f82f297a5f4a6f4e20efbf5bf614676b
Parent a7142e9f
Enfant e8ee67c1

Ajouté par Tim Meusel il y a presque 3 ans

make path to `nft` binary configureable

Voir les différences:

spec/acceptance/default_spec.rb
11 11 
      class { 'nftables':
12 12 
        firewalld_enable => false,
13 13 
      }
14 
      $config_path = case $facts['os']['family'] {
15 
        'Archlinux': {
16 
          '/etc/nftables.conf'
17 
        }
18 
        default: {
19 
          '/etc/sysconfig/nftables.conf'
20 
        }
14 
      $config_path = $facts['os']['family'] ? {
15 
        'Archlinux' => '/etc/nftables.conf',
16 
        default => '/etc/sysconfig/nftables.conf',
17 
      }
18 
      $nft_path = $facts['os']['family'] ? {
19 
        'Archlinux' => '/usr/bin/nft',
20 
        default => '/usr/sbin/nft',
21 21 
      }
22 22 
      # nftables cannot be started in docker so replace service with a validation only.
23 23 
      systemd::dropin_file{"zzz_docker_nft.conf":
......
26 26 
        content => [
27 27 
          "[Service]",
28 28 
          "ExecStart=",
29 
          "ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
29 
          "ExecStart=${nft_path} -c -I /etc/nftables/puppet -f ${config_path}",
30 30 
          "ExecReload=",
31 
          "ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
31 
          "ExecReload=${nft_path} -c -I /etc/nftables/puppet -f ${config_path}",
32 32 
          "",
33 33 
          ].join("\n"),
34 34 
        notify  => Service["nftables"],
......
66 66 
      nftables::rule{'default_out-junk':
67 67 
        content => 'A load of junk',
68 68 
      }
69 
      $config_path = case $facts['os']['family'] {
70 
        'Archlinux': {
71 
          '/etc/nftables.conf'
72 
        }
73 
        default: {
74 
          '/etc/sysconfig/nftables.conf'
75 
        }
69 
      $config_path = $facts['os']['family'] ? {
70 
        'Archlinux' => '/etc/nftables.conf',
71 
        default => '/etc/sysconfig/nftables.conf',
72 
      }
73 
      $nft_path = $facts['os']['family'] ? {
74 
        'Archlinux' => '/usr/bin/nft',
75 
        default => '/usr/sbin/nft',
76 76 
      }
77 77 
      # nftables cannot be started in docker so replace service with a validation only.
78 78 
      systemd::dropin_file{"zzz_docker_nft.conf":
......
81 81 
        content => [
82 82 
          "[Service]",
83 83 
          "ExecStart=",
84 
          "ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
84 
          "ExecStart=${nft_path} -c -I /etc/nftables/puppet -f $config_path",
85 85 
          "ExecReload=",
86 
          "ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
86 
          "ExecReload=${nft_path} -c -I /etc/nftables/puppet -f $config_path",
87 87 
          "",
88 88 
          ].join("\n"),
89 89 
        notify  => Service["nftables"],
......
106 106 
        inet_filter => false,
107 107 
        nat => false,
108 108 
      }
109 
      $config_path = case $facts['os']['family'] {
110 
        'Archlinux': {
111 
          '/etc/nftables.conf'
112 
        }
113 
        default: {
114 
          '/etc/sysconfig/nftables.conf'
115 
        }
109 
      $config_path = $facts['os']['family'] ? {
110 
        'Archlinux' => '/etc/nftables.conf',
111 
        default => '/etc/sysconfig/nftables.conf',
112 
      }
113 
      $nft_path = $facts['os']['family'] ? {
114 
        'Archlinux' => '/usr/bin/nft',
115 
        default => '/usr/sbin/nft',
116 116 
      }
117 117 
      # nftables cannot be started in docker so replace service with a validation only.
118 118 
      systemd::dropin_file{"zzz_docker_nft.conf":
......
121 121 
        content => [
122 122 
          "[Service]",
123 123 
          "ExecStart=",
124 
          "ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
124 
          "ExecStart=${nft_path} -c -I /etc/nftables/puppet -f $config_path",
125 125 
          "ExecReload=",
126 
          "ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
126 
          "ExecReload=${nft_path} -c -I /etc/nftables/puppet -f $config_path",
127 127 
          "",
128 128 
          ].join("\n"),
129 129 
        notify  => Service["nftables"],
......
146 146 
        nat => true,
147 147 
        nat_table_name => 'mycustomtablename',
148 148 
      }
149 
      $config_path = case $facts['os']['family'] {
150 
        'Archlinux': {
151 
          '/etc/nftables.conf'
152 
        }
153 
        default: {
154 
          '/etc/sysconfig/nftables.conf'
155 
        }
149 
      $config_path = $facts['os']['family'] ? {
150 
        'Archlinux' => '/etc/nftables.conf',
151 
        default => '/etc/sysconfig/nftables.conf',
152 
      }
153 
      $nft_path = $facts['os']['family'] ? {
154 
        'Archlinux' => '/usr/bin/nft',
155 
        default => '/usr/sbin/nft',
156 156 
      }
157 157 
      # nftables cannot be started in docker so replace service with a validation only.
158 158 
      systemd::dropin_file{"zzz_docker_nft.conf":
......
161 161 
        content => [
162 162 
          "[Service]",
163 163 
          "ExecStart=",
164 
          "ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
164 
          "ExecStart=${nft_path} -c -I /etc/nftables/puppet -f $config_path",
165 165 
          "ExecReload=",
166 
          "ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
166 
          "ExecReload=${nft_path} -c -I /etc/nftables/puppet -f $config_path",
167 167 
          "",
168 168 
          ].join("\n"),
169 169 
        notify  => Service["nftables"],

Formats disponibles : Unified diff