Révision 948ebc98
Prefix custom tables with custom- so they're loaded
| manifests/config.pp | ||
|---|---|---|
| 3 | 3 |
Pattern[/^\w+-\w+$/] $tablespec = $title, |
| 4 | 4 |
Optional[String] $content = undef, |
| 5 | 5 |
Optional[Variant[String,Array[String,1]]] $source = undef, |
| 6 |
String $prefix = 'custom-', |
|
| 6 | 7 |
) {
|
| 7 | 8 |
if $content and $source {
|
| 8 | 9 |
fail('Please pass only $content or $source, not both.')
|
| ... | ... | |
| 12 | 13 |
|
| 13 | 14 |
Package['nftables'] -> concat {
|
| 14 | 15 |
$concat_name: |
| 15 |
path => "/etc/nftables/puppet-preflight/${name}.nft",
|
|
| 16 |
path => "/etc/nftables/puppet-preflight/${prefix}${name}.nft",
|
|
| 16 | 17 |
ensure_newline => true, |
| 17 | 18 |
owner => root, |
| 18 | 19 |
group => root, |
| 19 | 20 |
mode => '0640', |
| 20 | 21 |
} ~> Exec['nft validate'] -> file {
|
| 21 |
"/etc/nftables/puppet/${name}.nft":
|
|
| 22 |
"/etc/nftables/puppet/${prefix}${name}.nft":
|
|
| 22 | 23 |
ensure => file, |
| 23 |
source => "/etc/nftables/puppet-preflight/${name}.nft",
|
|
| 24 |
source => "/etc/nftables/puppet-preflight/${prefix}${name}.nft",
|
|
| 24 | 25 |
owner => root, |
| 25 | 26 |
group => root, |
| 26 | 27 |
mode => '0640', |
| manifests/inet_filter.pp | ||
|---|---|---|
| 9 | 9 |
|
| 10 | 10 |
nftables::config {
|
| 11 | 11 |
'inet-filter': |
| 12 |
prefix => '', |
|
| 12 | 13 |
source => 'puppet:///modules/nftables/config/puppet-inet-filter.nft'; |
| 13 | 14 |
} |
| 14 | 15 |
|
| manifests/ip_nat.pp | ||
|---|---|---|
| 1 | 1 |
# manage basic chains in table ip nat |
| 2 | 2 |
class nftables::ip_nat inherits nftables {
|
| 3 |
nftables::config { ['ip-nat', 'ip6-nat']: }
|
|
| 3 |
nftables::config {
|
|
| 4 |
'ip-nat': |
|
| 5 |
prefix => ''; |
|
| 6 |
'ip6-nat': |
|
| 7 |
prefix => ''; |
|
| 8 |
} |
|
| 4 | 9 |
|
| 5 | 10 |
nftables::chain {
|
| 6 | 11 |
[ |
| spec/defines/config_spec.rb | ||
|---|---|---|
| 15 | 15 |
it { is_expected.to contain_concat('nftables-FOO-BAR') }
|
| 16 | 16 |
it {
|
| 17 | 17 |
is_expected.to contain_concat('nftables-FOO-BAR').with(
|
| 18 |
path: '/etc/nftables/puppet-preflight/FOO-BAR.nft', |
|
| 18 |
path: '/etc/nftables/puppet-preflight/custom-FOO-BAR.nft',
|
|
| 19 | 19 |
ensure_newline: true, |
| 20 | 20 |
mode: '0640', |
| 21 | 21 |
) |
| 22 | 22 |
} |
| 23 |
it { is_expected.to contain_file('/etc/nftables/puppet/FOO-BAR.nft') }
|
|
| 23 |
it { is_expected.to contain_file('/etc/nftables/puppet/custom-FOO-BAR.nft') }
|
|
| 24 | 24 |
it {
|
| 25 |
is_expected.to contain_file('/etc/nftables/puppet/FOO-BAR.nft').with(
|
|
| 25 |
is_expected.to contain_file('/etc/nftables/puppet/custom-FOO-BAR.nft').with(
|
|
| 26 | 26 |
ensure: 'file', |
| 27 |
source: '/etc/nftables/puppet-preflight/FOO-BAR.nft', |
|
| 27 |
source: '/etc/nftables/puppet-preflight/custom-FOO-BAR.nft',
|
|
| 28 | 28 |
mode: '0640', |
| 29 | 29 |
) |
| 30 | 30 |
} |
| ... | ... | |
| 74 | 74 |
it { is_expected.to contain_concat('nftables-FOO-BAR') }
|
| 75 | 75 |
it {
|
| 76 | 76 |
is_expected.to contain_concat('nftables-FOO-BAR').with(
|
| 77 |
path: '/etc/nftables/puppet-preflight/FOO-BAR.nft', |
|
| 77 |
path: '/etc/nftables/puppet-preflight/custom-FOO-BAR.nft',
|
|
| 78 | 78 |
ensure_newline: true, |
| 79 | 79 |
mode: '0640', |
| 80 | 80 |
) |
| 81 | 81 |
} |
| 82 |
it { is_expected.to contain_file('/etc/nftables/puppet/FOO-BAR.nft') }
|
|
| 82 |
it { is_expected.to contain_file('/etc/nftables/puppet/custom-FOO-BAR.nft') }
|
|
| 83 | 83 |
it {
|
| 84 |
is_expected.to contain_file('/etc/nftables/puppet/FOO-BAR.nft').with(
|
|
| 84 |
is_expected.to contain_file('/etc/nftables/puppet/custom-FOO-BAR.nft').with(
|
|
| 85 | 85 |
ensure: 'file', |
| 86 |
source: '/etc/nftables/puppet-preflight/FOO-BAR.nft', |
|
| 86 |
source: '/etc/nftables/puppet-preflight/custom-FOO-BAR.nft',
|
|
| 87 | 87 |
mode: '0640', |
| 88 | 88 |
) |
| 89 | 89 |
} |
Formats disponibles : Unified diff