/manifests/rule.pp - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / manifests / rule.pp @ ae9872e2

1	8efbdf9a	tr	# manage a chain rule
2	0ba57c66	mh	# Name should be:
3	a534e044	mh	# CHAIN_NAME-rulename
4	8efbdf9a	tr	define nftables::rule(
5	0ba57c66	mh	Enum['present','absent']
6			$ensure = 'present',
7	a074dec2	tr	Pattern[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(-\d+)?$/]
8	0ba57c66	mh	$rulename = $title,
9			Pattern[/^\d\d$/]
10			$order = '50',
11			Optional[String]
12	5df9303f	tr	$table = 'inet-filter',
13	8efbdf9a	tr	Optional[String]
14	0ba57c66	mh	$content = undef,
15			Optional[Variant[String,Array[String,1]]]
16			$source = undef,
17			){
18	8efbdf9a	tr
19	0ba57c66	mh	if $ensure == 'present' {
20	8efbdf9a	tr	$data = split($rulename, '-')
21
22	18ec6f48	tr	if $data[2] {
23			$fragment = "nftables-${table}-chain-${data[0]}-rule-${data[1]}-${data[2]}"
24			} else {
25			$fragment = "nftables-${table}-chain-${data[0]}-rule-${data[1]}"
26			}
27
28	e53053ce	Steve Traylen	concat::fragment{"${fragment}_header":
29			content => "# Start of fragment order:${order} rulename:${rulename}",
30	61f03b47	Steve Traylen	order => "${order}-${fragment}-a",
31	e53053ce	Steve Traylen	target => "nftables-${table}-chain-${data[0]}",
32			}
33
34	0ba57c66	mh	concat::fragment{
35	18ec6f48	tr	$fragment:
36	61f03b47	Steve Traylen	order => "${order}-${fragment}-b",
37	8efbdf9a	tr	target => "nftables-${table}-chain-${data[0]}",
38	0ba57c66	mh	}
39
40			if $content {
41	18ec6f48	tr	Concat::Fragment[$fragment]{
42	0ba57c66	mh	content => " ${content}",
43			}
44			} else {
45	18ec6f48	tr	Concat::Fragment[$fragment]{
46	0ba57c66	mh	source => $source,
47			}
48			}
49			}
50			}