/manifests/set.pp - puppet nftables - Koumbit's Redmine

Télécharger au format

root / manifests / set.pp @ ae9872e2

Historique | Voir | Annoter | Télécharger (1,93 ko)

       # manage a named set
       define nftables::set(
         Enum['present','absent']
           $ensure = 'present',
         Pattern[/^[-a-zA-Z0-9_]+$/]
           $setname = $title,
         Pattern[/^\d\d$/]
           $order = '10',
         Optional[Enum['ipv4_addr', 'ipv6_addr', 'ether_addr', 'inet_proto', 'inet_service', 'mark']]
           $type = undef,
         String
           $table = 'inet-filter',
         Array[Enum['constant', 'dynamic', 'interval', 'timeout'], 0, 4]
           $flags = [],
         Optional[Integer]
           $timeout = undef,
         Optional[Integer]
           $gc_interval = undef,
         Optional[Array[String]]
           $elements = undef,
         Optional[Integer]
           $size = undef,
         Optional[Enum['performance', 'memory']]
           $policy = undef,
         Boolean
           $auto_merge = false,
         Optional[String]
           $content = undef,
         Optional[Variant[String,Array[String,1]]]
           $source = undef,
       ){
         if $size and $elements {
           if length($elements) > $size {
             fail("Max size of set ${setname} of ${size} is not being respected")
+          }
+        }
         if $ensure == 'present' {
           concat::fragment{
             "nftables-${table}-set-${setname}":
               order  => $order,
               target => "nftables-${table}",
+          }
           if $content {
             Concat::Fragment["nftables-${table}-set-${setname}"]{
               content => "  ${content}",
+            }
           } elsif $source {
             Concat::Fragment["nftables-${table}-set-${setname}"]{
               source => $source,
+            }
           } else {
             if $type == undef {
               fail('The way the resource is configured must have a type set')
+            }
             Concat::Fragment["nftables-${table}-set-${setname}"]{
               content => epp('nftables/set.epp',
+                {
                   'name'        => $setname,
                   'type'        => $type,
                   'flags'       => $flags,
                   'timeout'     => $timeout,
                   'gc_interval' => $gc_interval,
                   'elements'    => $elements,
                   'size'        => $size,
                   'policy'      => $policy,
                   'auto_merge'  => $auto_merge,
+                }
+              )
+            }
+          }
+        }
+      }

Projet

Général

Profil

puppet nftables

root / manifests / set.pp @ ae9872e2