root / manifests / set.pp @ c868cae3
Historique | Voir | Annoter | Télécharger (2,66 ko)
| 1 | 13f4e4c6 | Steve Traylen | # @summary manage a named set |
|---|---|---|---|
| 2 | # |
||
| 3 | # @example simple set |
||
| 4 | # nftables::set{'my_set':
|
||
| 5 | # type => 'ipv4_addr', |
||
| 6 | # flags => ['interval'], |
||
| 7 | # elements => ['192.168.0.1/24', '10.0.0.2'], |
||
| 8 | # auto_merge => true, |
||
| 9 | # } |
||
| 10 | # |
||
| 11 | # @param ensure should the set be created. |
||
| 12 | # @param setname name of set, equal to to title. |
||
| 13 | # @param order concat ordering. |
||
| 14 | # @param type type of set. |
||
| 15 | # @param table table to add set to. |
||
| 16 | # @param flags specify flags for set |
||
| 17 | # @param timeout timeout in seconds |
||
| 18 | # @param gc_interval garbage collection interval. |
||
| 19 | # @param elements initialize the set with some elements in it. |
||
| 20 | c868cae3 | Tim Meusel | # @param size limits the maximum number of elements of the set. |
| 21 | 13f4e4c6 | Steve Traylen | # @param policy determines set selection policy. |
| 22 | # @param auto_merge ? |
||
| 23 | # @param content specify content of set. |
||
| 24 | # @param source specify source of set. |
||
| 25 | 11bf7237 | Steve Traylen | define nftables::set ( |
| 26 | 31b17627 | Steve Traylen | Enum['present','absent'] $ensure = 'present', |
| 27 | Pattern[/^[-a-zA-Z0-9_]+$/] $setname = $title, |
||
| 28 | Pattern[/^\d\d$/] $order = '10', |
||
| 29 | Optional[Enum['ipv4_addr', 'ipv6_addr', 'ether_addr', 'inet_proto', 'inet_service', 'mark']] $type = undef, |
||
| 30 | String $table = 'inet-filter', |
||
| 31 | Array[Enum['constant', 'dynamic', 'interval', 'timeout'], 0, 4] $flags = [], |
||
| 32 | Optional[Integer] $timeout = undef, |
||
| 33 | Optional[Integer] $gc_interval = undef, |
||
| 34 | Optional[Array[String]] $elements = undef, |
||
| 35 | Optional[Integer] $size = undef, |
||
| 36 | Optional[Enum['performance', 'memory']] $policy = undef, |
||
| 37 | Boolean $auto_merge = false, |
||
| 38 | Optional[String] $content = undef, |
||
| 39 | Optional[Variant[String,Array[String,1]]] $source = undef, |
||
| 40 | 11bf7237 | Steve Traylen | ) {
|
| 41 | 20b96360 | Nacho Barrientos | if $size and $elements {
|
| 42 | if length($elements) > $size {
|
||
| 43 | fail("Max size of set ${setname} of ${size} is not being respected")
|
||
| 44 | } |
||
| 45 | } |
||
| 46 | |||
| 47 | if $ensure == 'present' {
|
||
| 48 | 11bf7237 | Steve Traylen | concat::fragment {
|
| 49 | 20b96360 | Nacho Barrientos | "nftables-${table}-set-${setname}":
|
| 50 | order => $order, |
||
| 51 | target => "nftables-${table}",
|
||
| 52 | } |
||
| 53 | |||
| 54 | if $content {
|
||
| 55 | 11bf7237 | Steve Traylen | Concat::Fragment["nftables-${table}-set-${setname}"] {
|
| 56 | 20b96360 | Nacho Barrientos | content => " ${content}",
|
| 57 | } |
||
| 58 | } elsif $source {
|
||
| 59 | 11bf7237 | Steve Traylen | Concat::Fragment["nftables-${table}-set-${setname}"] {
|
| 60 | 20b96360 | Nacho Barrientos | source => $source, |
| 61 | } |
||
| 62 | } else {
|
||
| 63 | 9f0498e3 | Nacho Barrientos | if $type == undef {
|
| 64 | fail('The way the resource is configured must have a type set')
|
||
| 65 | } |
||
| 66 | 11bf7237 | Steve Traylen | Concat::Fragment["nftables-${table}-set-${setname}"] {
|
| 67 | 20b96360 | Nacho Barrientos | content => epp('nftables/set.epp',
|
| 68 | {
|
||
| 69 | 'name' => $setname, |
||
| 70 | 'type' => $type, |
||
| 71 | 'flags' => $flags, |
||
| 72 | 'timeout' => $timeout, |
||
| 73 | 'gc_interval' => $gc_interval, |
||
| 74 | 'elements' => $elements, |
||
| 75 | 'size' => $size, |
||
| 76 | 'policy' => $policy, |
||
| 77 | 'auto_merge' => $auto_merge, |
||
| 78 | } |
||
| 79 | ) |
||
| 80 | } |
||
| 81 | } |
||
| 82 | } |
||
| 83 | } |