opendev
/
puppet-iptables
Code Issues Proposed changes
puppet-iptables/manifests/params.pp

61 lines
2.2 KiB
Puppet
Raw Blame History

# Class: iptables::params
#
# This class holds parameters that need to be
# accessed by other classes.
class iptables::params {
case $::osfamily {
'RedHat': {
case $::operatingsystem {
'Fedora': {
$package_name = 'iptables-services'
$service_has_restart = true
}
'RedHat','CentOS','Scientific': {
case $::operatingsystemrelease {
/^7/: {
$package_name = 'iptables-services'
$service_has_restart = true
}
/^6/: {
$package_name = 'iptables'
$service_has_restart = false
}
default: {
fail("Unsupported operatingsystemrelease: ${::operatingsystemrelease} The 'iptables' module recognize only 6, 7 as RedHat major versions.")
}
}
}
default: {
fail("Unsupported operatingsystem: ${::operatingsystem} The 'iptables' module with RedHat osfamily.")
}
}
$service_name = 'iptables'
$rules_dir = '/etc/sysconfig'
$ipv4_rules = '/etc/sysconfig/iptables'
$ipv6_rules = '/etc/sysconfig/ip6tables'
$service_has_status = true
$service_status_cmd = undef
}
'Debian': {
$package_name = 'iptables-persistent'
$service_name = 'iptables-persistent'
$rules_dir = '/etc/iptables'
$ipv4_rules = '/etc/iptables/rules.v4'
$ipv6_rules = '/etc/iptables/rules.v6'
# Because there is no running process for this service, the normal status
# checks fail. Because puppet then thinks the service has been manually
# stopped, it won't restart it. This fake status command will trick
# puppet into thinking the service is *always* running (which in a way
# it is, as iptables is part of the kernel.)
$service_has_status = true
$service_status_cmd = true
# Under Debian, the "restart" parameter does not reload the rules, so
# tell Puppet to fall back to stop/start, which does work.
$service_has_restart = false
}
default: {
fail("Unsupported osfamily: ${::osfamily} The 'iptables' module only supports osfamily Debian or RedHat (slaves only).")
}
}
}
View Git Blame Copy Permalink