669eb287c9
Clean up facter osfamily matches to just use Debian, not Ubuntu. This is manually tested and confirmed to at least be the case on Oneiric, Precise and Quantal. Change-Id: I27b184ac419910f9c3271c3b4e57886333282a5f Reviewed-on: https://review.openstack.org/27399 Reviewed-by: Spencer Krum <krum.spencer@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
39 lines
1.4 KiB
Puppet
39 lines
1.4 KiB
Puppet
# Class: iptables::params
|
|
#
|
|
# This class holds parameters that need to be
|
|
# accessed by other classes.
|
|
class iptables::params {
|
|
case $::osfamily {
|
|
'RedHat': {
|
|
$package_name = 'iptables'
|
|
$service_name = 'iptables'
|
|
$rules_dir = '/etc/sysconfig'
|
|
$ipv4_rules = '/etc/sysconfig/iptables'
|
|
$ipv6_rules = '/etc/sysconfig/ip6tables'
|
|
$service_has_status = true
|
|
$service_status_cmd = undef
|
|
$service_has_restart = false
|
|
}
|
|
'Debian': {
|
|
$package_name = 'iptables-persistent'
|
|
$service_name = 'iptables-persistent'
|
|
$rules_dir = '/etc/iptables'
|
|
$ipv4_rules = '/etc/iptables/rules.v4'
|
|
$ipv6_rules = '/etc/iptables/rules.v6'
|
|
# Because there is no running process for this service, the normal status
|
|
# checks fail. Because puppet then thinks the service has been manually
|
|
# stopped, it won't restart it. This fake status command will trick
|
|
# puppet into thinking the service is *always* running (which in a way
|
|
# it is, as iptables is part of the kernel.)
|
|
$service_has_status = true
|
|
$service_status_cmd = true
|
|
# Under Debian, the "restart" parameter does not reload the rules, so
|
|
# tell Puppet to fall back to stop/start, which does work.
|
|
$service_has_restart = false
|
|
}
|
|
default: {
|
|
fail("Unsupported osfamily: ${::osfamily} The 'iptables' module only supports osfamily Debian or RedHat (slaves only).")
|
|
}
|
|
}
|
|
}
|