summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Wagoner <matthew.wagoner@hp.com>2012-10-08 19:52:17 -0400
committerJenkins <jenkins@review.openstack.org>2012-10-10 21:01:08 +0000
commitf61a443a90f13574f28b182e1df80267f8d5608a (patch)
treeeb01eb345c62d4f006f90ac944c917baa5dfab7b
parentfa51e5088387d95eca5519f01b94f7148d4b436e (diff)
style edits to puppet config files
Change-Id: I4f7314bcb1cb58f94ff7a78aebe27ec4591fc11c Reviewed-on: https://review.openstack.org/14187 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
-rw-r--r--manifests/init.pp47
1 files changed, 22 insertions, 25 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index 5a9946c..f9527fc 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,20 +1,20 @@
1#http://projects.puppetlabs.com/projects/1/wiki/Module_Iptables_Patterns 1#http://projects.puppetlabs.com/projects/1/wiki/Module_Iptables_Patterns
2 2
3class iptables($rules='', $public_tcp_ports=[], $public_udp_ports=[]) { 3class iptables($rules='', $public_tcp_ports=[], $public_udp_ports=[]) {
4 package { 4 package { 'iptables-persistent':
5 "iptables-persistent": ensure => present; 5 ensure => present,
6 } 6 }
7 7
8 service { "iptables-persistent": 8 service { 'iptables-persistent':
9 require => Package["iptables-persistent"], 9 require => Package['iptables-persistent'],
10 10
11 # Because there is no running process for this service, the normal status 11 # Because there is no running process for this service, the normal status
12 # checks fail. Because puppet then thinks the service has been manually 12 # checks fail. Because puppet then thinks the service has been manually
13 # stopped, it won't restart it. This fake status command will trick puppet 13 # stopped, it won't restart it. This fake status command will trick puppet
14 # into thinking the service is *always* running (which in a way it is, as 14 # into thinking the service is *always* running (which in a way it is, as
15 # iptables is part of the kernel.) 15 # iptables is part of the kernel.)
16 hasstatus => true, 16 hasstatus => true,
17 status => "true", 17 status => true,
18 18
19 # Under Debian, the "restart" parameter does not reload the rules, so tell 19 # Under Debian, the "restart" parameter does not reload the rules, so tell
20 # Puppet to fall back to stop/start, which does work. 20 # Puppet to fall back to stop/start, which does work.
@@ -22,32 +22,29 @@ class iptables($rules='', $public_tcp_ports=[], $public_udp_ports=[]) {
22 22
23 } 23 }
24 24
25 file { "/etc/iptables": 25 file { '/etc/iptables':
26 ensure => directory 26 ensure => directory,
27 } 27 }
28 28
29 file { 29 file { '/etc/iptables/rules':
30 "/etc/iptables/rules": 30 owner => 'root',
31 owner => "root", 31 group => 'root',
32 group => "root", 32 mode => '0640',
33 mode => 640,
34 content => template('iptables/rules.erb'), 33 content => template('iptables/rules.erb'),
35 require => [Package["iptables-persistent"], File["/etc/iptables"]], 34 require => [Package['iptables-persistent'], File['/etc/iptables']],
36 35
37 # When this file is updated, make sure the rules get reloaded. 36 # When this file is updated, make sure the rules get reloaded.
38 notify => Service["iptables-persistent"], 37 notify => Service['iptables-persistent'],
39 ;
40 } 38 }
41 39
42 file { 40 file { '/etc/iptables/rules.v4':
43 "/etc/iptables/rules.v4": 41 ensure => link,
44 owner => "root", 42 owner => 'root',
45 group => "root", 43 group => 'root',
46 mode => 640, 44 mode => '0640',
47 ensure => link, 45 target => '/etc/iptables/rules',
48 target => "/etc/iptables/rules", 46 require => File['/etc/iptables/rules'],
49 require => File["/etc/iptables/rules"], 47 notify => Service['iptables-persistent'],
50 notify => Service["iptables-persistent"]
51 } 48 }
52 49
53} 50}