Merge pull request #12 from bodepd/make_vhost_firewalls_optional

Make management of firewalls configurable for vhosts Reviewed by Ryan Coleman (ryan@puppetlabs.com)
2012-03-12 02:06:19 -07:00 · 2012-03-12 02:06:19 -07:00 · 3c0c1ac882
parent 0134b89a53 d7516c7662
commit 3c0c1ac882
1 changed files with 21 additions and 16 deletions
--- a/manifests/vhost.pp
+++ b/manifests/vhost.pp
@ -6,6 +6,8 @@
 # - The $port to configure the host on
 # - The $docroot provides the DocumentationRoot variable
 # - The $ssl option is set true or false to enable SSL for this Virtual Host
+# - The $configure_firewall option is set to true or false to specify if
+#   a firewall should be configured.
 # - The $template option specifies whether to use the default template or override
 # - The $priority of the site
 # - The $serveraliases of the site
@ -28,16 +30,17 @@
 define apache::vhost(
    $port,
    $docroot,
-    $ssl           = $apache::params::ssl,
-    $template      = $apache::params::template,
-    $priority      = $apache::params::priority,
-    $servername    = $apache::params::servername,
-    $serveraliases = $apache::params::serveraliases,
-    $auth          = $apache::params::auth,
-    $redirect_ssl  = $apache::params::redirect_ssl,
-    $options       = $apache::params::options,
-    $apache_name   = $apache::params::apache_name,
-    $vhost_name    = $apache::params::vhost_name
+    $configure_firewall = true,
+    $ssl                = $apache::params::ssl,
+    $template           = $apache::params::template,
+    $priority           = $apache::params::priority,
+    $servername         = $apache::params::servername,
+    $serveraliases      = $apache::params::serveraliases,
+    $auth               = $apache::params::auth,
+    $redirect_ssl       = $apache::params::redirect_ssl,
+    $options            = $apache::params::options,
+    $apache_name        = $apache::params::apache_name,
+    $vhost_name         = $apache::params::vhost_name
  ) {

  include apache
@ -72,12 +75,14 @@ define apache::vhost(
      notify  => Service['httpd'],
  }

-  if ! defined(Firewall["0100-INPUT ACCEPT $port"]) {
-    @firewall {
-      "0100-INPUT ACCEPT $port":
-        action => 'accept',
-        dport => "$port",
-        proto => 'tcp'
+  if $configure_firewall {
+    if ! defined(Firewall["0100-INPUT ACCEPT $port"]) {
+      @firewall {
+        "0100-INPUT ACCEPT $port":
+          action => 'accept',
+          dport => "$port",
+          proto => 'tcp'
+      }
    }
  }
 }