diff --git a/firewall/manifests/init.pp b/firewall/manifests/init.pp index 367e1f1..0f0ed9d 100644 --- a/firewall/manifests/init.pp +++ b/firewall/manifests/init.pp @@ -77,25 +77,55 @@ class firewall::custom { # class firewall::common::iptables { + case $::operatingsystem { + "centos","fedora","redhat": { + $iptables = "/etc/sysconfig/iptables" + $ip6tables = "/etc/sysconfig/ip6tables" + } + "ubuntu": { + if versioncmp($::operatingsystemrelease, "11.10") < 0 { + $iptables = "/etc/iptables/rules" + } else { + $iptables = "/etc/iptables/rules.v4" + } + if versioncmp($::operatingsystemrelease, "11.04") < 0 { + $ip6tables = undef + } else { + $ip6tables = "/etc/iptables/rules.v6" + } + # kludge for missing directory in Ubuntu 11.04 Natty + if $::operatingsystemrelease == "11.04" { + file { "/etc/iptables": + ensure => directory, + mode => "0755", + owner => "root", + group => "root", + before => File[$iptables], + } + } + } + "debian": { + $iptables = "/etc/iptables/rules" + $ip6tables = undef + } + } + $ip6states = versioncmp($::kernelversion, "2.6.20") + package { "iptables": + ensure => installed, name => $::operatingsystem ? { - centos => [ "iptables", "iptables-ipv6" ], - redhat => [ "iptables", "iptables-ipv6" ], - debian => [ "iptables", "iptables-persistent" ], - fedora => $::operatingsystemrelease ? { + "centos" => [ "iptables", "iptables-ipv6" ], + "redhat" => [ "iptables", "iptables-ipv6" ], + "debian" => [ "iptables", "iptables-persistent" ], + "fedora" => $::operatingsystemrelease ? { /^1[0-5]/ => [ "iptables", "iptables-ipv6" ], default => "iptables", }, - ubuntu => [ "iptables", "iptables-persistent" ], + "ubuntu" => [ "iptables", "iptables-persistent" ], }, } - file { "/etc/sysconfig/iptables": - name => $::operatingsystem ? { - debian => "/etc/iptables/rules", - ubuntu => "/etc/iptables/rules", - default => "/etc/sysconfig/iptables", - }, + file { $iptables: ensure => present, mode => "0600", owner => "root", @@ -103,26 +133,47 @@ class firewall::common::iptables { require => Package["iptables"], notify => Service["iptables"], } + service { "iptables": + ensure => running, + name => $::operatingsystem ? { + "debian" => "iptables-persistent", + "ubuntu" => "iptables-persistent", + default => "iptables", + }, + alias => $::operatingsystem ? { + "ubuntu" => "ip6tables", + default => undef, + }, + enable => true, + status => "iptables -t filter --list --line-numbers | egrep '^1'", + require => Package["iptables"], + } - case $::operatingsystem { - "centos","redhat","fedora": { - $ip6states = versioncmp($kernelversion, "2.6.20") - file { "/etc/sysconfig/ip6tables": - ensure => present, - mode => "0600", - owner => "root", - group => "root", - require => Package["iptables"], - notify => Service["ip6tables"], + if $ip6tables { + file { $ip6tables: + ensure => present, + mode => "0600", + owner => "root", + group => "root", + require => Package["iptables"], + notify => Service["ip6tables"], + } + case $::operatingsystem { + "centos","fedora","redhat": { + service { "ip6tables": + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, + require => Package["iptables"], + } } - service { "ip6tables": - ensure => running, - enable => true, - hasstatus => true, - hasrestart => true, - require => Package["iptables"], - } - if $firewall_modules { + } + } + + if $firewall_modules { + case $::operatingsystem { + "centos","fedora","redhat": { $firewall_modules_str = inline_template('<%= @firewall_modules.join(" ") -%>') augeas { "iptables-config": context => "/files/etc/sysconfig/iptables-config", @@ -133,25 +184,6 @@ class firewall::common::iptables { } } - service { "iptables": - name => $::operatingsystem ? { - debian => "iptables-persistent", - ubuntu => "iptables-persistent", - default => "iptables", - }, - ensure => running, - enable => true, - hasrestart => $::operatingsystem ? { - centos => true, - redhat => true, - debian => false, - fedora => true, - ubuntu => false, - }, - status => "iptables -t filter --list --line-numbers | egrep '^1'", - require => Package["iptables"], - } - } @@ -159,15 +191,13 @@ class firewall::common::iptables { # class firewall::iptables inherits firewall::common::iptables { - File["/etc/sysconfig/iptables"] { + File[$firewall::common::iptables::iptables] { content => template("firewall/iptables.erb"), } - case $::operatingsystem { - "centos","redhat","fedora": { - File["/etc/sysconfig/ip6tables"] { - content => template("firewall/ip6tables.erb"), - } + if $firewall::common::iptables::ip6tables { + File[$firewall::common::iptables::ip6tables] { + content => template("firewall/ip6tables.erb"), } } @@ -179,7 +209,7 @@ class firewall::iptables inherits firewall::common::iptables { class firewall::custom::iptables inherits firewall::common::iptables { File["/etc/sysconfig/iptables"] { - source => [ "puppet:///files/firewall/iptables.${fqdn}", + source => [ "puppet:///files/firewall/iptables.${::homename}", "puppet:///files/firewall/iptables", ], } @@ -222,7 +252,7 @@ class firewall::pf inherits firewall::common::pf { class firewall::custom::pf inherits firewall::common::pf { File["/etc/pf.conf"] { - source => [ "puppet:///files/firewall/pf.conf.${fqdn}", + source => [ "puppet:///files/firewall/pf.conf.${::homename}", "puppet:///files/firewall/pf.conf", ], } diff --git a/kerberos/manifests/init.pp b/kerberos/manifests/init.pp index eb876a1..25c41f0 100644 --- a/kerberos/manifests/init.pp +++ b/kerberos/manifests/init.pp @@ -22,9 +22,16 @@ class kerberos::client { "centos","redhat","fedora": { package { "krb5-workstation": ensure => installed, + before => File["krb5.conf"], } } "openbsd": {} + "ubuntu": { + package { [ "krb5-clients", "krb5-user", ]: + ensure => installed, + before => File["krb5.conf"], + } + } default: { fail("kerberos::client not supported in ${::operatingsystem}") } diff --git a/munin/manifests/init.pp b/munin/manifests/init.pp index 526022d..1772eb8 100644 --- a/munin/manifests/init.pp +++ b/munin/manifests/init.pp @@ -47,6 +47,10 @@ class munin::node { if $kernel == "Linux" { file { "/var/lib/munin/plugin-state": ensure => directory, + name => $::operatingsystem ? { + "ubuntu" => "/var/lib/munin-node/plugin-state", + default => "/var/lib/munin/plugin-state", + }, mode => "0775", owner => "root", group => "munin", diff --git a/sasl/manifests/init.pp b/sasl/manifests/init.pp index a1a236e..e0da7a3 100644 --- a/sasl/manifests/init.pp +++ b/sasl/manifests/init.pp @@ -4,11 +4,19 @@ class sasl::client { package { "cyrus-sasl": + name => $::operatingsystem ? { + "ubuntu" => "sasl2-bin", + default => "cyrus-sasl", + }, ensure => installed, } if $kerberos_realm { package { "cyrus-sasl-gssapi": + name => $::operatingsystem ? { + "ubuntu" => "libsasl2-modules-gssapi-mit", + default => "cyrus-sasl-gssapi", + }, ensure => installed, } }