puppet 3.0 fixes

2012-10-10 15:13:50 +03:00 · 2012-10-10 15:13:50 +03:00 · eebd1512cf
commit eebd1512cf
parent 26ebca9a5f
5 changed files with 25 additions and 9 deletions
--- a/firewall/manifests/init.pp
+++ b/firewall/manifests/init.pp
@ -17,6 +17,11 @@
 #
 #     $firewall_custom = [ "pass in quick carp", ]
 #
+# Loading of extra modules is supported on centos. For example FTP
+# support for iptables:
+#
+#     $firewall_modules = [ "nf_conntrack_ftp", ]
+
 class firewall {

    if ! $firewall_custom {
@ -25,6 +30,9 @@ class firewall {
    if ! $firewall_rules {
        $firewall_rules = []
    }
+    if ! $firewall_modules {
+        $firewall_modules = []
+    }

    case $operatingsystem {
        centos,debian,fedora,ubuntu: {
@ -116,6 +124,14 @@ class firewall::common::iptables {
                hasrestart => true,
                require    => Package["iptables"],
            }
+            if $firewall_modules {
+                $firewall_modules_str = inline_template('\'"<%= @firewall_modules.join(" ") -%>"\'')
+                augeas { "iptables-config":
+                    context => "/files/etc/sysconfig/iptables-config",
+                    changes => [ "set IPTABLES_MODULES ${firewall_modules_str}" ],
+                    notify  => Service["iptables"],
+                }
+            }
        }
    }