[icinga-checkins] icinga.org: icinga-vagrant/master: icinga2x-graylog2: Create and use define for firewall rules.

git at icinga.org git at icinga.org
Thu Nov 20 10:45:06 CET 2014


Module: icinga-vagrant
Branch: master
Commit: 384a394193e21aeb091207f6bfc111b126cf4ad1
URL:    https://git.icinga.org/?p=icinga-vagrant.git;a=commit;h=384a394193e21aeb091207f6bfc111b126cf4ad1

Author: Bernd Ahlers <bernd at torch.sh>
Date:   Tue Nov 18 09:44:38 2014 +0100

icinga2x-graylog2: Create and use define for firewall rules.

---

 icinga2x-graylog2/manifests/default.pp |   49 ++++++++++++++++++--------------
 1 file changed, 28 insertions(+), 21 deletions(-)

diff --git a/icinga2x-graylog2/manifests/default.pp b/icinga2x-graylog2/manifests/default.pp
index 8670111..cae37d7 100644
--- a/icinga2x-graylog2/manifests/default.pp
+++ b/icinga2x-graylog2/manifests/default.pp
@@ -25,6 +25,16 @@ if versioncmp($::puppetversion,'3.6.1') >= 0 {
   }
 }
 
+define rh_firewall_add_port($zone, $port) {
+  exec { $title :
+    path    => '/bin:/usr/bin:/sbin:/usr/sbin',
+    command => "firewall-cmd --permanent --zone=${zone} --add-port=${port}",
+    unless  => "firewall-cmd --zone ${zone} --list-ports | fgrep -q ${port}",
+    require => Package['firewalld'],
+    notify  => Service['firewalld'],
+  }
+}
+
 
 # firewall: TODO add support for other OS unlike CentOS7
 case $operatingsystem {
@@ -42,32 +52,29 @@ case $operatingsystem {
         require => Package['firewalld']
       }
 
-      exec { 'iptables-graylog2-001':
-        path => '/bin:/usr/bin:/sbin:/usr/sbin',
-        command => 'firewall-cmd --permanent --zone=public --add-port=80/tcp',
-        require   => Package['firewalld']
+      rh_firewall_add_port { 'iptables-graylog2-001':
+        zone => 'public',
+        port => '80/tcp',
       } ->
-      exec { 'iptables-graylog2-002':
-        path => '/bin:/usr/bin:/sbin:/usr/sbin',
-        command => 'firewall-cmd --permanent --zone=public --add-port=9000/tcp'
+      rh_firewall_add_port { 'iptables-graylog2-002':
+        zone => 'public',
+        port => '9000/tcp',
       } ->
-      exec { 'iptables-graylog2-003':
-        path => '/bin:/usr/bin:/sbin:/usr/sbin',
-        command => 'firewall-cmd --permanent --zone=public --add-port=9300/tcp'
+      rh_firewall_add_port { 'iptables-graylog2-003':
+        zone => 'public',
+        port => '9300/tcp',
       } ->
-      exec { 'iptables-graylog2-004':
-        path => '/bin:/usr/bin:/sbin:/usr/sbin',
-        command => 'firewall-cmd --permanent --zone=public --add-port=12201/tcp'
+      rh_firewall_add_port { 'iptables-graylog2-004':
+        zone => 'public',
+        port => '12201/tcp',
       } ->
-      exec { 'iptables-graylog2-005':
-        path => '/bin:/usr/bin:/sbin:/usr/sbin',
-        command => 'firewall-cmd --permanent --zone=public --add-port=12201/udp'
+      rh_firewall_add_port { 'iptables-graylog2-005':
+        zone => 'public',
+        port => '12201/udp',
       } ->
-      exec { 'iptables-graylog2-006':
-        path => '/bin:/usr/bin:/sbin:/usr/sbin',
-        command => 'firewall-cmd --permanent --zone=public --add-port=12900/tcp',
-        notify    => Service['firewalld']
-
+      rh_firewall_add_port { 'iptables-graylog2-006':
+        zone => 'public',
+        port => '12900/tcp',
       }
     }
   }



More information about the icinga-checkins mailing list