add fw and dirs control - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/260

2025-10-18 12:30:47 +02:00
parent 42befb46c3
commit c2eca38b93
5 changed files with 80 additions and 1 deletions
--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -0,0 +1,16 @@
+# prometheus_cd::firewall::iptables.pp
+# Module name: prometheus_cd
+# Author: Arne Teuke (arne_teuke@confdroid.com)
+# @summary Class manages the firewall rules for the prometheus_cd module.
+##############################################################################
+class prometheus_cd::firewall::iptables (
+) inherits prometheus_cd::params {
+  if  ($ps_prom_host == $fqdn) and ($ps_manage_fw == true) {
+    # main port
+    firewall { "${ps_fw_prefix}${$ps_main_port} main port":
+      proto => 'tcp',
+      dport => $ps_main_port,
+      jump  => 'accept',
+    }
+  }
+}
--- a/manifests/main/dirs.pp
+++ b/manifests/main/dirs.pp
@@ -6,4 +6,16 @@
 class prometheus_cd::main::dirs (
 ) inherits prometheus_cd::params {
  require prometheus_cd::main::install
+  if $ps_prom_host == fqdn {
+    file { $ps_main_dir:
+      ensure   => directory,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0755',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => etc_t,
+      seluser  => system_u,
+    }
+  }
 }
--- a/manifests/main/service.pp
+++ b/manifests/main/service.pp
@@ -6,7 +6,8 @@
 class prometheus_cd::main::service (
 ) inherits prometheus_cd::params {
  require prometheus_cd::main::files
-  if $manage_prometheus == true {
+  require prometheus_cd::firewall::iptables
+  if  ($ps_prom_host == $fqdn) and ($manage_prometheus == true) {
    service { 'prometheus':
      ensure     => running,
      hasstatus  => true,
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -7,14 +7,27 @@
 # @param [String] pkg_ensure which version of the package to install
 # @param [boolean] manage_prometheus whether to manage prometheus
 # @param [boolean] manage_node_exporter whether to manage node exporter
+# @param [boolean] ps_manage_fw whether to manage the firewall
+# @param [String] ps_prom_host the fqdn of the prometheus server
+# @param [String] ps_fw_prefix the firewall rule prefix
+# @param [String] ps_main_port the firewall main port for prometheus
 ##############################################################################
 class prometheus_cd::params (

+  # installation
  String $reqpackage_prom       = 'prometheus2',
  String $reqpackage_ne         = 'node_exporter',
  String $pkg_ensure            = 'present',
+
+  # config logic
  Boolean $manage_prometheus    = false,
  Boolean $manage_node_exporter = false,
+  Boolean $ps_manage_fw         = false,
+  String $ps_prom_host          = 'prometheus.example.net',
+
+  # firewall
+  String $ps_fw_prefix          = '50',
+  String $ps_main_port          = '9090',

 ) {
  # defaults
@@ -23,6 +36,9 @@ class prometheus_cd::params (
  $os_name                = $facts['os']['name']
  $os_release             = $facts['os']['release']['major']

+  # dirs
+  $ps_main_dir            = '/etc/prometheus'
+
  # includes must be last
  include prometheus_cd::main::config
 }