confdroid/puppet_cd
3
0
Fork 0
Code Wiki Activity

fix firewall

Browse Source
This commit is contained in:
Arne Teuke
2025-02-26 17:05:18 +01:00
parent 6750222c93
commit 55bcbb6e1c
4 changed files with 57 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
manifests/firewall/iptables.pp
View File

@@ -18,4 +18,27 @@ class puppet_cd::firewall::iptables (
jump => 'accept', jump => 'accept',
} }
} }
if $fqdn == $pt_db_fqdn {
if $pt_use_ssl_only != true {
firewall { "3${pt_no_ssl_port} open port ${pt_no_ssl_port}":
proto => 'tcp',
dport => $pt_no_ssl_port,
jump => 'accept',
}
firewall { "3${pt_ssl_port} open port ${pt_ssl_port}":
proto => 'tcp',
dport => $pt_ssl_port,
jump => 'accept',
}
}
if $pt_use_ssl_only == true {
firewall { "3${pt_ssl_port} open port ${pt_ssl_port}":
proto => 'tcp',
dport => $pt_ssl_port,
jump => 'accept',
}
}
}
} }

4
manifests/main/files.pp
View File

@@ -5,8 +5,6 @@
############################################################################### ###############################################################################
class puppet_cd::main::files ( class puppet_cd::main::files (
) inherits puppet_cd::params { ) inherits puppet_cd::params {
require puppet_cd::main::dirs require puppet_cd::main::dirs
} }

11
manifests/params.pp
View File

@@ -11,6 +11,9 @@
# @param [string] pt_agent_pkg the packages for agents to install # @param [string] pt_agent_pkg the packages for agents to install
# @param [string] pt_server_pkg the server packages to install # @param [string] pt_server_pkg the server packages to install
# @param [array] pt_db_pkg the packages for puppetdb # @param [array] pt_db_pkg the packages for puppetdb
# @param [string] pt_no_ssl_port non-ssl port number for puppetdb
# @param [string] pt_ssl_port ssl port for puppetdb
# @param [boolean] pt_use_ssl_only whether to use ssl only.
############################################################################### ###############################################################################
class puppet_cd::params ( class puppet_cd::params (
@@ -25,11 +28,17 @@ class puppet_cd::params (
String $pt_server_pkg = 'puppetserver', String $pt_server_pkg = 'puppetserver',
Array $pt_db_pkg = ['puppetdb','puppetdb-termini'], Array $pt_db_pkg = ['puppetdb','puppetdb-termini'],
String $pt_no_ssl_port = '8080',
String $pt_ssl_port = '8081',
Boolean $pt_use_ssl_only = true,
) { ) {
$fqdn = $facts['networking']['fqdn'] $fqdn = $facts['networking']['fqdn']
# service # service
$pt_service = 'puppetserver' $pt_server_service = 'puppetserver'
$pt_agent_service = 'puppet'
$pt_db_service = 'puppetdb'
# #
# includes must be last # includes must be last

28
manifests/server/service.pp
View File

@@ -6,15 +6,33 @@
class puppet_cd::server::service ( class puppet_cd::server::service (
) inherits puppet_cd::params { ) inherits puppet_cd::params {
require puppet_cd::main::files
# manage agent service on all nodes
service { $pt_agent_service:
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
}
# manage puppet server service
if $fqdn == $pt_pm_fqdn { if $fqdn == $pt_pm_fqdn {
# manager requirement
require puppet_cd::firewall::iptables require puppet_cd::firewall::iptables
require puppet_cd::main::files
# manage puppet server service service { $pt_server_service:
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
}
}
service { $pt_service: # manage puppetdb service
if $fqdn == $pt_db_fqdn {
require puppet_cd::firewall::iptables
service { $pt_db_service:
ensure => running, ensure => running,
hasstatus => true, hasstatus => true,
hasrestart => true, hasrestart => true,