[MediaWiki-commits] [Gerrit] base: move base::firewall to manifest - change (operations/puppet)

Wed, 04 Feb 2015 11:22:52 -0800 

John F. Lewis has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/188606

Change subject: base: move base::firewall to manifest
......................................................................

base: move base::firewall to manifest

Change-Id: Ia96a60aea1d51fd264ae2042e5a9109037d900b2
---
A modules/base/manifests/firewall.pp
M modules/base/manifests/init.pp
2 files changed, 34 insertions(+), 36 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/06/188606/1

diff --git a/modules/base/manifests/firewall.pp 
b/modules/base/manifests/firewall.pp
new file mode 100644
index 0000000..561a061
--- /dev/null
+++ b/modules/base/manifests/firewall.pp
@@ -0,0 +1,34 @@
+# Don't include this sub class on all hosts yet
+# NOTE: Policy is DROP by default
+class base::firewall($ensure = 'present') {
+    include network::constants
+    include ferm
+
+    $defscontent = $::realm ? {
+        'labs'  => template('base/firewall/defs.erb', 
'base/firewall/defs.labs.erb'),
+        default => template('base/firewall/defs.erb'),
+    }
+    ferm::conf { 'defs':
+        # defs can always be present.
+        # They don't actually do firewalling.
+        ensure  => 'present',
+        prio    => '00',
+        content => $defscontent,
+    }
+
+    ferm::conf { 'main':
+        ensure => $ensure,
+        prio   => '00',
+        source => 
'puppet:///modules/base/firewall/main-input-default-drop.conf',
+    }
+
+    ferm::rule { 'bastion-ssh':
+        ensure => $ensure,
+        rule   => 'proto tcp dport ssh saddr $BASTION_HOSTS ACCEPT;',
+    }
+
+    ferm::rule { 'monitoring-all':
+        ensure => $ensure,
+        rule   => 'saddr $MONITORING_HOSTS ACCEPT;',
+    }
+}
\ No newline at end of file
diff --git a/modules/base/manifests/init.pp b/modules/base/manifests/init.pp
index 1da77fc..f2c8ac4 100644
--- a/modules/base/manifests/init.pp
+++ b/modules/base/manifests/init.pp
@@ -42,42 +42,6 @@
     }
 }
 
-
-# Don't include this sub class on all hosts yet
-# NOTE: Policy is DROP by default
-class base::firewall($ensure = 'present') {
-    include network::constants
-    include ferm
-
-    $defscontent = $::realm ? {
-        'labs'  => template('base/firewall/defs.erb', 
'base/firewall/defs.labs.erb'),
-        default => template('base/firewall/defs.erb'),
-    }
-    ferm::conf { 'defs':
-        # defs can always be present.
-        # They don't actually do firewalling.
-        ensure  => 'present',
-        prio    => '00',
-        content => $defscontent,
-    }
-
-    ferm::conf { 'main':
-        ensure => $ensure,
-        prio   => '00',
-        source => 
'puppet:///modules/base/firewall/main-input-default-drop.conf',
-    }
-
-    ferm::rule { 'bastion-ssh':
-        ensure => $ensure,
-        rule   => 'proto tcp dport ssh saddr $BASTION_HOSTS ACCEPT;',
-    }
-
-    ferm::rule { 'monitoring-all':
-        ensure => $ensure,
-        rule   => 'saddr $MONITORING_HOSTS ACCEPT;',
-    }
-}
-
 class base {
     include apt
 

-- 
To view, visit https://gerrit.wikimedia.org/r/188606
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia96a60aea1d51fd264ae2042e5a9109037d900b2
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: John F. Lewis <johnflewi...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to