Skip to content

Commit

Permalink
do not use variable name with capitals + comment out empty if (future…
Browse files Browse the repository at this point in the history
… parser compatibility)

Signed-off-by: Pavel Pulec <[email protected]>
  • Loading branch information
Pavel Pulec committed Apr 26, 2017
1 parent e80eff8 commit 108d4b6
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 14 deletions.
12 changes: 6 additions & 6 deletions manifests/server.pp
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
$ips = false, # an optional list of ip's for each in hosts[]
$clients = [] # list of allowed client ip's # TODO: get from exported resources
) {
$FW = '$FW' # make using $FW in shorewall easier
$fw = '$FW' # make using $FW in shorewall easier

include gluster::vardir
include gluster::params
Expand Down Expand Up @@ -145,8 +145,8 @@
}
}

if $shorewall {
# XXX: WIP
# XXX: WIP
#if $shorewall {
#if type3x($ips) == 'array' {
# #$other_host_ips = inline_template("<%= ips.delete_if {|x| x == '${ipaddress}' }.join(',') %>") # list of ips except myself
# $source_ips = inline_template("<%= (ips+clients).uniq.delete_if {|x| x.empty? }.join(',') %>")
Expand All @@ -161,18 +161,18 @@
#$nfs_endport = inline_template('<%= 38465+hosts.count %>')
#shorewall::rule { 'gluster-24000':
# rule => "
# ACCEPT ${src} $FW tcp 24009:${endport}
# ACCEPT ${src} $fw tcp 24009:${endport}
# ",
# comment => 'Allow 24000s for gluster',
# before => Service["${::gluster::params::service_glusterd}"],
#}

#if $nfs { # FIXME: TODO
# shorewall::rule { 'gluster-nfs': rule => "
# ACCEPT $(src} $FW tcp 38465:${nfs_endport}
# ACCEPT $(src} $fw tcp 38465:${nfs_endport}
# ", comment => 'Allow nfs for gluster'}
#}
}
#}

# start service only after the firewall is opened and hosts are defined
service { "${::gluster::params::service_glusterd}":
Expand Down
16 changes: 8 additions & 8 deletions vagrant/puppet/manifests/site.pp
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@

class firewall {

$FW = '$FW' # make using $FW in shorewall easier
$fw = '$FW' # make using $FW in shorewall easier

class { '::shorewall::configuration':
# NOTE: no configuration specifics are needed at the moment
Expand Down Expand Up @@ -186,18 +186,18 @@
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# PORT PORT(S) DEST
shorewall::rule { 'ssh': rule => "
SSH/ACCEPT net $FW
SSH/ACCEPT man $FW
SSH/ACCEPT net $fw
SSH/ACCEPT man $fw
", comment => 'Allow SSH'}

shorewall::rule { 'ping': rule => "
#Ping/DROP net $FW
Ping/ACCEPT net $FW
Ping/ACCEPT man $FW
#Ping/DROP net $fw
Ping/ACCEPT net $fw
Ping/ACCEPT man $fw
", comment => 'Allow ping from the `bad` net zone'}

shorewall::rule { 'icmp': rule => "
ACCEPT $FW net icmp
ACCEPT $FW man icmp
ACCEPT $fw net icmp
ACCEPT $fw man icmp
", comment => 'Allow icmp from the firewall zone'}
}

0 comments on commit 108d4b6

Please sign in to comment.