Puppet Class: ibm_profile::iib_machine::firewall

Inherits:
ibm_profile
Defined in:
manifests/iib_machine/firewall.pp

Summary

This class is the default implementation for setting the firewall rules for your IIB sever.

Overview

--

ibm_profile::iib_machine::firewall

Using hiera, you can customize some of the aspects of this process.

When these customizations aren’t enough, you can replace the class with your own class. See [ibm_profile::iib_machine](./iib_machine.html) for an explanation on how to do this.

–++–

Parameters:

  • ports (Array[Integer])

    The ports to open in the firewall.

  • manage_service (Boolean)

    Specifies if you want to manege the ‘firewalld` or `iptables` service.



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'manifests/iib_machine/firewall.pp', line 17

class ibm_profile::iib_machine::firewall(
  Array[Integer]  $ports,
  Boolean         $manage_service,
) inherits ibm_profile {

  echo {"Firewall ports for IIB: ensuring tcp port(s) ${ports.join(',')} are open.":
    withpath => false,
  }

  case  $::operatingsystem {
    'RedHat', 'CentOS', 'OracleLinux': {
      case ($::os['release']['major']) {
        '4','5','6': {
          class {'::ibm_profile::iib_machine::firewall::iptables':
            ports          => $ports,
            manage_service => $manage_service,
          }
          contain ::ibm_profile::iib_machine::firewall::iptables
        }
        '7','8': {
          class {'::ibm_profile::iib_machine::firewall::firewalld':
            ports          => $ports,
            manage_service => $manage_service,
          }
          contain ::ibm_profile::iib_machine::firewall::firewalld
        }
        default: { fail 'unsupported OS version when checking firewall service'}
      }
    }
    'Solaris', 'AIX':{
      warning 'No firewall rules added on Solaris.'
    }
    default: {
        fail "${::operatingsystem} is not supported."
    }
  }
}