1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
# File 'manifests/install.pp', line 1
class ipset::install {
include ipset::params
$cfg = $::ipset::params::config_path
# main package
package { $::ipset::params::package:
ensure => installed,
alias => 'ipset',
}
# directory with config profiles (*.set & *.hdr files)
file { $cfg:
ensure => directory,
}
# helper scripts
ipset::install::helper_script { ['ipset_sync', 'ipset_init']: }
# autostart
if $::osfamily == 'RedHat' {
if $::operatingsystemmajrelease == '6' {
# do not use original RC start script from the ipset package
# it is hard to define dependencies there
# also, it can collide with what we define through puppet
#
# using exec instead of Service, because of bug:
# https://tickets.puppetlabs.com/browse/PUP-6516
exec { 'ipset_disable_distro':
command => "/bin/bash -c '/etc/init.d/ipset stop && /sbin/chkconfig ipset off'",
unless => "/bin/bash -c '/sbin/chkconfig | /bin/grep ipset | /bin/grep -qv :on'",
}
->
# upstart starter
file { '/etc/init/ipset.conf':
owner => 'root',
group => 'root',
mode => '0644',
content => template("${module_name}/init.upstart.erb"),
}
~>
# upstart service autostart
service { 'ipset_enable_upstart':
name => 'ipset',
enable => true,
provider => 'upstart',
}
# dependency is covered by running ipset before RC scripts suite, where firewall service is
} elsif $::operatingsystemmajrelease == '7' {
# for management of dependencies
$firewall_service = $::ipset::params::firewall_service
# systemd service definition, there is no script in COS7
file { '/usr/lib/systemd/system/ipset.service':
owner => 'root',
group => 'root',
mode => '0644',
content => template("${module_name}/init.systemd.erb"),
}
~>
# systemd service autostart
service { 'ipset':
ensure => 'running',
enable => true,
}
} else {
warning('Autostart of ipset not implemented for this RedHat release.')
}
} else {
warning('Autostart of ipset not implemented for this OS.')
}
}
|