unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add enable/disable flag to firewall::init

Browse Source
This commit is contained in:
Ben Vincent 2024-11-16 11:49:56 +11:00
parent b9465cd78b
commit 90ce015d43
2 changed files with 21 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hieradata/common.yaml
View File

@ -351,6 +351,7 @@ profiles::ceph::client::mons:
# - prodinf01n22 # - prodinf01n22
# - repos.main.unkin.net # - repos.main.unkin.net
firewall::enable: true
firewall::ipset_queries: firewall::ipset_queries:
certbot: "enc_role=roles::infra::pki::certbot" certbot: "enc_role=roles::infra::pki::certbot"
cobbler: "enc_role=roles::infra::cobbler::server" cobbler: "enc_role=roles::infra::cobbler::server"

3
modules/firewall/manifests/init.pp
View File

@ -1,8 +1,10 @@
# manage the firewall # manage the firewall
class firewall ( class firewall (
Boolean $enable = false,
Hash $ipset_queries = {}, Hash $ipset_queries = {},
){ ){
if $enable {
$ipset_queries.each |$ipset, $query| { $ipset_queries.each |$ipset, $query| {
$ips = sort(query_nodes($query, 'networking.ip')) $ips = sort(query_nodes($query, 'networking.ip'))
@ -24,3 +26,4 @@ class firewall (
out_all => false, out_all => false,
} }
} }
}