module-puppetdb/manifests/server/firewall.pp

class puppetdb::server::firewall(
    $port                   = '',
    $http_port              = $puppetdb::params::listen_port,             
    $open_http_port         = $puppetdb::params::open_listen_port,
    $ssl_port               = $puppetdb::params::ssl_listen_port,
    $open_ssl_port          = $puppetdb::params::open_ssl_listen_port,
    $manage_redhat_firewall = $puppetdb::params::manage_redhat_firewall,
) inherits puppetdb::params {
  # TODO: figure out a way to make this not platform-specific; debian and ubuntu
  # have an out-of-the-box firewall configuration that seems trickier to manage.
  # TODO: the firewall module should be able to handle this itself
  if ($puppetdb::params::firewall_supported) {

    if ($manage_redhat_firewall) {
      notify {'Deprecation notice: `$manage_redhat_firewall` is deprecated in the `puppetdb::service::firewall` class and will be removed in a future version. Use `open_http_port` and `open_ssl_port` instead.':}

      if ($open_ssl_port) {
        fail('`$manage_redhat_firewall` and `$open_ssl_port` cannot both be specified.')
      }
    }

    exec { 'puppetdb-persist-firewall':
      command     => $puppetdb::params::persist_firewall_command,
      refreshonly => true,
    }

    Firewall {
      notify => Exec['puppetdb-persist-firewall']
    }
    
    if ($port) {
      notify { 'Deprecation notice: `port` parameter will be removed in future versions of the puppetdb module. Please use ssl_port instead.': }
    }

    if ($port and $ssl_port) {
      fail('`port` and `ssl_port` cannot both be defined. `port` is deprecated in favor of `ssl_port`')
    }
    
    if ($open_http_port) {
      firewall { "${http_port} accept - puppetdb":
        port   => $http_port,
        proto  => 'tcp',
        action => 'accept',
      }
    } 

    if ($open_ssl_port or $manage_redhat_firewall) {
      if ($ssl_port) {
        $final_ssl_port = $ssl_port
      } else {
        $final_ssl_port = $port
      }
      firewall { "${final_ssl_port} accept - puppetdb":
        port   => $final_ssl_port,
        proto  => 'tcp',
        action => 'accept',
      }
    }
  }
}
Add support for opening puppetdb port in firewall 2012-09-18 02:06:48 +02:00			`class puppetdb::server::firewall(`
17594 - PuppetDB - Add ability to set standard host listen address and open firewall to standard port Prior to this commit the module did not provide a way to set a bind address for the HTTP port. This commit allows users to not only bind to an address and port other than localhost and 8080, but it also opens the firewall if explicitly requested. 2012-11-13 21:38:38 +01:00			`$port = '',`
			`$http_port = $puppetdb::params::listen_port,`
			`$open_http_port = $puppetdb::params::open_listen_port,`
			`$ssl_port = $puppetdb::params::ssl_listen_port,`
			`$open_ssl_port = $puppetdb::params::open_ssl_listen_port,`
Add support for opening puppetdb port in firewall 2012-09-18 02:06:48 +02:00			`$manage_redhat_firewall = $puppetdb::params::manage_redhat_firewall,`
			`) inherits puppetdb::params {`
			`# TODO: figure out a way to make this not platform-specific; debian and ubuntu`
			`# have an out-of-the-box firewall configuration that seems trickier to manage.`
			`# TODO: the firewall module should be able to handle this itself`
17594 - PuppetDB - Add ability to set standard host listen address and open firewall to standard port Prior to this commit the module did not provide a way to set a bind address for the HTTP port. This commit allows users to not only bind to an address and port other than localhost and 8080, but it also opens the firewall if explicitly requested. 2012-11-13 21:38:38 +01:00			`if ($puppetdb::params::firewall_supported) {`

			`if ($manage_redhat_firewall) {`
			notify {'Deprecation notice: `$manage_redhat_firewall` is deprecated in the `puppetdb::service::firewall` class and will be removed in a future version. Use `open_http_port` and `open_ssl_port` instead.':}

			`if ($open_ssl_port) {`
			fail('`$manage_redhat_firewall` and `$open_ssl_port` cannot both be specified.')
			`}`
			`}`
Add support for opening puppetdb port in firewall 2012-09-18 02:06:48 +02:00
Pass 'manage_redhat_firewall' param through to postgres Prior to this commit, if you allowed the puppetdb module to manage postgres for you, it would always try to manage the firewall for the postgres port on redhat systems. This commit exposes that as a parameter in a few more spots, and passes it through to the postgres module. 2012-09-21 19:17:42 +02:00			`exec { 'puppetdb-persist-firewall':`
complies with style guide 2012-09-20 23:46:26 +02:00			`command => $puppetdb::params::persist_firewall_command,`
			`refreshonly => true,`
			`}`
Add support for opening puppetdb port in firewall 2012-09-18 02:06:48 +02:00
complies with style guide 2012-09-20 23:46:26 +02:00			`Firewall {`
Pass 'manage_redhat_firewall' param through to postgres Prior to this commit, if you allowed the puppetdb module to manage postgres for you, it would always try to manage the firewall for the postgres port on redhat systems. This commit exposes that as a parameter in a few more spots, and passes it through to the postgres module. 2012-09-21 19:17:42 +02:00			`notify => Exec['puppetdb-persist-firewall']`
complies with style guide 2012-09-20 23:46:26 +02:00			`}`
17594 - PuppetDB - Add ability to set standard host listen address and open firewall to standard port Prior to this commit the module did not provide a way to set a bind address for the HTTP port. This commit allows users to not only bind to an address and port other than localhost and 8080, but it also opens the firewall if explicitly requested. 2012-11-13 21:38:38 +01:00
			`if ($port) {`
			notify { 'Deprecation notice: `port` parameter will be removed in future versions of the puppetdb module. Please use ssl_port instead.': }
			`}`

			`if ($port and $ssl_port) {`
			fail('`port` and `ssl_port` cannot both be defined. `port` is deprecated in favor of `ssl_port`')
			`}`

			`if ($open_http_port) {`
			`firewall { "${http_port} accept - puppetdb":`
			`port => $http_port,`
			`proto => 'tcp',`
			`action => 'accept',`
			`}`
			`}`
complies with style guide 2012-09-20 23:46:26 +02:00
17594 - PuppetDB - Add ability to set standard host listen address and open firewall to standard port Prior to this commit the module did not provide a way to set a bind address for the HTTP port. This commit allows users to not only bind to an address and port other than localhost and 8080, but it also opens the firewall if explicitly requested. 2012-11-13 21:38:38 +01:00			`if ($open_ssl_port or $manage_redhat_firewall) {`
17594 - Fixes suggested by cprice-puppet 2012-11-29 14:46:05 +01:00			`if ($ssl_port) {`
			`$final_ssl_port = $ssl_port`
			`} else {`
			`$final_ssl_port = $port`
			`}`
			`firewall { "${final_ssl_port} accept - puppetdb":`
			`port => $final_ssl_port,`
17594 - PuppetDB - Add ability to set standard host listen address and open firewall to standard port Prior to this commit the module did not provide a way to set a bind address for the HTTP port. This commit allows users to not only bind to an address and port other than localhost and 8080, but it also opens the firewall if explicitly requested. 2012-11-13 21:38:38 +01:00			`proto => 'tcp',`
			`action => 'accept',`
			`}`
complies with style guide 2012-09-20 23:46:26 +02:00			`}`
Add support for opening puppetdb port in firewall 2012-09-18 02:06:48 +02:00			`}`
			`}`