module-puppetdb/manifests/server/firewall.pp

class puppetdb::server::firewall(
    $port                   = $puppetdb::params::ssl_listen_port,
    $manage_redhat_firewall = $puppetdb::params::manage_redhat_firewall,
) inherits puppetdb::params {
  # TODO: figure out a way to make this not platform-specific; debian and ubuntu
  # have an out-of-the-box firewall configuration that seems trickier to manage.
  # TODO: the firewall module should be able to handle this itself
  if ($manage_redhat_firewall and $puppetdb::params::firewall_supported) {

    exec { 'puppetdb-persist-firewall':
      command     => $puppetdb::params::persist_firewall_command,
      refreshonly => true,
    }

    Firewall {
      notify => Exec['puppetdb-persist-firewall']
    }

    firewall { "${port} accept - puppetdb":
      port   => $port,
      proto  => 'tcp',
      action => 'accept',
    }
  }
}
Add support for opening puppetdb port in firewall 2012-09-18 02:06:48 +02:00			`class puppetdb::server::firewall(`
			`$port = $puppetdb::params::ssl_listen_port,`
			`$manage_redhat_firewall = $puppetdb::params::manage_redhat_firewall,`
			`) inherits puppetdb::params {`
			`# TODO: figure out a way to make this not platform-specific; debian and ubuntu`
			`# have an out-of-the-box firewall configuration that seems trickier to manage.`
			`# TODO: the firewall module should be able to handle this itself`
complies with style guide 2012-09-20 23:46:26 +02:00			`if ($manage_redhat_firewall and $puppetdb::params::firewall_supported) {`
Add support for opening puppetdb port in firewall 2012-09-18 02:06:48 +02:00
Pass 'manage_redhat_firewall' param through to postgres Prior to this commit, if you allowed the puppetdb module to manage postgres for you, it would always try to manage the firewall for the postgres port on redhat systems. This commit exposes that as a parameter in a few more spots, and passes it through to the postgres module. 2012-09-21 19:17:42 +02:00			`exec { 'puppetdb-persist-firewall':`
complies with style guide 2012-09-20 23:46:26 +02:00			`command => $puppetdb::params::persist_firewall_command,`
			`refreshonly => true,`
			`}`
Add support for opening puppetdb port in firewall 2012-09-18 02:06:48 +02:00
complies with style guide 2012-09-20 23:46:26 +02:00			`Firewall {`
Pass 'manage_redhat_firewall' param through to postgres Prior to this commit, if you allowed the puppetdb module to manage postgres for you, it would always try to manage the firewall for the postgres port on redhat systems. This commit exposes that as a parameter in a few more spots, and passes it through to the postgres module. 2012-09-21 19:17:42 +02:00			`notify => Exec['puppetdb-persist-firewall']`
complies with style guide 2012-09-20 23:46:26 +02:00			`}`

			`firewall { "${port} accept - puppetdb":`
			`port => $port,`
			`proto => 'tcp',`
			`action => 'accept',`
			`}`
Add support for opening puppetdb port in firewall 2012-09-18 02:06:48 +02:00			`}`
			`}`