From 9e4e88ecf154410dc52d4fb849d1b0954e04f5cc Mon Sep 17 00:00:00 2001
From: Spencer Krum <krum.spencer@gmail.com>
Date: Thu, 13 Feb 2014 22:02:34 -0800
Subject: [PATCH] Adding option to disable management of the firewall

Some users will manage the firewall externally from this module.
---
 README.md           |  4 ++++
 manifests/server.pp | 31 +++++++++++++++++++++----------
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 0036ca2..285e2f1 100644
--- a/README.md
+++ b/README.md
@@ -412,6 +412,10 @@ Creates a user for access the database. Defaults to `puppetdb`.
 
 Sets the password for the database user above. Defaults to `puppetdb`.
 
+####`manage_firewall`
+
+Conditionally manages the firewall for the PuppetDB host. Defaults to `true`.
+
 Implementation
 ---------------
 
diff --git a/manifests/server.pp b/manifests/server.pp
index 3af325e..110b1f5 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -27,6 +27,7 @@ class puppetdb::server(
   $puppetdb_service        = $puppetdb::params::puppetdb_service,
   $puppetdb_service_status = $puppetdb::params::puppetdb_service_status,
   $confdir                 = $puppetdb::params::confdir,
+  $manage_firewall         = true,
   $java_args               = {}
 ) inherits puppetdb::params {
 
@@ -70,11 +71,14 @@ class puppetdb::server(
     notify => Service[$puppetdb_service],
   }
 
-  class { 'puppetdb::server::firewall':
-    http_port              => $listen_port,
-    open_http_port         => $open_listen_port,
-    ssl_port               => $ssl_listen_port,
-    open_ssl_port          => $open_ssl_listen_port,
+  if $manage_firewall {
+
+    class { 'puppetdb::server::firewall':
+      http_port              => $listen_port,
+      open_http_port         => $open_listen_port,
+      ssl_port               => $ssl_listen_port,
+      open_ssl_port          => $open_ssl_listen_port,
+    }
   }
 
   class { 'puppetdb::server::database_ini':
@@ -135,9 +139,16 @@ class puppetdb::server(
     enable => $service_enabled,
   }
 
-  Package[$puppetdb_package] ->
-  Class['puppetdb::server::firewall'] ->
-  Class['puppetdb::server::database_ini'] ->
-  Class['puppetdb::server::jetty_ini'] ->
-  Service[$puppetdb_service]
+  if $manage_firewall { 
+    Package[$puppetdb_package] ->
+    Class['puppetdb::server::firewall'] ->
+    Class['puppetdb::server::database_ini'] ->
+    Class['puppetdb::server::jetty_ini'] ->
+    Service[$puppetdb_service]
+  } else {
+    Package[$puppetdb_package] ->
+    Class['puppetdb::server::database_ini'] ->
+    Class['puppetdb::server::jetty_ini'] ->
+    Service[$puppetdb_service]
+  }
 }