f21740b699
Prior to this commit, if you allowed the puppetdb module to manage postgres for you, it would always try to manage the firewall for the postgres port on redhat systems. This commit exposes that as a parameter in a few more spots, and passes it through to the postgres module.
25 lines
848 B
Puppet
25 lines
848 B
Puppet
class puppetdb::server::firewall(
|
|
$port = $puppetdb::params::ssl_listen_port,
|
|
$manage_redhat_firewall = $puppetdb::params::manage_redhat_firewall,
|
|
) inherits puppetdb::params {
|
|
# TODO: figure out a way to make this not platform-specific; debian and ubuntu
|
|
# have an out-of-the-box firewall configuration that seems trickier to manage.
|
|
# TODO: the firewall module should be able to handle this itself
|
|
if ($manage_redhat_firewall and $puppetdb::params::firewall_supported) {
|
|
|
|
exec { 'puppetdb-persist-firewall':
|
|
command => $puppetdb::params::persist_firewall_command,
|
|
refreshonly => true,
|
|
}
|
|
|
|
Firewall {
|
|
notify => Exec['puppetdb-persist-firewall']
|
|
}
|
|
|
|
firewall { "${port} accept - puppetdb":
|
|
port => $port,
|
|
proto => 'tcp',
|
|
action => 'accept',
|
|
}
|
|
}
|
|
}
|