Bruno Binet
6 år sedan
3 ändrade filer med 11 tillägg och 5 borttagningar
+ 5
- 1
iptables/map.jinja
Visa fil
| {% set service = salt['grains.filter_by']({ | {% set service = salt['grains.filter_by']({ | ||||
| 'Debian': { | 'Debian': { | ||||
| 'pkgs': ['iptables','netfilter-persistent' ], | |||||
| 'pkgs': ['iptables','netfilter-persistent'], | |||||
| 'service': 'netfilter-persistent', | 'service': 'netfilter-persistent', | ||||
| 'providers': ['iptables-restore'], | |||||
| }, | }, | ||||
| 'RedHat': { | 'RedHat': { | ||||
| 'pkgs': ['iptables'], | 'pkgs': ['iptables'], | ||||
| 'service': 'iptables', | 'service': 'iptables', | ||||
| 'providers': [], | |||||
| }, | }, | ||||
| }, merge=salt['grains.filter_by']({ | }, merge=salt['grains.filter_by']({ | ||||
| 'trusty': { | 'trusty': { | ||||
| 'pkgs': ['iptables','iptables-persistent'], | |||||
| 'service': 'iptables-persistent', | 'service': 'iptables-persistent', | ||||
| 'providers': [], | |||||
| }, | }, | ||||
| }, grain='oscodename', merge=salt['pillar.get']('iptables:service'))) %} | }, grain='oscodename', merge=salt['pillar.get']('iptables:service'))) %} |
+ 5
- 3
iptables/rules.sls
Visa fil
| {% from "iptables/map.jinja" import service with context %} | {% from "iptables/map.jinja" import service with context %} | ||||
| {%- if grains.get('virtual_subtype', None) not in ['Docker', 'LXC'] %} | {%- if grains.get('virtual_subtype', None) not in ['Docker', 'LXC'] %} | ||||
| {%- if grains.os_family == 'Debian' and service.get('provider') == "iptables-restore" %} | |||||
| {%- if 'iptables-restore' in service.providers and service.get('provider') == "iptables-restore" %} | |||||
| {%- set meta_rules = [] %} | {%- set meta_rules = [] %} | ||||
| {%- for service_name, service in pillar.items() %} | |||||
| {%- if service.get('_support', {}).get('iptables', {}).get('enabled', False) %} | |||||
| {%- for service_name, meta_service in pillar.items() %} | |||||
| {%- if meta_service is mapping %} | |||||
| {%- if meta_service.get('_support', {}).get('iptables', {}).get('enabled', False) %} | |||||
| {%- set grains_fragment_file = service_name+'/meta/iptables.yml' %} | {%- set grains_fragment_file = service_name+'/meta/iptables.yml' %} | ||||
| {%- macro load_grains_file() %}{% include grains_fragment_file %}{% endmacro %} | {%- macro load_grains_file() %}{% include grains_fragment_file %}{% endmacro %} | ||||
| {%- set grains_yaml = load_grains_file()|load_yaml %} | {%- set grains_yaml = load_grains_file()|load_yaml %} | ||||
| {%- set meta_rules = meta_rules + grains_yaml.iptables.rules %} | {%- set meta_rules = meta_rules + grains_yaml.iptables.rules %} | ||||
| {%- endif %} | |||||
| {%- endif %} | {%- endif %} | ||||
| {%- endfor %} | {%- endfor %} | ||||
| /etc/iptables/rules.v4.tmp: | /etc/iptables/rules.v4.tmp: |
+ 1
- 1
iptables/service.sls
Visa fil
| pkg.installed: | pkg.installed: | ||||
| - names: {{ service.pkgs }} | - names: {{ service.pkgs }} | ||||
| {%- if grains.os_family == 'Debian' %} | |||||
| {%- if 'iptables-restore' in service.providers %} | |||||
| /usr/share/netfilter-persistent/plugins.d/15-ip4tables: | /usr/share/netfilter-persistent/plugins.d/15-ip4tables: | ||||
| file.managed: | file.managed: | ||||
| - source: salt://iptables/files/ip4tables | - source: salt://iptables/files/ip4tables |
Laddar…