provizioning 0.1.2 → 0.4.0

data/puppet/modules/drupal/manifests/monitor.pp

@@ -0,0 +1,77 @@
+# Class: drupal::monitor
+#
+# Monitors drupal process/ports/service using Example42 monitor meta module (to be adapted to custom monitor solutions)
+# It's automatically included and used if $monitor=yes and is defined at least one monitoring software in $monitor_tool
+# This class permits to abstract what you want to monitor from the actual tool and modules you'll use for monitoring
+# and can be used to quickly deploy a new monitoring solution that instantly notifies what's working and what's needs
+# to be fixed (call it Test Driven Puppet Deployment, if you like ;-)
+#
+# Variables:
+# The behaviour of this class has some defaults that can be overriden by user's variables:
+# $drupal_monitor_port (true|false) : Set if you want to monitor drupal's port(s). If any. Default: As defined in $monitor_port
+# $drupal_monitor_url (true|false) : Set if you want to monitor drupal's url(s). If any. Default: As defined in $monitor_url
+# $drupal_monitor_process (true|false) : Set if you want to monitor drupal's process. If any. Default: As defined in $monitor_process
+# $drupal_monitor_plugin (true|false) : Set if you want to monitor drupal using specific monitor tool's plugin  i   s. If any. Default: As defined in $monitor_plugin
+# $drupal_monitor_target : Define how to reach (Ip, fqdn...) the host to monitor drupal from an external server. Default: As defined in $monitor_target
+# $drupal_monitor_url : Define the baseurl (http://$fqdn/...) to use for eventual drupal URL checks. Default: As defined in $monitor_url
+# 
+# You can therefore set site wide variables that can be overriden by the above module specific ones:
+# $monitor_port (true|false) : Set if you want to enable port monitoring site-wide.
+# $monitor_url (true|false) : Set if you want to enable url checking site-wide.
+# $monitor_process (true|false) : Set if you want to enable process monitoring site-wide.
+# $monitor_plugin (true|false) : Set if you want to try to use specific plugins of your monitoring tools 
+# $monitor_target : Set the ip/hostname you want to use on an external monitoring server to monitor this host
+# $monitor_baseurl : Set baseurl to use for eventual URL checks of services provided by this host
+# For the defaults of the above variables check drupal::params
+#
+# Usage:
+# Automatically included if $monitor=yes
+# Use the variable $monitor_tool (can be an array) to define the monitoring software you want to use.
+# To customize specific and more granular behaviours use the above variables and eventually your custom modulename::monitor::$my_project class
+#
+class drupal::monitor {
+
+    include drupal::params
+
+    # Port monitoring
+    monitor::port { "drupal_${drupal::params::protocol}_${drupal::params::port}": 
+        protocol => "${drupal::params::protocol}",
+        port     => "${drupal::params::port}",
+        target   => "${drupal::params::monitor_target_real}",
+        enable   => "${drupal::params::monitor_port_enable}",
+        tool     => "${monitor_tool}",
+    }
+    
+    # URL monitoring 
+    monitor::url { "drupal_url":
+        url      => "${drupal::params::monitor_baseurl_real}/index.php",
+        pattern  => "${drupal::params::monitor_url_pattern}",
+        enable   => "${drupal::params::monitor_url_enable}",
+        tool     => "${monitor_tool}",
+    }
+
+    # Process monitoring 
+    monitor::process { "drupal_process":
+        process  => "${drupal::params::processname}",
+        service  => "${drupal::params::servicename}",
+        pidfile  => "${drupal::params::pidfile}",
+        enable   => "${drupal::params::monitor_process_enable}",
+        tool     => "${monitor_tool}",
+    }
+
+    # Use a specific plugin (according to the monitor tool used)
+    monitor::plugin { "drupal_plugin":
+        plugin   => "drupal",
+        enable   => "${drupal::params::monitor_plugin_enable}",
+        tool     => "${monitor_tool}",
+    }
+
+    # Include project specific monitor class if $my_project is set
+    if $my_project { 
+        case $my_project_onmodule {
+            yes,true: { include "${my_project}::drupal::monitor" }
+            default: { include "drupal::${my_project}::monitor" }
+        }
+    }
+
+}

data/puppet/modules/drupal/manifests/package.pp

@@ -0,0 +1,20 @@
+#
+# Class: drupal::package
+#
+# Installs Drupal using the OS official package
+#
+# Usage:
+# AUtoinclude if use_package=yes
+#
+class drupal::package {
+
+    # Load the variables used in this module. Check the params.pp file 
+    require drupal::params
+
+    # Basic Package - Service - Configuration file management
+    package { "drupal":
+        name   => "${drupal::params::packagename}",
+        ensure => present,
+    }
+
+}

data/puppet/modules/drupal/manifests/params.pp

@@ -0,0 +1,277 @@
+# Class: drupal::params
+#
+# Sets internal variables and defaults for drupal module
+# This class is loaded in all the classes that use the values set here 
+#
+class drupal::params  {
+
+## DEFAULTS FOR VARIABLES USERS CAN SET
+# (Here are set the defaults, provide your custom variables externally)
+# (The default used is in the line with '')
+
+## Download URL for Drupal's Drush
+    $use_package  = $drupal_use_package ? {
+        true   => "yes",
+        "true" => "yes",
+        "yes"   => "yes",
+        default => "no",
+    }
+
+    $version  = $drupal_version ? {
+        '5'     => "5",
+        '6'     => "6",
+        '7'     => "7",
+        default => "7",
+    }
+
+    $drush_url  = $drupal_drush_url ? {
+        ''      => "http://ftp.drupal.org/files/projects/drush-7.x-4.0.tar.gz",
+        default => "${drupal_drush_url}",
+    }
+
+    $basedir = $use_package ? {
+        yes  => $operatingsystem ? {
+            debian  => "/usr/share/drupal6",
+            ubuntu  => "/usr/share/drupal6",
+            redhat  => "/usr/share/drupal",
+            centos  => "/usr/share/drupal",
+        },
+        no   =>  $drupal_basedir ? {
+            ''      => "/var/www/drupal",
+            default => "${drupal_basedir}",
+        },
+    }
+
+    # The directory where sites dir is placed.
+    # (Some packages place it outside the basedir)
+    $sitesdir = $use_package ? {
+        yes  => $operatingsystem ? {
+            debian  => "/etc/drupal/6/sites",
+            ubuntu  => "/etc/drupal/6/sites",
+            redhat  => "/etc/drupal",
+            centos  => "/etc/drupal",
+        },
+        no   =>  $drupal_sitesdir ? {
+            ''      => "$basedir/sites",
+            default => "${drupal_sitesdir}",
+        },
+    }
+
+    $extra  = $drupal_extra ? {
+        true   => "yes",
+        "true" => "yes",
+        "yes"   => "yes",
+        default => "no",
+    }
+
+
+## EXTRA MODULE INTERNAL VARIABLES
+#(add here module specific internal variables)
+
+    $drush_path = "$sitesdir/all/modules/drush/drush"
+
+## MODULE INTERNAL VARIABLES
+# (Modify to adapt to unsupported OSes)
+
+    $packagename = $operatingsystem ? {
+        solaris => "CSWdrupal",
+        debian  => "drupal",
+        ubuntu  => "drupal",
+        default => "drupal",
+    }
+
+    $configfile = $operatingsystem ? {
+        freebsd => "/usr/local/etc/drupal/drupal.conf",
+        default => "/etc/drupal/drupal.conf",
+    }
+
+    $configfile_mode = $operatingsystem ? {
+        default => "644",
+    }
+
+    $configfile_owner = $operatingsystem ? {
+        default => "root",
+    }
+
+    $configfile_group = $operatingsystem ? {
+        default => "root",
+    }
+
+    $configdir = $operatingsystem ? {
+        default => "/etc/drupal",
+    }
+
+    # Used by backup class
+    $datadir = $operatingsystem ? {
+        default => "/var/www/drupal",
+    }
+
+    # Used by backup class - Provide the file name, if there's no dedicated dir
+    $logdir = $operatingsystem ? {
+        default => "/var/log/drupal",
+    }
+
+    # Used by monitor and firewall class
+    # If you need to define additional ports, call them $protocol1/$port1 and add the relevant
+    # parts in firewall.pp and monitor.pp
+    $protocol = "tcp"
+    $port = "80"
+    
+
+
+## DEFAULTS FOR MONITOR CLASS
+# These are settings that influence the (optional) drupal::monitor class
+# You can define these variables or leave the defaults
+# The apparently complex variables assignements below follow this logic:
+# - If no user variable is set, a reasonable default is used
+# - If the user has set a host-wide variable (ex: $monitor_target ) that one is set
+# - The host-wide variable can be overriden by a module specific one (ex: $drupal_monitor_target)
+
+    # How the monitor server refers to the monitor target 
+    $monitor_target_real = $drupal_monitor_target ? {
+        ''      => $monitor_target ? {
+           ''      => "${fqdn}",
+           default => $monitor_target,
+        },
+        default => "$drupal_monitor_target",
+    }
+
+    # BaseUrl to access this service
+    $monitor_baseurl_real = $drupal_monitor_baseurl ? {
+        ''      => $monitor_baseurl ? {
+           ''      => "http://${fqdn}",
+           default => $monitor_baseurl,
+        },
+        default => "${drupal_monitor_baseurl}",
+    }
+
+    # Pattern to look for in the URL defined in drupal::monitor class
+    $monitor_url_pattern = $drupal_monitor_url_pattern ? {
+        ''      => "a", # Sane default. TO CUSTOMIZE
+        default => "${drupal_monitor_url_pattern}",
+    }
+
+    # If drupal port monitoring is enabled 
+    $monitor_port_enable = $drupal_monitor_port ? {
+        ''      => $monitor_port ? {
+           ''      => false,
+           default => $monitor_port,
+        },
+        default => $drupal_monitor_port,
+    }
+
+    # If drupal url monitoring is enabled 
+    $monitor_url_enable = $drupal_monitor_url ? {
+        ''      => $monitor_url ? {
+           ''      => true,
+           default => $monitor_url,
+        },
+        default => $drupal_monitor_url,
+    }
+
+    # If drupal process monitoring is enabled 
+    $monitor_process_enable = $drupal_monitor_process ? {
+        ''      => $monitor_process ? {
+           ''      => false,
+           default => $monitor_process,
+        },
+        default => $drupal_monitor_process,
+    }
+
+    # If drupal plugin monitoring is enabled 
+    $monitor_plugin_enable = $drupal_monitor_plugin ? {
+        ''      => $monitor_plugin ? {
+           ''      => false,
+           default => $monitor_plugin,
+        },
+        default => $drupal_monitor_plugin,
+    }
+
+## DEFAULTS FOR BACKUP CLASS
+# These are settings that influence the (optional) drupal::backup class
+# You can define these variables or leave the defaults
+
+    # How the backup server refers to the backup target 
+    $backup_target_real = $drupal_backup_target ? {
+        ''      => $backup_target ? {
+           ''      => "${fqdn}",
+           default => $backup_target,
+        },
+        default => "$drupal_backup_target",
+    }
+  
+    # Frequency of backups
+    $backup_frequency = $drupal_backup_frequency ? {
+        ''      => "daily",
+        default => "$drupal_backup_frequency",
+    }
+
+    # If drupal data have to be backed up
+    $backup_data_enable = $drupal_backup_data ? {
+        ''      => $backup_data ? {
+           ''      => true,
+           default => $backup_data,
+        },
+        default => $drupal_backup_data,
+    }
+
+    # If drupal logs have to be backed up
+    $backup_log_enable = $drupal_backup_log ? {
+        ''      => $backup_log ? {
+           ''      => true,
+           default => $backup_log,
+        },
+        default => $drupal_backup_log,
+    }
+
+
+## DEFAULTS FOR FIREWALL CLASS
+# These are settings that influence the (optional) drupal::firewall class
+# You can define these variables or leave the defaults
+
+    # Source IPs that can access this service - Use iptables friendly format
+    $firewall_source_real = $drupal_firewall_source ? {
+        ''      => $firewall_source ? {
+           ''      => "0.0.0.0/0",
+           default => $firewall_source,
+        },
+        default => "$drupal_firewall_source",
+    }
+
+    # Destination IP to use for this host (Default facter's $ipaddress)
+    $firewall_destination_real = $drupal_firewall_destination ? {
+        ''      => $firewall_destination ? {
+           ''      => "${ipaddress}",
+           default => $firewall_destination,
+        },
+        default => "$drupal_firewall_destination",
+    }
+
+    # If firewall filter is enabled
+    $firewall_enable = $drupal_firewall_enable ? {
+        ''      => $firewall_enable ? {
+           ''      => true,
+           default => $firewall_enable,
+        },
+        default => $drupal_firewall_enable,
+    }
+
+## FILE SERVING SOURCE
+# Sets the correct source for static files
+# In order to provide files from different sources without modifying the module
+# you can override the default source path setting the variable $base_source
+# Ex: $base_source="puppet://ip.of.fileserver" or $base_source="puppet://$servername/myprojectmodule"
+# What follows automatically manages the new source standard (with /modules/) from 0.25 
+
+    case $base_source {
+        '': {
+            $general_base_source = $puppetversion ? {
+                /(^0.25)/ => "puppet:///modules",
+                /(^0.)/   => "puppet://$servername",
+                default   => "puppet:///modules",
+            }
+        }
+        default: { $general_base_source=$base_source }
+    }
+
+}

data/puppet/modules/drupal/manifests/site.pp

@@ -0,0 +1,63 @@
+# Define: drupal::site
+#
+# Setup a new Drupal site via drush
+#
+# Variables:
+#
+# Usage:
+#
+
+define drupal::site ( url ,
+                      db_name="" ,
+                      db_user ,
+                      db_password ,
+                      db_host="localhost" ,
+                      db_type="mysql" ,
+                      install_mode="no") {
+
+    $true_install_mode = $install_mode ? {
+        true   => "yes",
+        "on"   => "yes",
+        "true" => "yes",
+        "yes"  => "yes",
+        default => "no",
+    }
+
+    file { "${drupal::params::sitesdir}/$name":
+        mode    => $true_install_mode ? {
+            "no"  => "755" ,
+            "yes" => "777" ,
+            },
+        owner   => "root",
+        group   => "root",
+        ensure  => directory,
+        require => Class["drupal"],
+    }
+
+    case $db_host {
+        "localhost","127.0.0.1": {
+            include mysql
+            mysql::grant { "drupal_grants_${name}":
+                mysql_db         => "$db_name",
+                mysql_user       => "$db_user",
+                mysql_password   => "$db_password",
+                mysql_privileges => "SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, LOCK TABLES, CREATE TEMPORARY TABLES",
+                mysql_host       => "$db_host",
+            }
+        }
+        default: {
+            # Attempt to automanage Mysql grants on external servers. TODO: Verify if it works ;-D
+            @@mysql::grant { "drupal_grants_${name}":
+                mysql_db         => "$db_name",
+                mysql_user       => "$db_user",
+                mysql_password   => "$db_password",
+                mysql_privileges => "SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, LOCK TABLES, CREATE TEMPORARY TABLES",
+                mysql_host       => "${fqdn}",
+                tag              => "drupal_grants_${db_host}",
+            }
+        }
+    }
+
+
+}
+

data/puppet/modules/drupal/manifests/theme.pp

@@ -0,0 +1,33 @@
+# Define: drupal::theme
+#
+# Installs the defined drupal theme via drush
+#
+# Variables:
+# $preferred_state (default="stable") - Define which preferred version state to use
+# $site - Define for which site install the theme (Default:all)
+# $status - Define in what status you want the theme (enable,disable,absent)
+#
+# Usage:
+# drupal::theme { themename: }
+#
+# Example:
+# drupal::theme { "google_analitics": }
+# drupal::theme { "google_analitics": preferred_state => "beta" }
+# drupal::theme { "google_analitics": site => "acme" }
+# drupal::theme { "google_analitics": status => "disable" }
+
+define drupal::theme ( preferred_state="stable" , site="all" , status="enable") {
+
+    exec { "drush-${name}":
+        cwd     => "${drupal::params::sitesdir}/$site/themes",
+        command => $status ? {
+            enable  => "${drupal::params::drush_path} dl ${name}",
+            disable => "${drupal::params::drush_path} dis ${name}",
+            absent  => "rm -rf ${name}",
+        },
+        creates => "${drupal::params::sitesdir}/$site/themes/$name",
+        require => Class["drupal::drush"],
+    }
+
+}
+

data/puppet/modules/drupal/templates/variables_drupal.erb

@@ -0,0 +1,62 @@
+# File Managed By Puppet
+
+These are the variables used by the module drupal
+
+User variables (unfiltered):
+$drupal_version = <%= scope.lookupvar('drupal_version') %>
+$drupal_use_package = <%= scope.lookupvar('drupal_use_package') %>
+$drupal_drush_url = <%= scope.lookupvar('drupal_drush_url') %>
+$drupal_basedir = <%= scope.lookupvar('drupal_basedir') %>
+$drupal_sitesdir = <%= scope.lookupvar('drupal_sitesdir') %>
+$drupal_extra = <%= scope.lookupvar('drupal_extra') %>
+
+User variables (after params.pp filter):
+$version = <%= scope.lookupvar('drupal::params::version') %>
+$use_package = <%= scope.lookupvar('drupal::params::use_package') %>
+$drush_url = <%= scope.lookupvar('drupal::params::drush_url') %>
+$basedir = <%= scope.lookupvar('drupal::params::basedir') %>
+$sitesdir = <%= scope.lookupvar('drupal::params::sitesdir') %>
+$extra = <%= scope.lookupvar('drupal::params::extra') %>
+
+Extra module variables:
+$drush_path= <%= scope.lookupvar('drupal::params::drush_path') %>
+
+General internal variables:
+$packagename = <%= scope.lookupvar('drupal::params::packagename') %>
+$servicename = <%= scope.lookupvar('drupal::params::servicename') %>
+$processname = <%= scope.lookupvar('drupal::params::servicename') %>
+$hasstatus = <%= scope.lookupvar('drupal::params::hasstatus') %>
+$configfile = <%= scope.lookupvar('drupal::params::configfile') %>
+$configfile_mode = <%= scope.lookupvar('drupal::params::configfile_mode') %>
+$configfile_owner = <%= scope.lookupvar('drupal::params::configfile_owner') %>
+$configfile_group = <%= scope.lookupvar('drupal::params::configfile_group') %>
+$configdir = <%= scope.lookupvar('drupal::params::configdir') %>
+$initconfigfile = <%= scope.lookupvar('drupal::params::initconfigfile') %>
+$pidfile = <%= scope.lookupvar('drupal::params::pidfile') %>
+$datadir = <%= scope.lookupvar('drupal::params::datadir') %>
+$logdir = <%= scope.lookupvar('drupal::params::logdir') %>
+$protocol = <%= scope.lookupvar('drupal::params::protocol') %>
+$port = <%= scope.lookupvar('drupal::params::port') %>
+
+Variables used by monitor class:
+$monitor_target_real = <%= scope.lookupvar('drupal::params::monitor_target_real') %> ( Set with $drupal_monitor_target )
+$monitor_baseurl_real = <%= scope.lookupvar('drupal::params::monitor_baseurl_real') %> ( Set with $drupal_monitor_baseurl )
+$monitor_url_pattern = <%= scope.lookupvar('drupal::params::monitor_url_pattern') %> ( Set with $drupal_monitor_url_pattern )
+$monitor_port_enable = <%= scope.lookupvar('drupal::params::monitor_port_enable') %> ( Set with $drupal_monitor_port )
+$monitor_url_enable = <%= scope.lookupvar('drupal::params::monitor_url_enable') %> ( Set with $drupal_monitor_url )
+$monitor_process_enable = <%= scope.lookupvar('drupal::params::monitor_process_enable') %> ( Set with $drupal_monitor_process )
+$monitor_plugin_enable = <%= scope.lookupvar('drupal::params::monitor_plugin_enable') %> ( Set with $drupal_monitor_plugin )
+
+Variables used by backup class:
+$backup_target_real = <%= scope.lookupvar('drupal::params::backup_target_real') %> ( Set with $drupal_backup_target )
+$backup_frequency = <%= scope.lookupvar('drupal::params::backup_frequency') %> ( Set with $drupal_backup_frequency )
+$backup_data_enable = <%= scope.lookupvar('drupal::params::backup_data_enable') %> ( Set with $drupal_backup_data )
+$backup_log_enable = <%= scope.lookupvar('drupal::params::backup_log_enable') %> ( Set with $drupal_backup_log )
+
+Variables used by firewall class:
+$firewall_source_real = <%= scope.lookupvar('drupal::params::firewall_source_real') %> ( Set with $drupal_firewall_source )
+$firewall_destination_real = <%= scope.lookupvar('drupal::params::firewall_destination_real') %> ( Set with $drupal_firewall_destination )
+$firewall_enable = <%= scope.lookupvar('drupal::params::firewall_destination_real') %> ( Set with $drupal_firewall_enable )
+
+Module base source for static files:
+$general_base_source = <%= scope.lookupvar('drupal::params::general_base_source') %> ( Set with $base_source )

data/puppet/modules/drupal/tests/absent.pp

@@ -0,0 +1 @@
+include drupal::absent

data/puppet/modules/drupal/tests/backup.pp

@@ -0,0 +1 @@
+include drupal::backup

data/puppet/modules/drupal/tests/debug.pp

@@ -0,0 +1 @@
+include drupal::debug

data/puppet/modules/drupal/tests/disable.pp

@@ -0,0 +1 @@
+include drupal::disable

data/puppet/modules/drupal/tests/disableboot.pp

@@ -0,0 +1 @@
+include drupal::disableboot

data/puppet/modules/drupal/tests/firewall.pp

@@ -0,0 +1 @@
+include drupal::firewall

data/puppet/modules/drupal/tests/init.pp

@@ -0,0 +1 @@
+include drupal

data/puppet/modules/drupal/tests/monitor.pp

@@ -0,0 +1 @@
+include drupal::monitor

data/puppet/modules/hosts/manifests/example42.pp

@@ -0,0 +1,5 @@
+# Manage here your customizations for /etc/hosts
+#
+class hosts::example42 inherits hosts {
+
+}

data/puppet/modules/hosts/manifests/init.pp

@@ -0,0 +1,16 @@
+# Class hosts
+#
+# Manages /etc/hosts
+#
+class hosts {
+
+    file { "hosts":
+        ensure => present,
+        path => "/etc/hosts",
+        content => template("hosts/hosts.erb"),
+    }
+
+    if $my_project { include "hosts::${my_project}" }
+
+}
+

data/puppet/modules/hosts/templates/hosts.erb

@@ -0,0 +1,11 @@
+# File Managed by Puppet
+127.0.0.1	localhost.locadomain	localhost
+<%= ipaddress %>	<%= fqdn %>	<%= hostname %>
+ 
+# The following lines are desirable for IPv6 capable hosts
+::1     ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+ff02::3 ip6-allhosts

data/puppet/modules/iptables/README

@@ -0,0 +1,4 @@
+# Lab42 Puppet Infrastructure #
+# PROVIDED 'AS IS'
+
+

data/puppet/modules/iptables/files/iptables

@@ -0,0 +1,19 @@
+# Generated by iptables-save v1.3.5 on Tue Jan 29 02:30:29 2008
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [1:116]
+COMMIT
+# Completed on Tue Jan 29 02:30:29 2008
+# Generated by iptables-save v1.3.5 on Tue Jan 29 02:30:29 2008
+*filter
+:INPUT DROP [286:21560]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [227:24924]
+-A INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
+-A INPUT -i lo -j ACCEPT 
+-A INPUT -j LOG --log-prefix "INPUT DROP: " 
+-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
+-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
+COMMIT
+# Completed on Tue Jan 29 02:30:29 2008

data/puppet/modules/iptables/manifests/disable.pp

@@ -0,0 +1,15 @@
+# Disables iptables (no boot, no run)
+class iptables::disable {
+    case $operatingsystem {
+        centos: { include iptables::redhat::disable }
+        redhat: { include iptables::redhat::disable }
+        default: { err("No such operatingsystem: $operatingsystem yet defined") }
+    }
+}
+
+class iptables::redhat::disable inherits iptables::redhat {
+    Service ["iptables"] {
+        ensure => stopped,
+        enable => false,
+    }
+}

data/puppet/modules/iptables/manifests/init.pp

@@ -0,0 +1,9 @@
+class iptables {
+
+    case $operatingsystem {
+        centos: { include iptables::redhat }
+        redhat: { include iptables::redhat }
+        default: { warning("No such operatingsystem: $operatingsystem yet defined") }
+        }
+
+}