simp-rake-helpers 3.7.0 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +5 -0
- data/CHANGELOG.md +10 -0
- data/lib/simp/rake/helpers/version.rb +1 -1
- data/lib/simp/rake/pupmod/helpers.rb +64 -48
- data/lib/simp/rake/rubygem.rb +1 -0
- data/spec/lib/simp/rake/pupmod/fixtures/othermod/Gemfile +18 -0
- data/spec/lib/simp/rake/pupmod/fixtures/othermod/README.md +83 -0
- data/spec/lib/simp/rake/pupmod/fixtures/othermod/Rakefile +32 -0
- data/spec/lib/simp/rake/pupmod/fixtures/othermod/examples/init.pp +12 -0
- data/spec/lib/simp/rake/pupmod/fixtures/othermod/manifests/init.pp +48 -0
- data/spec/lib/simp/rake/pupmod/fixtures/othermod/metadata.json +15 -0
- data/spec/lib/simp/rake/pupmod/fixtures/othermod/spec/classes/init_spec.rb +6 -0
- data/spec/lib/simp/rake/pupmod/fixtures/othermod/spec/spec_helper.rb +1 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/CHANGELOG +11 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/CONTRIBUTORS +1 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/Gemfile +40 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/LICENSE +25 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/README.md +139 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/Rakefile +3 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/build/rpm_metadata/requires +7 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/data/common.yaml +2 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/hiera.yaml +10 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config.pp +7 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/auditing.pp +15 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/firewall.pp +14 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/logging.pp +16 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/pki.pp +16 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/selinux.pp +15 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/tcpwrappers.pp +16 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/init.pp +110 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/install.pp +11 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/service.pp +15 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/metadata.json +50 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/acceptance/nodesets/centos-combined-x64.yml +22 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/acceptance/nodesets/default.yml +1 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/acceptance/suites/default/class_spec.rb +32 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/acceptance/suites/default/nodesets +1 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/classes/init_spec.rb +87 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/spec_helper.rb +92 -0
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/spec_helper_acceptance.rb +45 -0
- data/spec/lib/simp/rake/pupmod/helpers_spec.rb +56 -4
- metadata +49 -8
@@ -0,0 +1,15 @@
|
|
1
|
+
{
|
2
|
+
"name": "other-othermod",
|
3
|
+
"version": "0.1.0",
|
4
|
+
"author": "other",
|
5
|
+
"summary": null,
|
6
|
+
"license": "Apache-2.0",
|
7
|
+
"source": "",
|
8
|
+
"project_page": null,
|
9
|
+
"issues_url": null,
|
10
|
+
"dependencies": [
|
11
|
+
{"name":"puppetlabs-stdlib","version_requirement":">= 1.0.0"}
|
12
|
+
],
|
13
|
+
"data_provider": null
|
14
|
+
}
|
15
|
+
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'puppetlabs_spec_helper/module_spec_helper'
|
@@ -0,0 +1,11 @@
|
|
1
|
+
* Tue Jan 2 1970 Second Author <email1@domain.com> - 0.1.0
|
2
|
+
- Fix number 3
|
3
|
+
- Fix number 4
|
4
|
+
|
5
|
+
* Mon Jan 1 1970 First Author <email2@domain.com> - 0.1.0
|
6
|
+
- Fix number 1
|
7
|
+
- Fix number 2
|
8
|
+
|
9
|
+
* Mon Jan 1 1970 First Last <email@domain.com> - 0.0.1
|
10
|
+
- First release
|
11
|
+
- Updated CHANGELOG
|
@@ -0,0 +1 @@
|
|
1
|
+
simp
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# NOTE: SIMP Puppet rake tasks support ruby 2.1.9
|
2
|
+
# ------------------------------------------------------------------------------
|
3
|
+
gem_sources = ENV.fetch('GEM_SERVERS','https://rubygems.org').split(/[, ]+/)
|
4
|
+
|
5
|
+
gem_sources.each { |gem_source| source gem_source }
|
6
|
+
|
7
|
+
group :test do
|
8
|
+
gem 'rake'
|
9
|
+
gem 'puppet', ENV.fetch('PUPPET_VERSION', '~>4.8.0') # Default to SIMP 6
|
10
|
+
gem 'rspec'
|
11
|
+
gem 'rspec-puppet'
|
12
|
+
gem 'puppet-strings'
|
13
|
+
gem 'hiera-puppet-helper'
|
14
|
+
gem 'puppetlabs_spec_helper'
|
15
|
+
gem 'metadata-json-lint'
|
16
|
+
gem 'puppet-lint-empty_string-check', :require => false
|
17
|
+
gem 'puppet-lint-trailing_comma-check', :require => false
|
18
|
+
gem 'simp-rspec-puppet-facts', ENV.fetch('SIMP_RSPEC_PUPPET_FACTS_VERSION', '~> 1.3')
|
19
|
+
gem 'simp-rake-helpers', ENV.fetch('SIMP_RAKE_HELPERS_VERSION', '~> 3.5')
|
20
|
+
end
|
21
|
+
|
22
|
+
group :development do
|
23
|
+
gem 'travis'
|
24
|
+
gem 'travis-lint'
|
25
|
+
gem 'travish'
|
26
|
+
gem 'puppet-blacksmith'
|
27
|
+
gem 'guard-rake'
|
28
|
+
gem 'pry'
|
29
|
+
gem 'pry-doc'
|
30
|
+
|
31
|
+
# `listen` is a dependency of `guard`
|
32
|
+
# from `listen` 3.1+, `ruby_dep` requires Ruby version >= 2.2.3, ~> 2.2
|
33
|
+
gem 'listen', '~> 3.0.6'
|
34
|
+
end
|
35
|
+
|
36
|
+
group :system_tests do
|
37
|
+
gem 'beaker'
|
38
|
+
gem 'beaker-rspec'
|
39
|
+
gem 'simp-beaker-helpers', ENV.fetch('SIMP_BEAKER_HELPERS_VERSION', '~> 1.7')
|
40
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
simpmod - A module fixture that models a simp module
|
2
|
+
|
3
|
+
Per Section 105 of the Copyright Act of 1976, these works are not entitled to
|
4
|
+
domestic copyright protection under US Federal law.
|
5
|
+
|
6
|
+
The US Government retains the right to pursue copyright protections outside of
|
7
|
+
the United States.
|
8
|
+
|
9
|
+
The United States Government has unlimited rights in this software and all
|
10
|
+
derivatives thereof, pursuant to the contracts under which it was developed and
|
11
|
+
the License under which it falls.
|
12
|
+
|
13
|
+
---
|
14
|
+
|
15
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
16
|
+
you may not use this file except in compliance with the License.
|
17
|
+
You may obtain a copy of the License at
|
18
|
+
|
19
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
20
|
+
|
21
|
+
Unless required by applicable law or agreed to in writing, software
|
22
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
23
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
24
|
+
See the License for the specific language governing permissions and
|
25
|
+
limitations under the License.
|
@@ -0,0 +1,139 @@
|
|
1
|
+
**FIXME**: Ensure the badges are correct and complete, then remove this message!
|
2
|
+
|
3
|
+
[![License](http://img.shields.io/:license-apache-blue.svg)](http://www.apache.org/licenses/LICENSE-2.0.html) [![Build Status](https://travis-ci.org/simp/pupmod-simp-simpmod.svg)](https://travis-ci.org/simp/pupmod-simp-simpmod) [![SIMP compatibility](https://img.shields.io/badge/SIMP%20compatibility-6.*-orange.svg)](https://img.shields.io/badge/SIMP%20compatibility-6.*-orange.svg)
|
4
|
+
|
5
|
+
#### Table of Contents
|
6
|
+
|
7
|
+
1. [Description](#description)
|
8
|
+
2. [Setup - The basics of getting started with simpmod](#setup)
|
9
|
+
* [What simpmod affects](#what-simpmod-affects)
|
10
|
+
* [Setup requirements](#setup-requirements)
|
11
|
+
* [Beginning with simpmod](#beginning-with-simpmod)
|
12
|
+
3. [Usage - Configuration options and additional functionality](#usage)
|
13
|
+
4. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
|
14
|
+
5. [Limitations - OS compatibility, etc.](#limitations)
|
15
|
+
6. [Development - Guide for contributing to the module](#development)
|
16
|
+
* [Acceptance Tests - Beaker env variables](#acceptance-tests)
|
17
|
+
|
18
|
+
## Description
|
19
|
+
|
20
|
+
**FIXME:** Ensure the *Description* section is correct and complete, then remove this message!
|
21
|
+
|
22
|
+
Start with a one- or two-sentence summary of what the module does and/or what
|
23
|
+
problem it solves. This is your 30-second elevator pitch for your module.
|
24
|
+
Consider including OS and Puppet version compatability, and any other
|
25
|
+
information users will need to quickly assess the module's viability within
|
26
|
+
their environment.
|
27
|
+
|
28
|
+
You can give more descriptive information in a second paragraph. This paragraph
|
29
|
+
should answer the questions: "What does this module *do*?" and "Why would I use
|
30
|
+
it?" If your module has a range of functionality (installation, configuration,
|
31
|
+
management, etc.), this is the time to mention it.
|
32
|
+
|
33
|
+
### This is a SIMP module
|
34
|
+
|
35
|
+
This module is a component of the [System Integrity Management
|
36
|
+
Platform](https://github.com/NationalSecurityAgency/SIMP), a
|
37
|
+
compliance-management framework built on Puppet.
|
38
|
+
|
39
|
+
If you find any issues, they may be submitted to our [bug
|
40
|
+
tracker](https://simp-project.atlassian.net/).
|
41
|
+
|
42
|
+
**FIXME:** Ensure the *This is a SIMP module* section is correct and complete, then remove this message!
|
43
|
+
|
44
|
+
This module is optimally designed for use within a larger SIMP ecosystem, but
|
45
|
+
it can be used independently:
|
46
|
+
|
47
|
+
* When included within the SIMP ecosystem, security compliance settings will
|
48
|
+
be managed from the Puppet server.
|
49
|
+
* If used independently, all SIMP-managed security subsystems are disabled by
|
50
|
+
default and must be explicitly opted into by administrators. Please review
|
51
|
+
the parameters in
|
52
|
+
[`simp/simp_options`](https://github.com/simp/pupmod-simp-simp_options) for
|
53
|
+
details.
|
54
|
+
|
55
|
+
## Setup
|
56
|
+
|
57
|
+
### What simpmod affects
|
58
|
+
|
59
|
+
**FIXME:** Ensure the *What simpmod affects* section is correct and complete, then remove this message!
|
60
|
+
|
61
|
+
If it's obvious what your module touches, you can skip this section. For
|
62
|
+
example, folks can probably figure out that your mysql_instance module affects
|
63
|
+
their MySQL instances.
|
64
|
+
|
65
|
+
If there's more that they should know about, though, this is the place to
|
66
|
+
mention:
|
67
|
+
|
68
|
+
* A list of files, packages, services, or operations that the module will
|
69
|
+
alter, impact, or execute.
|
70
|
+
* Dependencies that your module automatically installs.
|
71
|
+
* Warnings or other important notices.
|
72
|
+
|
73
|
+
### Setup Requirements **OPTIONAL**
|
74
|
+
|
75
|
+
**FIXME:** Ensure the *Setup Requirements* section is correct and complete, then remove this message!
|
76
|
+
|
77
|
+
If your module requires anything extra before setting up (pluginsync enabled,
|
78
|
+
etc.), mention it here.
|
79
|
+
|
80
|
+
If your most recent release breaks compatibility or requires particular steps
|
81
|
+
for upgrading, you might want to include an additional "Upgrading" section
|
82
|
+
here.
|
83
|
+
|
84
|
+
### Beginning with simpmod
|
85
|
+
|
86
|
+
**FIXME:** Ensure the *Beginning with simpmod* section is correct and complete, then remove this message!
|
87
|
+
|
88
|
+
The very basic steps needed for a user to get the module up and running. This
|
89
|
+
can include setup steps, if necessary, or it can be an example of the most
|
90
|
+
basic use of the module.
|
91
|
+
|
92
|
+
## Usage
|
93
|
+
|
94
|
+
**FIXME:** Ensure the *Usage* section is correct and complete, then remove this message!
|
95
|
+
|
96
|
+
This section is where you describe how to customize, configure, and do the
|
97
|
+
fancy stuff with your module here. It's especially helpful if you include usage
|
98
|
+
examples and code samples for doing things with your module.
|
99
|
+
|
100
|
+
## Reference
|
101
|
+
|
102
|
+
**FIXME:** Ensure the *Reference* section is correct and complete, then remove this message! If there is pre-generated YARD documentation for this module, ensure the text links to it and remove references to inline documentation.
|
103
|
+
|
104
|
+
Please refer to the inline documentation within each source file, or to the
|
105
|
+
module's generated YARD documentation for reference material.
|
106
|
+
|
107
|
+
## Limitations
|
108
|
+
|
109
|
+
**FIXME:** Ensure the *Limitations* section is correct and complete, then remove this message!
|
110
|
+
|
111
|
+
SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux
|
112
|
+
and compatible distributions, such as CentOS. Please see the
|
113
|
+
[`metadata.json` file](./metadata.json) for the most up-to-date list of
|
114
|
+
supported operating systems, Puppet versions, and module dependencies.
|
115
|
+
|
116
|
+
## Development
|
117
|
+
|
118
|
+
**FIXME:** Ensure the *Development* section is correct and complete, then remove this message!
|
119
|
+
|
120
|
+
Please read our [Contribution Guide](http://simp-doc.readthedocs.io/en/stable/contributors_guide/index.html).
|
121
|
+
|
122
|
+
### Acceptance tests
|
123
|
+
|
124
|
+
This module includes [Beaker](https://github.com/puppetlabs/beaker) acceptance
|
125
|
+
tests using the SIMP [Beaker Helpers](https://github.com/simp/rubygem-simp-beaker-helpers).
|
126
|
+
By default the tests use [Vagrant](https://www.vagrantup.com/) with
|
127
|
+
[VirtualBox](https://www.virtualbox.org) as a back-end; Vagrant and VirtualBox
|
128
|
+
must both be installed to run these tests without modification. To execute the
|
129
|
+
tests run the following:
|
130
|
+
|
131
|
+
```shell
|
132
|
+
bundle install
|
133
|
+
bundle exec rake beaker:suites
|
134
|
+
```
|
135
|
+
|
136
|
+
**FIXME:** Ensure the *Acceptance tests* section is correct and complete, including any module-specific instructions, and remove this message!
|
137
|
+
|
138
|
+
Please refer to the [SIMP Beaker Helpers documentation](https://github.com/simp/rubygem-simp-beaker-helpers/blob/master/README.md)
|
139
|
+
for more information.
|
@@ -0,0 +1,7 @@
|
|
1
|
+
# Drop all Requires, Obsoletes, and Provides statements in here
|
2
|
+
Requires: pupmod-puppetlabs-stdlib >= 4.13.1-0
|
3
|
+
Requires: pupmod-puppetlabs-stdlib < 5.0.0-0
|
4
|
+
Requires: pupmod-simp-simplib >= 3.3.1-0
|
5
|
+
Requires: pupmod-simp-simplib < 4.0.0-0
|
6
|
+
Requires: pupmod-simp-iptables >= 6.0.1-0
|
7
|
+
Requires: pupmod-simp-iptables < 7.0.0-0
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# == Class simpmod::config::auditing
|
2
|
+
#
|
3
|
+
# This class is meant to be called from simpmod.
|
4
|
+
# It ensures that auditing rules are defined.
|
5
|
+
#
|
6
|
+
class simpmod::config::auditing {
|
7
|
+
assert_private()
|
8
|
+
|
9
|
+
# FIXME: ensure your module's auditing settings are defined here.
|
10
|
+
$msg = "FIXME: define the ${module_name} module's auditing settings."
|
11
|
+
|
12
|
+
notify{ 'FIXME: auditing': message => $msg } # FIXME: remove this and add logic
|
13
|
+
err( $msg ) # FIXME: remove this and add logic
|
14
|
+
|
15
|
+
}
|
@@ -0,0 +1,14 @@
|
|
1
|
+
# == Class simpmod::config::firewall
|
2
|
+
#
|
3
|
+
# This class is meant to be called from simpmod.
|
4
|
+
# It ensures that firewall rules are defined.
|
5
|
+
#
|
6
|
+
class simpmod::config::firewall {
|
7
|
+
assert_private()
|
8
|
+
|
9
|
+
# FIXME: ensure your module's firewall settings are defined here.
|
10
|
+
iptables::listen::tcp_stateful { 'allow_simpmod_tcp_connections':
|
11
|
+
trusted_nets => $::simpmod::trusted_nets,
|
12
|
+
dports => $::simpmod::tcp_listen_port
|
13
|
+
}
|
14
|
+
}
|
@@ -0,0 +1,16 @@
|
|
1
|
+
# == Class simpmod::config::logging
|
2
|
+
#
|
3
|
+
# This class is meant to be called from simpmod.
|
4
|
+
# It ensures that logging rules are defined.
|
5
|
+
#
|
6
|
+
class simpmod::config::logging {
|
7
|
+
assert_private()
|
8
|
+
|
9
|
+
# FIXME: ensure your module's logging settings are defined here.
|
10
|
+
$msg = "FIXME: define the ${module_name} module's logging settings."
|
11
|
+
|
12
|
+
notify{ 'FIXME: logging': message => $msg } # FIXME: remove this and add logic
|
13
|
+
err( $msg ) # FIXME: remove this and add logic
|
14
|
+
|
15
|
+
}
|
16
|
+
|
@@ -0,0 +1,16 @@
|
|
1
|
+
# == Class simpmod::config::config::pki
|
2
|
+
#
|
3
|
+
# This class is meant to be called from simpmod.
|
4
|
+
# It ensures that pki rules are defined.
|
5
|
+
#
|
6
|
+
class simpmod::config::pki {
|
7
|
+
assert_private()
|
8
|
+
|
9
|
+
# FIXME: ensure your module's pki settings are defined here.
|
10
|
+
$msg = "FIXME: define the ${module_name} module's pki settings."
|
11
|
+
|
12
|
+
notify{ 'FIXME: pki': message => $msg } # FIXME: remove this and add logic
|
13
|
+
err( $msg ) # FIXME: remove this and add logic
|
14
|
+
|
15
|
+
}
|
16
|
+
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# == Class simpmod::config::selinux
|
2
|
+
#
|
3
|
+
# This class is meant to be called from simpmod.
|
4
|
+
# It ensures that selinux rules are defined.
|
5
|
+
#
|
6
|
+
class simpmod::config::selinux {
|
7
|
+
assert_private()
|
8
|
+
|
9
|
+
# FIXME: ensure your module's selinux settings are defined here.
|
10
|
+
$msg = "FIXME: define the ${module_name} module's selinux settings."
|
11
|
+
|
12
|
+
notify{ 'FIXME: selinux': message => $msg } # FIXME: remove this and add logic
|
13
|
+
err( $msg ) # FIXME: remove this and add logic
|
14
|
+
|
15
|
+
}
|
@@ -0,0 +1,16 @@
|
|
1
|
+
# == Class simpmod::config::tcpwrappers
|
2
|
+
#
|
3
|
+
# This class is meant to be called from simpmod.
|
4
|
+
# It ensures that tcpwrappers rules are defined.
|
5
|
+
#
|
6
|
+
class simpmod::config::tcpwrappers {
|
7
|
+
assert_private()
|
8
|
+
|
9
|
+
# FIXME: ensure your module's tcpwrappers settings are defined here.
|
10
|
+
$msg = "FIXME: define the ${module_name} module's tcpwrappers settings."
|
11
|
+
|
12
|
+
notify{ 'FIXME: tcpwrappers': message => $msg } # FIXME: remove this, add logic
|
13
|
+
err( $msg ) # FIXME: remove this, add logic
|
14
|
+
|
15
|
+
}
|
16
|
+
|
@@ -0,0 +1,110 @@
|
|
1
|
+
# Full description of SIMP module 'simpmod' here.
|
2
|
+
#
|
3
|
+
# === Welcome to SIMP!
|
4
|
+
# This module is a component of the System Integrity Management Platform, a
|
5
|
+
# managed security compliance framework built on Puppet.
|
6
|
+
#
|
7
|
+
# ---
|
8
|
+
# *FIXME:* verify that the following paragraph fits this module's characteristics!
|
9
|
+
# ---
|
10
|
+
#
|
11
|
+
# This module is optimally designed for use within a larger SIMP ecosystem, but
|
12
|
+
# it can be used independently:
|
13
|
+
#
|
14
|
+
# * When included within the SIMP ecosystem, security compliance settings will
|
15
|
+
# be managed from the Puppet server.
|
16
|
+
#
|
17
|
+
# * If used independently, all SIMP-managed security subsystems are disabled by
|
18
|
+
# default, and must be explicitly opted into by administrators. Please
|
19
|
+
# review the +trusted_nets+ and +$enable_*+ parameters for details.
|
20
|
+
#
|
21
|
+
# @param service_name
|
22
|
+
# The name of the simpmod service
|
23
|
+
#
|
24
|
+
# @param package_name
|
25
|
+
# The name of the simpmod package
|
26
|
+
#
|
27
|
+
# @param trusted_nets
|
28
|
+
# A whitelist of subnets (in CIDR notation) permitted access
|
29
|
+
#
|
30
|
+
# @param enable_auditing
|
31
|
+
# If true, manage auditing for simpmod
|
32
|
+
#
|
33
|
+
# @param enable_firewall
|
34
|
+
# If true, manage firewall rules to acommodate simpmod
|
35
|
+
#
|
36
|
+
# @param enable_logging
|
37
|
+
# If true, manage logging configuration for simpmod
|
38
|
+
#
|
39
|
+
# @param enable_pki
|
40
|
+
# If true, manage PKI/PKE configuration for simpmod
|
41
|
+
#
|
42
|
+
# @param enable_selinux
|
43
|
+
# If true, manage selinux to permit simpmod
|
44
|
+
#
|
45
|
+
# @param enable_tcpwrappers
|
46
|
+
# If true, manage TCP wrappers configuration for simpmod
|
47
|
+
#
|
48
|
+
# @author simp
|
49
|
+
#
|
50
|
+
class simpmod (
|
51
|
+
String $service_name = 'simpmod',
|
52
|
+
String $package_name = 'simpmod',
|
53
|
+
Simplib::Port $tcp_listen_port = 9999,
|
54
|
+
Simplib::Netlist $trusted_nets = simplib::lookup('simp_options::trusted_nets', {'default_value' => ['127.0.0.1/32'] }),
|
55
|
+
Boolean $enable_pki = simplib::lookup('simp_options::pki', { 'default_value' => false }),
|
56
|
+
Boolean $enable_auditing = simplib::lookup('simp_options::auditd', { 'default_value' => false }),
|
57
|
+
Boolean $enable_firewall = simplib::lookup('simp_options::firewall', { 'default_value' => false }),
|
58
|
+
Boolean $enable_logging = simplib::lookup('simp_options::syslog', { 'default_value' => false }),
|
59
|
+
Boolean $enable_selinux = simplib::lookup('simp_options::selinux', { 'default_value' => false }),
|
60
|
+
Boolean $enable_tcpwrappers = simplib::lookup('simp_options::tcpwrappers', { 'default_value' => false })
|
61
|
+
|
62
|
+
) {
|
63
|
+
|
64
|
+
$oses = load_module_metadata( $module_name )['operatingsystem_support'].map |$i| { $i['operatingsystem'] }
|
65
|
+
unless $::operatingsystem in $oses { fail("${::operatingsystem} not supported") }
|
66
|
+
|
67
|
+
include '::simpmod::install'
|
68
|
+
include '::simpmod::config'
|
69
|
+
include '::simpmod::service'
|
70
|
+
Class[ '::simpmod::install' ]
|
71
|
+
-> Class[ '::simpmod::config' ]
|
72
|
+
~> Class[ '::simpmod::service' ]
|
73
|
+
-> Class[ '::simpmod' ]
|
74
|
+
|
75
|
+
if $enable_pki {
|
76
|
+
include '::simpmod::config::pki'
|
77
|
+
Class[ '::simpmod::config::pki' ]
|
78
|
+
-> Class[ '::simpmod::service' ]
|
79
|
+
}
|
80
|
+
|
81
|
+
if $enable_auditing {
|
82
|
+
include '::simpmod::config::auditing'
|
83
|
+
Class[ '::simpmod::config::auditing' ]
|
84
|
+
-> Class[ '::simpmod::service' ]
|
85
|
+
}
|
86
|
+
|
87
|
+
if $enable_firewall {
|
88
|
+
include '::simpmod::config::firewall'
|
89
|
+
Class[ '::simpmod::config::firewall' ]
|
90
|
+
-> Class[ '::simpmod::service' ]
|
91
|
+
}
|
92
|
+
|
93
|
+
if $enable_logging {
|
94
|
+
include '::simpmod::config::logging'
|
95
|
+
Class[ '::simpmod::config::logging' ]
|
96
|
+
-> Class[ '::simpmod::service' ]
|
97
|
+
}
|
98
|
+
|
99
|
+
if $enable_selinux {
|
100
|
+
include '::simpmod::config::selinux'
|
101
|
+
Class[ '::simpmod::config::selinux' ]
|
102
|
+
-> Class[ '::simpmod::service' ]
|
103
|
+
}
|
104
|
+
|
105
|
+
if $enable_tcpwrappers {
|
106
|
+
include '::simpmod::config::tcpwrappers'
|
107
|
+
Class[ '::simpmod::config::tcpwrappers' ]
|
108
|
+
-> Class[ '::simpmod::service' ]
|
109
|
+
}
|
110
|
+
}
|