From 16bc4f8bc665ad1c92f3ee6431a6ece9511ebea8 Mon Sep 17 00:00:00 2001 From: Pat Riehecky Date: Tue, 22 Sep 2020 13:47:41 -0500 Subject: [PATCH] Resolve simple puppet-lint items --- manifests/init.pp | 6 +++--- manifests/linux.pp | 10 +++++----- manifests/linux/archlinux.pp | 10 +++++----- manifests/linux/debian.pp | 17 ++++++++--------- manifests/linux/gentoo.pp | 10 +++++----- manifests/linux/redhat.pp | 30 +++++++++++++++--------------- manifests/params.pp | 2 -- 7 files changed, 41 insertions(+), 44 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 15b15bf..02c1109 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -34,9 +34,9 @@ class firewall ( $ensure = running, $ensure_v6 = undef, $pkg_ensure = present, - $service_name = $::firewall::params::service_name, - $service_name_v6 = $::firewall::params::service_name_v6, - $package_name = $::firewall::params::package_name, + $service_name = $firewall::params::service_name, + $service_name_v6 = $firewall::params::service_name_v6, + $package_name = $firewall::params::package_name, $ebtables_manage = false, ) inherits ::firewall::params { $_ensure_v6 = pick($ensure_v6, $ensure) diff --git a/manifests/linux.pp b/manifests/linux.pp index 5bef81d..1067e5c 100644 --- a/manifests/linux.pp +++ b/manifests/linux.pp @@ -27,9 +27,9 @@ class firewall::linux ( $ensure = running, $ensure_v6 = undef, $pkg_ensure = present, - $service_name = $::firewall::params::service_name, - $service_name_v6 = $::firewall::params::service_name_v6, - $package_name = $::firewall::params::package_name, + $service_name = $firewall::params::service_name, + $service_name_v6 = $firewall::params::service_name_v6, + $package_name = $firewall::params::package_name, $ebtables_manage = false, ) inherits ::firewall::params { $enable = $ensure ? { @@ -40,8 +40,8 @@ class firewall::linux ( $_ensure_v6 = pick($ensure_v6, $ensure) $_enable_v6 = $_ensure_v6 ? { - running => true, - stopped => false, + 'running' => true, + 'stopped' => false, } package { 'iptables': diff --git a/manifests/linux/archlinux.pp b/manifests/linux/archlinux.pp index 7749140..d415caf 100644 --- a/manifests/linux/archlinux.pp +++ b/manifests/linux/archlinux.pp @@ -21,9 +21,9 @@ class firewall::linux::archlinux ( $ensure = 'running', $enable = true, - $service_name = $::firewall::params::service_name, - $package_name = $::firewall::params::package_name, - $package_ensure = $::firewall::params::package_ensure, + $service_name = $firewall::params::service_name, + $package_name = $firewall::params::package_name, + $package_ensure = $firewall::params::package_ensure, ) inherits ::firewall::params { if $package_name { package { $package_name: @@ -38,12 +38,12 @@ class firewall::linux::archlinux ( } file { '/etc/iptables/iptables.rules': - ensure => present, + ensure => file, before => Service[$service_name], } file { '/etc/iptables/ip6tables.rules': - ensure => present, + ensure => file, before => Service[$service_name], } } diff --git a/manifests/linux/debian.pp b/manifests/linux/debian.pp index b3977df..5b7fc4f 100644 --- a/manifests/linux/debian.pp +++ b/manifests/linux/debian.pp @@ -21,23 +21,22 @@ class firewall::linux::debian ( $ensure = running, $enable = true, - $service_name = $::firewall::params::service_name, - $package_name = $::firewall::params::package_name, - $package_ensure = $::firewall::params::package_ensure, + $service_name = $firewall::params::service_name, + $package_name = $firewall::params::package_name, + $package_ensure = $firewall::params::package_ensure, ) inherits ::firewall::params { - if $package_name { #Fixes hang while installing iptables-persistent on debian 8 - exec {'iptables-persistent-debconf': - command => "/bin/echo \"${package_name} ${package_name}/autosave_v4 boolean false\" | + exec { 'iptables-persistent-debconf': + command => "/bin/echo \"${package_name} ${package_name}/autosave_v4 boolean false\" | /usr/bin/debconf-set-selections && /bin/echo \"${package_name} ${package_name}/autosave_v6 boolean false\" | /usr/bin/debconf-set-selections", - refreshonly => true, + refreshonly => true, } ensure_packages([$package_name],{ - ensure => $package_ensure, - require => Exec['iptables-persistent-debconf'] + ensure => $package_ensure, + require => Exec['iptables-persistent-debconf'] }) } diff --git a/manifests/linux/gentoo.pp b/manifests/linux/gentoo.pp index 23f4a68..0235a6a 100644 --- a/manifests/linux/gentoo.pp +++ b/manifests/linux/gentoo.pp @@ -21,9 +21,9 @@ class firewall::linux::gentoo ( $ensure = 'running', $enable = true, - $service_name = $::firewall::params::service_name, - $package_name = $::firewall::params::package_name, - $package_ensure = $::firewall::params::package_ensure, + $service_name = $firewall::params::service_name, + $package_name = $firewall::params::package_name, + $package_ensure = $firewall::params::package_ensure, ) inherits ::firewall::params { if $package_name { package { $package_name: @@ -38,12 +38,12 @@ class firewall::linux::gentoo ( } file { '/var/lib/iptables/rules-save': - ensure => present, + ensure => file, before => Service[$service_name], } file { '/var/lib/iptables/rules-save6': - ensure => present, + ensure => file, before => Service[$service_name], } } diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp index a5be3c6..6945bbc 100644 --- a/manifests/linux/redhat.pp +++ b/manifests/linux/redhat.pp @@ -26,7 +26,8 @@ # Controls the state of the iptables package on your system. Valid options: 'present' or 'latest'. Defaults to 'latest'. # # @param sysconfig_manage -# Enable sysconfig configuration for iptables/ip6tables files. Defaults defined in firewall::params. This is disabled for RedHat/CentOS 8+. +# Enable sysconfig configuration for iptables/ip6tables files. Defaults defined in firewall::params. +# This is disabled for RedHat/CentOS 8+. # # @api private # @@ -35,11 +36,11 @@ class firewall::linux::redhat ( $ensure_v6 = undef, $enable = true, $enable_v6 = undef, - $service_name = $::firewall::params::service_name, - $service_name_v6 = $::firewall::params::service_name_v6, - $package_name = $::firewall::params::package_name, - $package_ensure = $::firewall::params::package_ensure, - $sysconfig_manage = $::firewall::params::sysconfig_manage, + $service_name = $firewall::params::service_name, + $service_name_v6 = $firewall::params::service_name_v6, + $package_name = $firewall::params::package_name, + $package_ensure = $firewall::params::package_ensure, + $sysconfig_manage = $firewall::params::sysconfig_manage, ) inherits ::firewall::params { $_ensure_v6 = pick($ensure_v6, $ensure) $_enable_v6 = pick($enable_v6, $enable) @@ -48,8 +49,8 @@ class firewall::linux::redhat ( # package, which provides the /usr/libexec/iptables/iptables.init used by # lib/puppet/util/firewall.rb. if ($::operatingsystem != 'Amazon') - and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0) - or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) { + and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0) + or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) { service { 'firewalld': ensure => stopped, enable => false, @@ -66,13 +67,13 @@ class firewall::linux::redhat ( if $package_name { ensure_packages($package_name, { 'ensure' => $package_ensure, - 'before' => Service[$service_name]} + 'before' => Service[$service_name] } ) } if ($::operatingsystem != 'Amazon') - and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0) - or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) { + and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0) + or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) { if $ensure == 'running' { exec { '/usr/bin/systemctl daemon-reload': require => Package[$package_name], @@ -84,7 +85,7 @@ class firewall::linux::redhat ( } if ($::operatingsystem == 'Amazon') and (versioncmp($::operatingsystemmajrelease, '4') >= 0) - or ($::operatingsystem == 'Amazon') and (versioncmp($::operatingsystemmajrelease, '2') >= 0) { + or ($::operatingsystem == 'Amazon') and (versioncmp($::operatingsystemmajrelease, '2') >= 0) { service { $service_name: ensure => $ensure, enable => $enable, @@ -116,14 +117,14 @@ class firewall::linux::redhat ( if $sysconfig_manage { file { "/etc/sysconfig/${service_name}": - ensure => present, + ensure => file, owner => 'root', group => 'root', mode => '0600', } if $service_name_v6 { file { "/etc/sysconfig/${service_name_v6}": - ensure => present, + ensure => file, owner => 'root', group => 'root', mode => '0600', @@ -178,7 +179,6 @@ class firewall::linux::redhat ( } default: {} - } } default: {} diff --git a/manifests/params.pp b/manifests/params.pp index b687150..a6d1907 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -57,7 +57,6 @@ class firewall::params { $service_name = 'iptables-persistent' $package_name = 'iptables-persistent' } - } 'Ubuntu': { if versioncmp($::operatingsystemrelease, '14.10') >= 0 { @@ -67,7 +66,6 @@ class firewall::params { $service_name = 'iptables-persistent' $package_name = 'iptables-persistent' } - } default: { $service_name = 'iptables-persistent' -- 2.45.2