From 29cc2fbdd5c7566487f259202729a5bf5df6a27e Mon Sep 17 00:00:00 2001 From: risca Date: Sun, 26 Nov 2017 12:49:42 +0100 Subject: [PATCH] implemented macro configuration from pillars --- pillar.example | 6 ++++++ shorewall/files/macro_pillars.jinja | 19 +++++++++++++++++++ shorewall/init.sls | 20 +++++++++++++++++++- 3 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 shorewall/files/macro_pillars.jinja diff --git a/pillar.example b/pillar.example index 605aa8f..d826607 100644 --- a/pillar.example +++ b/pillar.example @@ -6,6 +6,12 @@ shorewall: macros: - macro.SaltMaster + macros_pillar: + macro.SaltMaster: # You can enter as many rules as you want with the same syntax for the file rules. + - action: PARAM + proto: tcp + destport: 4505,4506 + zones: mgmt: ipv: 4 # This controls if this item is used for ipv4 and/or ipv6 shorewall. Omit for both. diff --git a/shorewall/files/macro_pillars.jinja b/shorewall/files/macro_pillars.jinja new file mode 100644 index 0000000..75cfbb9 --- /dev/null +++ b/shorewall/files/macro_pillars.jinja @@ -0,0 +1,19 @@ +# +# Shorewall version 4 - {{ macro }} +# +# /usr/share/shorewall/{{ macro }} +# +# +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT(S) PORT(S) LIMIT GROUP +{%- set path = ['shorewall', 'macros_pillar', macro]|join(':') %} +{%- for rule in salt['pillar.get'](path, {}) %} +{%- if rule is string %} +{{ rule }} +{%- else %} +# {{ rule.get('comment', '') }} +{{ rule.get('action') }} {{ rule.get('source', '-') }} {{ rule.get('dest', '-') }} {{ rule.get('proto', '-') }} {{ rule.get('destport', '-') }} {{ rule.get('sourceport', '-') }} {{ rule.get('originaldest', '-') }} {{ rule.get('ratelimit', '-') }} {{ rule.get('usergroup', '-') }} {{ rule.get('mark', '-') }} {{ rule.get('connlimit', '-') }} {{ rule.get('time', '-') }} {{ rule.get('headers', '-') }} {{ rule.get('switch', '') }} +{%- endif %} +{%- endfor %} +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/shorewall/init.sls b/shorewall/init.sls index 62df14f..17343c0 100644 --- a/shorewall/init.sls +++ b/shorewall/init.sls @@ -91,7 +91,7 @@ shorewall_enable_tc_simple_v6: {%- endif %} -{# Install macro files #} +{# Install macro from files #} {% for macro in salt['pillar.get']('shorewall:macros', {}) %} shorewall_config_macro_{{ loop.index }}: file.managed: @@ -105,3 +105,21 @@ shorewall_config_macro_{{ loop.index }}: - watch_in: - service: shorewall_v4 {% endfor %} +{# Install macro from pillars #} +{% for macro in salt['pillar.get']('shorewall:macros_pillar', {}) %} +shorewall_config_macro_{{ loop.index }}: + file.managed: + - name: {{ map.macro_path }}/{{ macro }} + - source: salt://shorewall/files/macro_pillars.jinja + - template: jinja + - user: root + - group: root + - mode: '0644' + - defaults: + macro: {{ macro }} + - require: + - pkg: shorewall_v4 + - watch_in: + - service: shorewall_v4 +{% endfor %} +