From cb373e32164e2e62fdd4f695c13be2d331e0fceb Mon Sep 17 00:00:00 2001 From: Andrew Teixeira Date: Mon, 4 Apr 2016 14:11:07 -0400 Subject: [PATCH 1/3] Add filterinitvars to filter class to provide [Init] configuration in filters --- manifests/filter.pp | 34 +++++++++++++++++++++++++--------- templates/filter.local.erb | 6 ++++++ 2 files changed, 31 insertions(+), 9 deletions(-) diff --git a/manifests/filter.pp b/manifests/filter.pp index 376c220..69e65b3 100644 --- a/manifests/filter.pp +++ b/manifests/filter.pp @@ -33,22 +33,30 @@ # $filterafter - indicates an filter file is read after the # [Definition] section. # -# $filterdefinitionvars - Variables for the INIT stanza of the filter file. +# $filterdefinitionvars - Variables for the *Definition* stanza of the filter file. +# They are tuples in the format +# "var = value" +# Can be an array like +# [ "var1 = value1", "var2 = value2",.., "varN = valueN" ] +# +# $filterinitvars - Variables for the *Init* stanza of the filter file. # They are tuples in the format # "var = value" # Can be an array like # [ "var1 = value1", "var2 = value2",.., "varN = valueN" ] # define fail2ban::filter ( - $filtername = '', - $filtersource = '', - $filtertemplate = 'fail2ban/filter.local.erb', - $filterfailregex = '', - $filterignoreregex = '', - $filterbefore = '', - $filterafter = '', + $filtername = '', + $filtersource = '', + $filtertemplate = 'fail2ban/filter.local.erb', + $filterfailregex = '', + $filterignoreregex = '', + $filterbefore = '', + $filterafter = '', $filterdefinitionvars = '', - $filterenable = true ) { + $filterinitvars = '', + $filterenable = true +) { include fail2ban @@ -83,6 +91,14 @@ default => $filterdefinitionvars, } + $array_initvars = is_array($filterinitvars) ? { + false => $filterinitvars? { + '' => [], + default => [$filterinitvars], + }, + default => $filterinitvars, + } + $ensure = bool2ensure($filterenable) $manage_file_source = $filtersource ? { diff --git a/templates/filter.local.erb b/templates/filter.local.erb index 31b8637..dc41e31 100644 --- a/templates/filter.local.erb +++ b/templates/filter.local.erb @@ -17,3 +17,9 @@ ignoreregex = <%= @array_ignoreregex.join("\n\t") %> <% if @array_definitionvars != [] -%> <%= @array_definitionvars.join("\n") %> <% end -%> + +[Init] + +<% if @array_initvars != [] -%> +<%= @array_initvars.join("\n") %> +<% end -%> From 6b4f53b7f6a9e5abdbe3c93a3443ea62951a6ce2 Mon Sep 17 00:00:00 2001 From: Andrew Teixeira Date: Thu, 18 Aug 2016 12:20:51 -0400 Subject: [PATCH 2/3] require EPEL on RHEL7 hosts --- manifests/init.pp | 18 +++++++++++++++--- manifests/params.pp | 5 +++++ 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 185274e..4182cd7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -269,6 +269,10 @@ # Socket file used by fail2ban-client to communicate with fail2ban. # Default: /var/run/fail2ban/fail2ban.sock # +# [*use_epel*] +# Require the epel class before installing fail2ban packages. +# Default: false for all non-RedHat variantsd +# # == Examples # # You can use this class in 2 ways: @@ -344,7 +348,8 @@ $jails_source = params_lookup( 'jails_source' ), $jails_template = params_lookup( 'jails_template' ), $jails_template_header = params_lookup( 'jails_template_header' ), - $jails_template_footer = params_lookup( 'jails_template_footer' ) + $jails_template_footer = params_lookup( 'jails_template_footer' ), + $use_epel = params_lookup( 'use_epel' ), ) inherits fail2ban::params { $bool_source_dir_purge=any2bool($source_dir_purge) @@ -420,10 +425,17 @@ default => template($fail2ban::template), } + if $use_epel { + $pkg_require = Class['Epel'] + } else { + $pkg_require = undef + } + ### Managed resources package { $fail2ban::package: - ensure => $fail2ban::manage_package, - noop => $fail2ban::noops, + ensure => $fail2ban::manage_package, + noop => $fail2ban::noops, + require => $pkg_require, } service { 'fail2ban': diff --git a/manifests/params.pp b/manifests/params.pp index 0835364..a1709e7 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -107,6 +107,11 @@ default => '/var/log/fail2ban/fail2ban.log', } + $use_epel = $::operatingsystem ? { + /(?i:RedHat|Centos|Scientific|Fedora|OracleLinux)/ => true, + default => false, + } + $log_level = '3' $socket = '/var/run/fail2ban/fail2ban.sock' From ecae75f020d8995c5e56aa70804bc898109be1a4 Mon Sep 17 00:00:00 2001 From: Andrew Teixeira Date: Thu, 18 Aug 2016 12:26:54 -0400 Subject: [PATCH 3/3] Fix ensure in jails manifest --- manifests/jail.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/jail.pp b/manifests/jail.pp index 1ceb529..d673fc2 100644 --- a/manifests/jail.pp +++ b/manifests/jail.pp @@ -119,6 +119,7 @@ if ! defined(Concat[$fail2ban::jails_file]) { concat { $fail2ban::jails_file: + ensure => $ensure, mode => $fail2ban::jails_file_mode, warn => true, owner => $fail2ban::jails_file_owner, @@ -143,7 +144,6 @@ } } concat::fragment{ "fail2ban_jail_${name}": - ensure => $ensure, target => $fail2ban::jails_file, content => template('fail2ban/concat/jail.local-stanza.erb'), order => $real_order,