modules/fail2ban/manifests/init.pp - Issue 29364214: Issue 2487 - Introduce fail2ban module

Unified Diff: modules/fail2ban/manifests/init.pp

Issue 29364214: Issue 2487 - Introduce fail2ban module (Closed)

Patch Set: Created Nov. 24, 2016, 3:09 p.m.

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View side-by-side diff with in-line comments

Index: modules/fail2ban/manifests/init.pp

===================================================================

new file mode 100644

--- /dev/null

+++ b/modules/fail2ban/manifests/init.pp

@@ -0,0 +1,80 @@

+# == Class: fail2ban

+# Create and maintain fail2ban (http://www.fail2ban.org/) setups.

+# == Parameters:

+# [*jail_config*]

+# Adds jail.local to the default configuration of fail2ban

f.nicolaisen 2016/11/25 15:09:09 Unnecessary white space at end of line.

+# [*package*]

+# Overwrite the default package options, to fine-tune the target version (i.e.

+# ensure => 'latest') or remove Fluentd (ensure => 'absent' or 'purged')

mathias 2016/11/24 16:08:48 Fluentd?

f.lopez 2016/11/25 15:13:49 Acknowledged.

+# [*service*]

+# Overwrite the default service options.

+# [*filters*]

+# Adds adittional filters to the filters.d folder

+# === Examples:

+# class {'fail2ban':

+# package => {ensure => 'present',},

+# service => {},

+# jail_config => {

+# 'wordpress' => {

+# logpath => '/var/log/nginx/access.log',

f.nicolaisen 2016/11/25 15:09:09 Unnecessary white spaces at end of line.

+# }

+# },

+# filters => {

+# 'wordpress' => {

+# failregex => [

+# '^<HOST>.*\"WordPress\/.*',

+# ],

+# }

+# },

+# }

mathias 2016/11/24 16:08:48 The example code is not properly indented. Also it

f.lopez 2016/11/25 15:13:49 Acknowledged.

+class fail2ban (

+ $package = {},

mathias 2016/11/24 16:08:48 Please make sure to wrap all default arguments acc

f.lopez 2016/11/25 15:13:49 Acknowledged.

+ $service = {},

+ $jail_config = {},

+ $filters = {},

+) {

+ include stdlib

+ ensure_resource('package', $title, $package)

+ # Used as default $ensure parameter for most resources below

+ $ensure = getparam(Package[$title], 'ensure') ? {

+ /^(absent|purged|held)$/ => 'absent',

mathias 2016/11/24 16:08:48 By now I wouldn't consider a "held" package as "ab

f.lopez 2016/11/25 15:13:49 Acknowledged.

+ default => 'present',

+ }

+ # Service resources don't properly support the concept of absence

+ if ($ensure == 'present') or ($service['ensure'] != undef) {

mathias 2016/11/24 16:08:48 Why checking for $service['ensure'] being defined?

f.lopez 2016/11/25 15:13:49 Acknowledged.

+ ensure_resource('service', $title, $service)

+ # See modules/fail2ban/manifests/filter.pp

+ create_resources('fail2ban::filter', $filters)

f.nicolaisen 2016/11/25 15:09:09 Unnecessary white spaces here.

+ # According to the docs one can also enable filters that are

+ # already in there, so the config file should be done appart.

mathias 2016/11/24 16:08:48 I don't really get this point, but I assume you me

f.lopez 2016/11/25 15:13:49 Acknowledged.

+ if jail_config != undef {

mathias 2016/11/24 16:08:48 The $jail_config defaults to an empty hash, so I d

f.lopez 2016/11/25 15:13:49 One can have filters without activating them, so y

+ file {'/etc/fail2ban/jail.local':

+ ensure => present,

+ group => 'root',

+ mode => '0644',

+ owner => 'root',

+ content => template("fail2ban/jail.erb"),

+ notify => Service[$title],

+ }

f.nicolaisen 2016/11/25 15:09:09 Unnecessary white spaces here.

+ Service[$title] <~ Package[$title]

mathias 2016/11/24 16:08:48 Usually package updates imply reloading/restarting

f.lopez 2016/11/25 15:13:49 Notify is a kind of relation, but I agree that whe

+ }

+ Package[$title] -> File['/etc/fail2ban/jail.local']

mathias 2016/11/24 16:08:48 Since the file resource is just declared under cer

f.lopez 2016/11/25 15:13:49 Acknowledged.

« modules/fail2ban/manifests/filter.pp ('K') | « modules/fail2ban/manifests/filter.pp ('k') | modules/fail2ban/templates/filter.erb » ('j') | modules/fail2ban/templates/jail.erb » ('J')