Puppet Class: profile::dumps::distribution::ferm

Defined in:
modules/profile/manifests/dumps/distribution/ferm.pp

Summary

configure ferm rules for rsync mirroring

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • internal_rsync_clients (Array[Stdlib::Fqdn]) (defaults to: lookup('profile::dumps::rsync_internal_clients'))

    list of internal rsync clients

  • rsync_mirrors (Array[Wmflib::Dumps::Mirror]) (defaults to: lookup('profile::dumps::distribution::mirrors'))

    object representing a mirror



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'modules/profile/manifests/dumps/distribution/ferm.pp', line 5

class profile::dumps::distribution::ferm (
    Array[Stdlib::Fqdn] $internal_rsync_clients = lookup('profile::dumps::rsync_internal_clients'),
    Array[Wmflib::Dumps::Mirror] $rsync_mirrors = lookup('profile::dumps::distribution::mirrors'),
) {
    $rsync_clients = $rsync_mirrors.filter |$item| {
        $item['active'] == 'yes'
    }.map |$item| {
        $item['ipv4'].map |$ip| {
            $ip ? {
                Stdlib::IP::Address::V4 => $ip,
                default                 => dnsquery::a($ip),
            }
        } +
        $item['ipv6'].map |$ip| {
            $ip ? {
                Stdlib::IP::Address::V6 => $ip,
                default                 => dnsquery::aaaa($ip),
            }
        }
    } + $internal_rsync_clients.map |$item| { dnsquery::lookup($item) }

    $_rsync_clients = $rsync_clients.flatten.sort.unique

    firewall::service { 'dumps_rsyncd':
        port   => 873,
        proto  => 'tcp',
        srange => $_rsync_clients,
    }
}