puppet: Move our iptables config to zulip_internal.

(imported from commit f177b3989092f4fa7f00ae5bfb833ea23fe35489)
2013-11-07 17:47:23 -05:00 · 2013-11-07 17:47:23 -05:00 · 71e1f00fc6
parent e957c8adb2
commit 71e1f00fc6
3 changed files with 24 additions and 24 deletions
--- a/puppet/zulip/manifests/base.pp
+++ b/puppet/zulip/manifests/base.pp
@ -70,28 +70,4 @@ class zulip::base {
    group  => 'zulip',
    mode   => 640,
  }
-
-  file { '/etc/iptables/rules':
-    ensure     => file,
-    mode       => 600,
-    source     => 'puppet:///modules/zulip/iptables/rules',
-    require    => Package['iptables-persistent'],
-  }
-  service { 'iptables-persistent':
-    ensure     => running,
-
-    # Because there is no running process for this service, the normal status
-    # checks fail.  Because puppet then thinks the service has been manually
-    # stopped, it won't restart it.  This fake status command will trick puppet
-    # into thinking the service is *always* running (which in a way it is, as
-    # iptables is part of the kernel.)
-    hasstatus => true,
-    status => "/bin/true",
-
-    # Under Debian, the "restart" parameter does not reload the rules, so tell
-    # Puppet to fall back to stop/start, which does work.
-    hasrestart => false,
-
-    subscribe  => File['/etc/iptables/rules'],
-  }
 }
--- a/puppet/zulip_internal/files/iptables/rules
+++ b/puppet/zulip_internal/files/iptables/rules
--- a/puppet/zulip_internal/manifests/base.pp
+++ b/puppet/zulip_internal/manifests/base.pp
@ -109,4 +109,28 @@ class zulip_internal::base {
    mode => 755,
    source => "puppet:///modules/zulip_internal/nagios_plugins/",
  }
+
+  file { '/etc/iptables/rules':
+    ensure     => file,
+    mode       => 600,
+    source     => 'puppet:///modules/zulip_internal/iptables/rules',
+    require    => Package['iptables-persistent'],
+  }
+  service { 'iptables-persistent':
+    ensure     => running,
+
+    # Because there is no running process for this service, the normal status
+    # checks fail.  Because puppet then thinks the service has been manually
+    # stopped, it won't restart it.  This fake status command will trick puppet
+    # into thinking the service is *always* running (which in a way it is, as
+    # iptables is part of the kernel.)
+    hasstatus => true,
+    status => "/bin/true",
+
+    # Under Debian, the "restart" parameter does not reload the rules, so tell
+    # Puppet to fall back to stop/start, which does work.
+    hasrestart => false,
+
+    subscribe  => File['/etc/iptables/rules'],
+  }
 }