Bug #11213: Abstract common shorewall puppet bits

Bug #11213

Abstract common shorewall puppet bits

Added by bertagaz 2016-03-10 13:36:12 . Updated 2016-06-08 05:41:01 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Infrastructure

Target version:

Tails_2.5

Start date:

2016-03-10

Due date:

% Done:

100%

Feature Branch:

Type of work:

Sysadmin

Blueprint:

Starter:

Affected tool:

Deliverable for:

280

Description

Ecours and lizard share common bits of puppet code we should abstract in a tails::shorewall manifest.

Subtasks

Related issues

Related to Tails - ~~Feature #8647~~: Install an OS on the machine that will host the production monitoring setup

Resolved

2015-12-15

History

#1 Updated by intrigeri 2016-03-12 13:47:21

related to ~~Feature #8647~~: Install an OS on the machine that will host the production monitoring setup added

#2 Updated by bertagaz 2016-03-23 14:30:10

blocks #8668 added

#3 Updated by bertagaz 2016-04-26 05:00:07

Target version changed from Tails_2.3 to Tails_2.4

#4 Updated by bertagaz 2016-05-07 04:20:00

Status changed from Confirmed to In Progress
Assignee changed from bertagaz to intrigeri
% Done changed from 0 to 50
QA Check set to Ready for QA

Done. Most related commits in our main repo and the puppet-tails repo are referencing this ticket, apart from the first one where I created tails::shorewall and forgot to do it.

#5 Updated by intrigeri 2016-05-09 02:02:03

Assignee changed from intrigeri to bertagaz
QA Check changed from Ready for QA to Dev Needed

Great! Just two minor style comments:

The $interface parameter could have a more expressive name, like $net_interface (to reuse our shorewall’s zones terminology)
Please avoid code duplication between shorewall::zone { ['net', $vpn_zone, $vm_zone]: type => 'ipv4' } and shorewall::zone { ['net', $vpn_zone]: type => 'ipv4' }: just declare the common part (shorewall::zone for ['net', $vpn_zone]) outside of the if construct, and independently declare Shorewall::Zone[$vm_zone] in the if branch.

#6 Updated by bertagaz 2016-06-06 06:46:08

Assignee changed from bertagaz to intrigeri
% Done changed from 50 to 80
QA Check changed from Dev Needed to Ready for QA

intrigeri wrote:
> * The $interface parameter could have a more expressive name, like $net_interface (to reuse our shorewall’s zones terminology)
> * Please avoid code duplication between shorewall::zone { ['net', $vpn_zone, $vm_zone]: type => 'ipv4' } and shorewall::zone { ['net', $vpn_zone]: type => 'ipv4' }: just declare the common part (shorewall::zone for ['net', $vpn_zone]) outside of the if construct, and independently declare Shorewall::Zone[$vm_zone] in the if branch.

Good catches. I’ve pushed commits in puppet-tails repo that implement your suggestions. They reference this ticket.

#7 Updated by intrigeri 2016-06-06 08:19:19

Target version changed from Tails_2.4 to Tails_2.5

#8 Updated by intrigeri 2016-06-08 05:41:01

Status changed from In Progress to Resolved
Assignee deleted (~~intrigeri~~)
% Done changed from 80 to 100
QA Check changed from Ready for QA to Pass

Good, thanks!