dynamically manage firewall ports from hiera values

puppet/src/profiles/manifests/ebrc_jenkins.pp

@@ -11,35 +11,18 @@ class profiles::ebrc_jenkins {
     Class['::profiles::local_home'] ->
     Class['::ebrc_jenkins']
     
-    firewalld::custom_service{ 'Allow jenkins in public zone':
-      short  => 'jenkins',
-      port   => [
-        {
-          'port'     => 9191,
-          'protocol' => 'tcp'
-        },
-        {
-          'port'     => 9181,
-          'protocol' => 'tcp'
-        },
-        {
-          'port'     => 9130,
-          'protocol' => 'tcp'
-        },
-        {
-          'port'     => 9120,
-          'protocol' => 'tcp'
-        },
-      ],
-      before => Firewalld_service['Allow jenkins in public zone'],
-    }
-
-    firewalld_service {'Allow jenkins in public zone':
-        ensure  => 'present',
+  $jenkins_instances = hiera('ebrc_jenkins::instances')
+  $jenkins_instances.each |$instance, $conf| {
+    $port = $conf['http_port']
+    firewalld_rich_rule { "Jenkins instance ${instance}":
+      ensure => present,
       zone   => 'public',
-        service => 'jenkins',
+      port   => {
+        'port'     => $port,
+        'protocol' => 'tcp',
+        },
+      action => 'accept',
+    }
   }
-
-
 
 }