move site_config::eip to site_openvpn (Feature #943)

author: varac <varacanero@zeromail.org> 2012-11-21 17:45:44 +0100
committer: varac <varacanero@zeromail.org> 2012-11-21 17:45:44 +0100
commit: c2d57624c15dfaff038f9991f04ade46b5ad1d40 (patch)
tree: 3002448bc00f1e4ea45eb97b3a4180e2623d21e0
parent: a6daa12966867acae7885f48bc2cdee4553f9099 (diff)
5 files changed, 61 insertions, 63 deletions
diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp
index 6abf9b48..0ae86f8e 100644
--- a/puppet/manifests/site.pp
+++ b/puppet/manifests/site.pp
@@ -12,7 +12,7 @@ node 'default' {
 
   # configure eip
   if 'openvpn' in $services {
-    include site_config::eip
+    include site_openvpn
   }
 
   if 'couchdb' in $services {
diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp
deleted file mode 100644
index 4280fb67..00000000
--- a/puppet/modules/site_config/manifests/eip.pp
+++ /dev/null
@@ -1,57 +0,0 @@
-class site_config::eip {
-
-  # parse hiera config
-  $ip_address                 = hiera('ip_address')
-  $interface                  = hiera('interface')
-  #$gateway_address           = hiera('gateway_address')
-  $openvpn_config             = hiera('openvpn')
-  $openvpn_gateway_address    = $openvpn_config['gateway_address']
-  $openvpn_tcp_network_prefix = '10.1.0'
-  $openvpn_tcp_netmask        = '255.255.248.0'
-  $openvpn_tcp_cidr           = '21'
-  $openvpn_udp_network_prefix = '10.2.0'
-  $openvpn_udp_netmask        = '255.255.248.0'
-  $openvpn_udp_cidr           = '21'
-
-  include site_openvpn
-  
-  # deploy ca + server keys
-  include site_openvpn::keys
-
-  # create 2 openvpn config files, one for tcp, one for udp
-  site_openvpn::server_config { 'tcp_config':
-    port        => '1194',
-    proto       => 'tcp',
-    local       => $openvpn_gateway_address,
-    server      => "$openvpn_tcp_network_prefix.0 $openvpn_tcp_netmask",
-    push        => "\"dhcp-option DNS $openvpn_tcp_network_prefix.1\"",
-    management  => '127.0.0.1 1000'
-  }
-  site_openvpn::server_config { 'udp_config':
-    port        => '1194',
-    proto       => 'udp',
-    server      => "$openvpn_udp_network_prefix.0 $openvpn_udp_netmask",
-    push        => "\"dhcp-option DNS $openvpn_udp_network_prefix.1\"",
-    local       => $openvpn_gateway_address,
-    management  => '127.0.0.1 1001'
-  }
-
-  # add second IP on given interface
-  file { '/usr/local/bin/leap_add_second_ip.sh':
-    content => "#!/bin/sh
-ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr add ${openvpn_gateway_address}/24 dev $interface",
-    mode    => '0755',
-  }
-
-  exec { '/usr/local/bin/leap_add_second_ip.sh':
-    subscribe   => File['/usr/local/bin/leap_add_second_ip.sh'],
-  }
-
-  cron { 'leap_add_second_ip.sh':
-    command => "/usr/local/bin/leap_add_second_ip.sh",
-    user    => 'root',
-    special => 'reboot',
-  }
-
-  include site_shorewall::eip
-}
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
index e95e67d5..7268fe76 100644
--- a/puppet/modules/site_openvpn/manifests/init.pp
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -1,4 +1,59 @@
 class site_openvpn {
+  # parse hiera config
+  $ip_address                 = hiera('ip_address')
+  $interface                  = hiera('interface')
+  #$gateway_address           = hiera('gateway_address')
+  $openvpn_config             = hiera('openvpn')
+  $openvpn_gateway_address    = $openvpn_config['gateway_address']
+  $openvpn_tcp_network_prefix = '10.1.0'
+  $openvpn_tcp_netmask        = '255.255.248.0'
+  $openvpn_tcp_cidr           = '21'
+  $openvpn_udp_network_prefix = '10.2.0'
+  $openvpn_udp_netmask        = '255.255.248.0'
+  $openvpn_udp_cidr           = '21'
+
+  include site_openvpn
+  
+  # deploy ca + server keys
+  include site_openvpn::keys
+
+  # create 2 openvpn config files, one for tcp, one for udp
+  site_openvpn::server_config { 'tcp_config':
+    port        => '1194',
+    proto       => 'tcp',
+    local       => $openvpn_gateway_address,
+    server      => "$openvpn_tcp_network_prefix.0 $openvpn_tcp_netmask",
+    push        => "\"dhcp-option DNS $openvpn_tcp_network_prefix.1\"",
+    management  => '127.0.0.1 1000'
+  }
+  site_openvpn::server_config { 'udp_config':
+    port        => '1194',
+    proto       => 'udp',
+    server      => "$openvpn_udp_network_prefix.0 $openvpn_udp_netmask",
+    push        => "\"dhcp-option DNS $openvpn_udp_network_prefix.1\"",
+    local       => $openvpn_gateway_address,
+    management  => '127.0.0.1 1001'
+  }
+
+  # add second IP on given interface
+  file { '/usr/local/bin/leap_add_second_ip.sh':
+    content => "#!/bin/sh
+ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr add ${openvpn_gateway_address}/24 dev $interface",
+    mode    => '0755',
+  }
+
+  exec { '/usr/local/bin/leap_add_second_ip.sh':
+    subscribe   => File['/usr/local/bin/leap_add_second_ip.sh'],
+  }
+
+  cron { 'leap_add_second_ip.sh':
+    command => "/usr/local/bin/leap_add_second_ip.sh",
+    user    => 'root',
+    special => 'reboot',
+  }
+
+  include site_shorewall::eip
+
   package {
     'openvpn':
       ensure => installed;
diff --git a/puppet/modules/site_shorewall/manifests/dnat_rule.pp b/puppet/modules/site_shorewall/manifests/dnat_rule.pp
index 4fc62f85..68f480d8 100644
--- a/puppet/modules/site_shorewall/manifests/dnat_rule.pp
+++ b/puppet/modules/site_shorewall/manifests/dnat_rule.pp
@@ -6,7 +6,7 @@ define site_shorewall::dnat_rule {
         "dnat_tcp_port_$port":
           action          => 'DNAT',
           source          => 'net',
-          destination     => "\$FW:${site_config::eip::openvpn_gateway_address}:1194",
+          destination     => "\$FW:${site_openvpn::openvpn_gateway_address}:1194",
           proto           => 'tcp',
           destinationport => $port,
           order           => 100;
@@ -16,7 +16,7 @@ define site_shorewall::dnat_rule {
         "dnat_udp_port_$port":
           action          => 'DNAT',
           source          => 'net',
-          destination     => "\$FW:${site_config::eip::openvpn_gateway_address}:1194",
+          destination     => "\$FW:${site_openvpn::openvpn_gateway_address}:1194",
           proto           => 'udp',
           destinationport => $port,
           order           => 100;
diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp
index 086bf75a..57dc17e9 100644
--- a/puppet/modules/site_shorewall/manifests/eip.pp
+++ b/puppet/modules/site_shorewall/manifests/eip.pp
@@ -10,7 +10,7 @@ class site_shorewall::eip {
   $ssh_port       = $ssh_config['port']
   $openvpn_config = hiera('openvpn')
   $openvpn_ports  = $openvpn_config['ports']
-  $openvpn_gateway_address = $site_config::eip::openvpn_gateway_address
+  $openvpn_gateway_address = $site_openvpn::openvpn_gateway_address
 
   # define macro for incoming services
   file { '/etc/shorewall/macro.leap_eip':
@@ -42,11 +42,11 @@ PARAM   -       -       udp     1194
 
   shorewall::masq { "${interface}_tcp":
     interface => $interface,
-    source    => "$site_config::eip::openvpn_tcp_network_prefix.0/$site_config::eip::openvpn_tcp_cidr"; }
+    source    => "$site_openvpn::openvpn_tcp_network_prefix.0/$site_openvpn::openvpn_tcp_cidr"; }
 
   shorewall::masq { "${interface}_udp":
     interface => $interface,
-    source    => "$site_config::eip::openvpn_udp_network_prefix.0/$site_config::eip::openvpn_udp_cidr"; }
+    source    => "$site_openvpn::openvpn_udp_network_prefix.0/$site_openvpn::openvpn_udp_cidr"; }
 
   shorewall::policy {
     'eip-to-all':
author	varac <varacanero@zeromail.org>	2012-11-21 17:45:44 +0100
committer	varac <varacanero@zeromail.org>	2012-11-21 17:45:44 +0100
commit	c2d57624c15dfaff038f9991f04ade46b5ad1d40 (patch)
tree	3002448bc00f1e4ea45eb97b3a4180e2623d21e0
parent	a6daa12966867acae7885f48bc2cdee4553f9099 (diff)