don't enable Tor DirPort if openvpn is running on port 80 (Bug #6377)

We need to check the openvpn hiera value, which may or may not be set.
If it is not set, then we need to not lookup the $openvpn['ports]'
values or we will get an error because it wont be the correct type.

If we do have it, then $openvpn_ports gets set with the hash, otherwise
it gets set to an empty hash (otherwise puppet will complain when we try
to query the member() later with "member(): Requires array to work
with").

Finally, if it is set to port 80, we don't include the
tor::daemon::directory

Change-Id: Ic366c72e966cae9d611e8fe5aa7ea7943be51241

1 files changed, 10 insertions, 1 deletions

diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp
index 9944bb2b..d14e813d 100644
--- a/puppet/modules/site_tor/manifests/init.pp
+++ b/puppet/modules/site_tor/manifests/init.pp
@@ -11,6 +11,14 @@ class site_tor {
 
   $address        = hiera('ip_address')
 
+  $openvpn        = hiera('openvpn', undef)
+  if $openvpn {
+    $openvpn_ports = $openvpn['ports']
+  }
+  else {
+    $openvpn_ports = []
+  }
+  
   class { 'tor::daemon': }
   tor::daemon::relay { $nickname:
     port           => 9001,
@@ -22,7 +30,8 @@ class site_tor {
 
   if ( $tor_type == 'exit'){
     # Only enable the daemon directory if the node isn't also a webapp node
-    if ! member($::services, 'webapp') {
+    # or running openvpn on port 80
+    if ! member($::services, 'webapp') and ! member($openvpn_ports, '80') {
       tor::daemon::directory { $::hostname: port => 80 }
     }
   }