summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config
diff options
context:
space:
mode:
authorvarac <varacanero@zeromail.org>2012-10-30 15:03:55 +0100
committervarac <varacanero@zeromail.org>2012-10-30 15:03:55 +0100
commitf066f7a99a8d15f5b80c5bbf9117606c723ab352 (patch)
tree961439bb37e8fa8442759987c0dcad0369145ed7 /puppet/modules/site_config
parent06a1546a36698dd75fb500ad2a12e9bbf9b43f03 (diff)
parent9586f6ec95b6bdba7ca3df4135055f2cced9e972 (diff)
Merge branch 'develop' into feature/couchdb
Diffstat (limited to 'puppet/modules/site_config')
-rw-r--r--puppet/modules/site_config/manifests/eip.pp52
1 files changed, 40 insertions, 12 deletions
diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp
index 95f9dbf4..4280fb67 100644
--- a/puppet/modules/site_config/manifests/eip.pp
+++ b/puppet/modules/site_config/manifests/eip.pp
@@ -1,29 +1,57 @@
class site_config::eip {
+
+ # parse hiera config
+ $ip_address = hiera('ip_address')
+ $interface = hiera('interface')
+ #$gateway_address = hiera('gateway_address')
+ $openvpn_config = hiera('openvpn')
+ $openvpn_gateway_address = $openvpn_config['gateway_address']
+ $openvpn_tcp_network_prefix = '10.1.0'
+ $openvpn_tcp_netmask = '255.255.248.0'
+ $openvpn_tcp_cidr = '21'
+ $openvpn_udp_network_prefix = '10.2.0'
+ $openvpn_udp_netmask = '255.255.248.0'
+ $openvpn_udp_cidr = '21'
+
include site_openvpn
+
+ # deploy ca + server keys
include site_openvpn::keys
- #$tor=hiera('tor')
- #notice("Tor enabled: $tor")
-
- #$openvpn_configs=hiera('openvpn_server_configs')
- #create_resources('site_openvpn::server_config', $openvpn_configs)
-
+ # create 2 openvpn config files, one for tcp, one for udp
site_openvpn::server_config { 'tcp_config':
port => '1194',
proto => 'tcp',
- local => $::ipaddress_eth0_1,
- server => '10.1.0.0 255.255.248.0',
- push => '"dhcp-option DNS 10.1.0.1"',
+ local => $openvpn_gateway_address,
+ server => "$openvpn_tcp_network_prefix.0 $openvpn_tcp_netmask",
+ push => "\"dhcp-option DNS $openvpn_tcp_network_prefix.1\"",
management => '127.0.0.1 1000'
}
site_openvpn::server_config { 'udp_config':
port => '1194',
proto => 'udp',
- local => $::ipaddress_eth0_1,
- server => '10.2.0.0 255.255.248.0',
- push => '"dhcp-option DNS 10.2.0.1"',
+ server => "$openvpn_udp_network_prefix.0 $openvpn_udp_netmask",
+ push => "\"dhcp-option DNS $openvpn_udp_network_prefix.1\"",
+ local => $openvpn_gateway_address,
management => '127.0.0.1 1001'
}
+ # add second IP on given interface
+ file { '/usr/local/bin/leap_add_second_ip.sh':
+ content => "#!/bin/sh
+ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr add ${openvpn_gateway_address}/24 dev $interface",
+ mode => '0755',
+ }
+
+ exec { '/usr/local/bin/leap_add_second_ip.sh':
+ subscribe => File['/usr/local/bin/leap_add_second_ip.sh'],
+ }
+
+ cron { 'leap_add_second_ip.sh':
+ command => "/usr/local/bin/leap_add_second_ip.sh",
+ user => 'root',
+ special => 'reboot',
+ }
+
include site_shorewall::eip
}