diff options
author | varac <varacanero@zeromail.org> | 2012-10-30 12:37:47 +0100 |
---|---|---|
committer | varac <varacanero@zeromail.org> | 2012-10-30 12:37:47 +0100 |
commit | 38bb67fa4238dda60e1a140f38f4450a4f8a8ca9 (patch) | |
tree | 024ba24cb0ff118eb16c1e79d6c17a9c6b15d6b5 /puppet/modules/site_config | |
parent | 76bbc01eae893206a8ed0d8d248ee565e3acdc61 (diff) | |
parent | 038380e042289a9586141d7154febea2a2a6a56c (diff) |
Merge branch 'feature/interfaces' into develop
Diffstat (limited to 'puppet/modules/site_config')
-rw-r--r-- | puppet/modules/site_config/manifests/eip.pp | 53 |
1 files changed, 40 insertions, 13 deletions
diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index df17771a..4280fb67 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -1,30 +1,57 @@ class site_config::eip { - include site_openvpn - include site_openvpn::keys - #$tor=hiera('tor') - #notice("Tor enabled: $tor") + # parse hiera config + $ip_address = hiera('ip_address') + $interface = hiera('interface') + #$gateway_address = hiera('gateway_address') + $openvpn_config = hiera('openvpn') + $openvpn_gateway_address = $openvpn_config['gateway_address'] + $openvpn_tcp_network_prefix = '10.1.0' + $openvpn_tcp_netmask = '255.255.248.0' + $openvpn_tcp_cidr = '21' + $openvpn_udp_network_prefix = '10.2.0' + $openvpn_udp_netmask = '255.255.248.0' + $openvpn_udp_cidr = '21' - $openvpn_config = hiera('openvpn') - $interface = hiera('interface') - $gateway_address = $openvpn_config['gateway_address'] + include site_openvpn + + # deploy ca + server keys + include site_openvpn::keys + # create 2 openvpn config files, one for tcp, one for udp site_openvpn::server_config { 'tcp_config': port => '1194', proto => 'tcp', - local => $gateway_address, - server => '10.1.0.0 255.255.248.0', - push => '"dhcp-option DNS 10.1.0.1"', + local => $openvpn_gateway_address, + server => "$openvpn_tcp_network_prefix.0 $openvpn_tcp_netmask", + push => "\"dhcp-option DNS $openvpn_tcp_network_prefix.1\"", management => '127.0.0.1 1000' } site_openvpn::server_config { 'udp_config': port => '1194', proto => 'udp', - local => $gateway_address, - server => '10.2.0.0 255.255.248.0', - push => '"dhcp-option DNS 10.2.0.1"', + server => "$openvpn_udp_network_prefix.0 $openvpn_udp_netmask", + push => "\"dhcp-option DNS $openvpn_udp_network_prefix.1\"", + local => $openvpn_gateway_address, management => '127.0.0.1 1001' } + # add second IP on given interface + file { '/usr/local/bin/leap_add_second_ip.sh': + content => "#!/bin/sh +ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr add ${openvpn_gateway_address}/24 dev $interface", + mode => '0755', + } + + exec { '/usr/local/bin/leap_add_second_ip.sh': + subscribe => File['/usr/local/bin/leap_add_second_ip.sh'], + } + + cron { 'leap_add_second_ip.sh': + command => "/usr/local/bin/leap_add_second_ip.sh", + user => 'root', + special => 'reboot', + } + include site_shorewall::eip } |