summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config
diff options
context:
space:
mode:
authorvarac <varacanero@zeromail.org>2012-10-30 12:37:47 +0100
committervarac <varacanero@zeromail.org>2012-10-30 12:37:47 +0100
commit38bb67fa4238dda60e1a140f38f4450a4f8a8ca9 (patch)
tree024ba24cb0ff118eb16c1e79d6c17a9c6b15d6b5 /puppet/modules/site_config
parent76bbc01eae893206a8ed0d8d248ee565e3acdc61 (diff)
parent038380e042289a9586141d7154febea2a2a6a56c (diff)
Merge branch 'feature/interfaces' into develop
Diffstat (limited to 'puppet/modules/site_config')
-rw-r--r--puppet/modules/site_config/manifests/eip.pp53
1 files changed, 40 insertions, 13 deletions
diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp
index df17771a..4280fb67 100644
--- a/puppet/modules/site_config/manifests/eip.pp
+++ b/puppet/modules/site_config/manifests/eip.pp
@@ -1,30 +1,57 @@
class site_config::eip {
- include site_openvpn
- include site_openvpn::keys
- #$tor=hiera('tor')
- #notice("Tor enabled: $tor")
+ # parse hiera config
+ $ip_address = hiera('ip_address')
+ $interface = hiera('interface')
+ #$gateway_address = hiera('gateway_address')
+ $openvpn_config = hiera('openvpn')
+ $openvpn_gateway_address = $openvpn_config['gateway_address']
+ $openvpn_tcp_network_prefix = '10.1.0'
+ $openvpn_tcp_netmask = '255.255.248.0'
+ $openvpn_tcp_cidr = '21'
+ $openvpn_udp_network_prefix = '10.2.0'
+ $openvpn_udp_netmask = '255.255.248.0'
+ $openvpn_udp_cidr = '21'
- $openvpn_config = hiera('openvpn')
- $interface = hiera('interface')
- $gateway_address = $openvpn_config['gateway_address']
+ include site_openvpn
+
+ # deploy ca + server keys
+ include site_openvpn::keys
+ # create 2 openvpn config files, one for tcp, one for udp
site_openvpn::server_config { 'tcp_config':
port => '1194',
proto => 'tcp',
- local => $gateway_address,
- server => '10.1.0.0 255.255.248.0',
- push => '"dhcp-option DNS 10.1.0.1"',
+ local => $openvpn_gateway_address,
+ server => "$openvpn_tcp_network_prefix.0 $openvpn_tcp_netmask",
+ push => "\"dhcp-option DNS $openvpn_tcp_network_prefix.1\"",
management => '127.0.0.1 1000'
}
site_openvpn::server_config { 'udp_config':
port => '1194',
proto => 'udp',
- local => $gateway_address,
- server => '10.2.0.0 255.255.248.0',
- push => '"dhcp-option DNS 10.2.0.1"',
+ server => "$openvpn_udp_network_prefix.0 $openvpn_udp_netmask",
+ push => "\"dhcp-option DNS $openvpn_udp_network_prefix.1\"",
+ local => $openvpn_gateway_address,
management => '127.0.0.1 1001'
}
+ # add second IP on given interface
+ file { '/usr/local/bin/leap_add_second_ip.sh':
+ content => "#!/bin/sh
+ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr add ${openvpn_gateway_address}/24 dev $interface",
+ mode => '0755',
+ }
+
+ exec { '/usr/local/bin/leap_add_second_ip.sh':
+ subscribe => File['/usr/local/bin/leap_add_second_ip.sh'],
+ }
+
+ cron { 'leap_add_second_ip.sh':
+ command => "/usr/local/bin/leap_add_second_ip.sh",
+ user => 'root',
+ special => 'reboot',
+ }
+
include site_shorewall::eip
}