add a basic site_stunnel that takes care of some generic functionality that all stunnel client/servers will need handled (at least in debian and ubuntu)

1 files changed, 18 insertions, 0 deletions

diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp
new file mode 100644
index 00000000..6ba2c4b8
--- /dev/null
+++ b/puppet/modules/site_stunnel/manifests/init.pp
@@ -0,0 +1,18 @@
+class site_stunnel {
+
+  # include the generic stunnel module
+  # increase the number of open files to allow for 800 connections
+  $stunnel_default_extra = 'ulimit -n 4096'
+  include stunnel
+
+  # The stunnel.conf provided by the Debian package is broken by default
+  # so we get rid of it and just define our own. See #549384
+  if !defined(File['/etc/stunnel/stunnel.conf']) {
+    file {
+      # this file is a broken config installed by the package
+      '/etc/stunnel/stunnel.conf':
+        ensure => absent;
+    }
+  }
+}
+