5 files changed, 34 insertions, 22 deletions

diff --git a/puppet/modules/site_config/manifests/params.pp b/puppet/modules/site_config/manifests/params.pp
new file mode 100644
index 00000000..237ee454
--- /dev/null
+++ b/puppet/modules/site_config/manifests/params.pp
@@ -0,0 +1,25 @@
+class site_config::params {
+
+  $ip_address               = hiera('ip_address')
+  $ip_address_interface     = getvar("interface_${ip_address}")
+  $ec2_local_ipv4_interface = getvar("interface_${::ec2_local_ipv4}")
+
+  if $::virtual == 'virtualbox' {
+    $interface = [ 'eth0', 'eth1' ]
+  }
+  elsif hiera('interface','') != '' {
+    $interface = hiera('interface')
+  }
+  elsif $ip_address_interface != '' {
+    $interface = $ip_address_interface
+  }
+  elsif $ec2_local_ipv4_interface != '' {
+    $interface = $ec2_local_ipv4_interface
+  }
+  elsif $::interfaces =~ /eth0/ {
+    $interface = eth0
+  }
+  else {
+    fail("unable to determine a valid interface, please set a valid interface for this node in nodes/${::hostname}.json")
+  }
+}
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
index 1ae3fb02..9bfffa6f 100644
--- a/puppet/modules/site_openvpn/manifests/init.pp
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -21,8 +21,6 @@ class site_openvpn {
 
   $openvpn_config   = hiera('openvpn')
   $x509_config      = hiera('x509')
-  $ip_address       = hiera('ip_address')
-  $interface        = getvar("interface_${ip_address}")
   $openvpn_ports    = $openvpn_config['ports']
   $openvpn_gateway_address         = $openvpn_config['gateway_address']
   if $openvpn_config['second_gateway_address'] {
diff --git a/puppet/modules/site_openvpn/templates/add_gateway_ips.sh.erb b/puppet/modules/site_openvpn/templates/add_gateway_ips.sh.erb
index ed06a95e..05f3d16b 100644
--- a/puppet/modules/site_openvpn/templates/add_gateway_ips.sh.erb
+++ b/puppet/modules/site_openvpn/templates/add_gateway_ips.sh.erb
@@ -1,11 +1,11 @@
 #!/bin/sh
 
-ip addr show dev <%= @interface %> | grep -q <%= @openvpn_gateway_address %>/24 ||
-  ip addr add <%= @openvpn_gateway_address %>/24 dev <%= @interface %>
+ip addr show dev <%= scope.lookupvar('site_config::params::interface') %> | grep -q <%= @openvpn_gateway_address %>/24 ||
+  ip addr add <%= @openvpn_gateway_address %>/24 dev <%= scope.lookupvar('site_config::params::interface') %>
 
 <% if @openvpn_second_gateway_address %>
-ip addr show dev <%= @interface %> | grep -q <%= @openvpn_second_gateway_address %>/24 ||
-  ip addr add <%= @openvpn_second_gateway_address %>/24 dev <%= @interface %>
+ip addr show dev <%= scope.lookupvar('site_config::params::interface') %> | grep -q <%= @openvpn_second_gateway_address %>/24 ||
+  ip addr add <%= @openvpn_second_gateway_address %>/24 dev <%= scope.lookupvar('site_config::params::interface') %>
 <% end %>
 
 /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
diff --git a/puppet/modules/site_shorewall/manifests/defaults.pp b/puppet/modules/site_shorewall/manifests/defaults.pp
index d5639a90..c62c9307 100644
--- a/puppet/modules/site_shorewall/manifests/defaults.pp
+++ b/puppet/modules/site_shorewall/manifests/defaults.pp
@@ -1,17 +1,10 @@
 class site_shorewall::defaults {
   include shorewall
+  include site_config::params
 
   # be safe for development
   #if ( $::virtual == 'virtualbox') { $shorewall_startup='0' }
 
-  $ip_address     = hiera('ip_address')
-  # a special case for vagrant interfaces
-  $interface      = $::virtual ? {
-    virtualbox => [ 'eth0', 'eth1' ],
-    default    => getvar("interface_${ip_address}")
-  }
-
-
   # If you want logging:
   shorewall::params {
     'LOG': value => 'debug';
@@ -19,14 +12,13 @@ class site_shorewall::defaults {
 
   shorewall::zone {'net': type => 'ipv4'; }
 
-
   # define interfaces
-  shorewall::interface { $interface:
+  shorewall::interface { $site_config::params::interface:
     zone      => 'net',
     options   => 'tcpflags,blacklist,nosmurfs';
   }
 
-  shorewall::routestopped { $interface: }
+  shorewall::routestopped { $site_config::params::interface: }
 
   shorewall::policy {
     'fw-to-all':
diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp
index 95c3920e..2f84d45c 100644
--- a/puppet/modules/site_shorewall/manifests/eip.pp
+++ b/puppet/modules/site_shorewall/manifests/eip.pp
@@ -1,6 +1,7 @@
 class site_shorewall::eip {
 
   include site_shorewall::defaults
+  include site_config::params
   include site_shorewall::ip_forward
 
   # define macro for incoming services
@@ -32,11 +33,7 @@ PARAM   -       -       udp     1194
       type => 'ipv4';
   }
 
-  if $::virtual == 'virtualbox' {
-    $interface = 'eth0'
-  } else {
-    $interface = $site_shorewall::defaults::interface
-  }
+  $interface = $site_config::params::interface
 
   shorewall::masq {
     "${interface}_unlimited_tcp":