1 files changed, 48 insertions, 0 deletions

diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp
new file mode 100644
index 00000000..a874721f
--- /dev/null
+++ b/puppet/modules/site_stunnel/manifests/init.pp
@@ -0,0 +1,48 @@
+#
+# If you need something to happen after stunnel is started,
+# you can depend on Service['stunnel'] or Class['site_stunnel']
+#
+
+class site_stunnel {
+
+  # include the generic stunnel module
+  # increase the number of open files to allow for 800 connections
+  class { 'stunnel': default_extra => 'ulimit -n 4096' }
+
+  # The stunnel.conf provided by the Debian package is broken by default
+  # so we get rid of it and just define our own. See #549384
+  if !defined(File['/etc/stunnel/stunnel.conf']) {
+    file {
+      # this file is a broken config installed by the package
+      '/etc/stunnel/stunnel.conf':
+        ensure => absent;
+    }
+  }
+
+  $stunnel = hiera('stunnel')
+
+  # add server stunnels
+  create_resources(site_stunnel::servers, $stunnel['servers'])
+
+  # add client stunnels
+  $clients = $stunnel['clients']
+  $client_sections = keys($clients)
+  site_stunnel::clients { $client_sections: }
+
+  # remove any old stunnel logs that are not
+  # defined by this puppet run
+  file {'/var/log/stunnel4': purge => true;}
+
+  # the default is to keep 356 log files for each stunnel.
+  # here we set a more reasonable number.
+  augeas {
+    'logrotate_stunnel':
+      context => '/files/etc/logrotate.d/stunnel4/rule',
+      changes => [
+        'set rotate 5',
+      ]
+  }
+
+  include site_stunnel::override_service
+}
+