diff options
Diffstat (limited to 'puppet/modules/site_stunnel')
-rw-r--r-- | puppet/modules/site_stunnel/manifests/clients.pp | 26 | ||||
-rw-r--r-- | puppet/modules/site_stunnel/manifests/init.pp | 17 | ||||
-rw-r--r-- | puppet/modules/site_stunnel/manifests/setup.pp | 24 |
3 files changed, 67 insertions, 0 deletions
diff --git a/puppet/modules/site_stunnel/manifests/clients.pp b/puppet/modules/site_stunnel/manifests/clients.pp new file mode 100644 index 00000000..ed766e1a --- /dev/null +++ b/puppet/modules/site_stunnel/manifests/clients.pp @@ -0,0 +1,26 @@ +define site_stunnel::clients ( + $accept_port, + $connect_port, + $connect, + $cafile, + $key, + $cert, + $client = true, + $verify = '2', + $pid = $name, + $rndfile = '/var/lib/stunnel4/.rnd', + $debuglevel = '4' ) { + + stunnel::service { $name: + accept => "127.0.0.1:${accept_port}", + connect => "${connect}:${connect_port}", + client => $client, + cafile => $cafile, + key => $key, + cert => $cert, + verify => $verify, + pid => "/var/run/stunnel4/${pid}.pid", + rndfile => $rndfile, + debuglevel => $debuglevel + } +} diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp new file mode 100644 index 00000000..c7d6acc6 --- /dev/null +++ b/puppet/modules/site_stunnel/manifests/init.pp @@ -0,0 +1,17 @@ +class site_stunnel { + + # include the generic stunnel module + # increase the number of open files to allow for 800 connections + class { 'stunnel': default_extra => 'ulimit -n 4096' } + + # The stunnel.conf provided by the Debian package is broken by default + # so we get rid of it and just define our own. See #549384 + if !defined(File['/etc/stunnel/stunnel.conf']) { + file { + # this file is a broken config installed by the package + '/etc/stunnel/stunnel.conf': + ensure => absent; + } + } +} + diff --git a/puppet/modules/site_stunnel/manifests/setup.pp b/puppet/modules/site_stunnel/manifests/setup.pp new file mode 100644 index 00000000..92eeb425 --- /dev/null +++ b/puppet/modules/site_stunnel/manifests/setup.pp @@ -0,0 +1,24 @@ +class site_stunnel::setup ($cert_name, $key, $cert, $ca_name, $ca) { + + include site_stunnel + + x509::key { + $cert_name: + content => $key, + notify => Service['stunnel']; + } + + x509::cert { + $cert_name: + content => $cert, + notify => Service['stunnel']; + } + + x509::ca { + $ca_name: + content => $ca, + notify => Service['stunnel']; + } + +} + |