summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/manifests/site.pp2
-rw-r--r--puppet/modules/site_config/manifests/eip.pp57
-rw-r--r--puppet/modules/site_openvpn/manifests/init.pp55
-rw-r--r--puppet/modules/site_shorewall/manifests/dnat_rule.pp4
-rw-r--r--puppet/modules/site_shorewall/manifests/eip.pp6
5 files changed, 61 insertions, 63 deletions
diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp
index 6abf9b48..0ae86f8e 100644
--- a/puppet/manifests/site.pp
+++ b/puppet/manifests/site.pp
@@ -12,7 +12,7 @@ node 'default' {
# configure eip
if 'openvpn' in $services {
- include site_config::eip
+ include site_openvpn
}
if 'couchdb' in $services {
diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp
deleted file mode 100644
index 4280fb67..00000000
--- a/puppet/modules/site_config/manifests/eip.pp
+++ /dev/null
@@ -1,57 +0,0 @@
-class site_config::eip {
-
- # parse hiera config
- $ip_address = hiera('ip_address')
- $interface = hiera('interface')
- #$gateway_address = hiera('gateway_address')
- $openvpn_config = hiera('openvpn')
- $openvpn_gateway_address = $openvpn_config['gateway_address']
- $openvpn_tcp_network_prefix = '10.1.0'
- $openvpn_tcp_netmask = '255.255.248.0'
- $openvpn_tcp_cidr = '21'
- $openvpn_udp_network_prefix = '10.2.0'
- $openvpn_udp_netmask = '255.255.248.0'
- $openvpn_udp_cidr = '21'
-
- include site_openvpn
-
- # deploy ca + server keys
- include site_openvpn::keys
-
- # create 2 openvpn config files, one for tcp, one for udp
- site_openvpn::server_config { 'tcp_config':
- port => '1194',
- proto => 'tcp',
- local => $openvpn_gateway_address,
- server => "$openvpn_tcp_network_prefix.0 $openvpn_tcp_netmask",
- push => "\"dhcp-option DNS $openvpn_tcp_network_prefix.1\"",
- management => '127.0.0.1 1000'
- }
- site_openvpn::server_config { 'udp_config':
- port => '1194',
- proto => 'udp',
- server => "$openvpn_udp_network_prefix.0 $openvpn_udp_netmask",
- push => "\"dhcp-option DNS $openvpn_udp_network_prefix.1\"",
- local => $openvpn_gateway_address,
- management => '127.0.0.1 1001'
- }
-
- # add second IP on given interface
- file { '/usr/local/bin/leap_add_second_ip.sh':
- content => "#!/bin/sh
-ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr add ${openvpn_gateway_address}/24 dev $interface",
- mode => '0755',
- }
-
- exec { '/usr/local/bin/leap_add_second_ip.sh':
- subscribe => File['/usr/local/bin/leap_add_second_ip.sh'],
- }
-
- cron { 'leap_add_second_ip.sh':
- command => "/usr/local/bin/leap_add_second_ip.sh",
- user => 'root',
- special => 'reboot',
- }
-
- include site_shorewall::eip
-}
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
index e95e67d5..7268fe76 100644
--- a/puppet/modules/site_openvpn/manifests/init.pp
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -1,4 +1,59 @@
class site_openvpn {
+ # parse hiera config
+ $ip_address = hiera('ip_address')
+ $interface = hiera('interface')
+ #$gateway_address = hiera('gateway_address')
+ $openvpn_config = hiera('openvpn')
+ $openvpn_gateway_address = $openvpn_config['gateway_address']
+ $openvpn_tcp_network_prefix = '10.1.0'
+ $openvpn_tcp_netmask = '255.255.248.0'
+ $openvpn_tcp_cidr = '21'
+ $openvpn_udp_network_prefix = '10.2.0'
+ $openvpn_udp_netmask = '255.255.248.0'
+ $openvpn_udp_cidr = '21'
+
+ include site_openvpn
+
+ # deploy ca + server keys
+ include site_openvpn::keys
+
+ # create 2 openvpn config files, one for tcp, one for udp
+ site_openvpn::server_config { 'tcp_config':
+ port => '1194',
+ proto => 'tcp',
+ local => $openvpn_gateway_address,
+ server => "$openvpn_tcp_network_prefix.0 $openvpn_tcp_netmask",
+ push => "\"dhcp-option DNS $openvpn_tcp_network_prefix.1\"",
+ management => '127.0.0.1 1000'
+ }
+ site_openvpn::server_config { 'udp_config':
+ port => '1194',
+ proto => 'udp',
+ server => "$openvpn_udp_network_prefix.0 $openvpn_udp_netmask",
+ push => "\"dhcp-option DNS $openvpn_udp_network_prefix.1\"",
+ local => $openvpn_gateway_address,
+ management => '127.0.0.1 1001'
+ }
+
+ # add second IP on given interface
+ file { '/usr/local/bin/leap_add_second_ip.sh':
+ content => "#!/bin/sh
+ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr add ${openvpn_gateway_address}/24 dev $interface",
+ mode => '0755',
+ }
+
+ exec { '/usr/local/bin/leap_add_second_ip.sh':
+ subscribe => File['/usr/local/bin/leap_add_second_ip.sh'],
+ }
+
+ cron { 'leap_add_second_ip.sh':
+ command => "/usr/local/bin/leap_add_second_ip.sh",
+ user => 'root',
+ special => 'reboot',
+ }
+
+ include site_shorewall::eip
+
package {
'openvpn':
ensure => installed;
diff --git a/puppet/modules/site_shorewall/manifests/dnat_rule.pp b/puppet/modules/site_shorewall/manifests/dnat_rule.pp
index 4fc62f85..68f480d8 100644
--- a/puppet/modules/site_shorewall/manifests/dnat_rule.pp
+++ b/puppet/modules/site_shorewall/manifests/dnat_rule.pp
@@ -6,7 +6,7 @@ define site_shorewall::dnat_rule {
"dnat_tcp_port_$port":
action => 'DNAT',
source => 'net',
- destination => "\$FW:${site_config::eip::openvpn_gateway_address}:1194",
+ destination => "\$FW:${site_openvpn::openvpn_gateway_address}:1194",
proto => 'tcp',
destinationport => $port,
order => 100;
@@ -16,7 +16,7 @@ define site_shorewall::dnat_rule {
"dnat_udp_port_$port":
action => 'DNAT',
source => 'net',
- destination => "\$FW:${site_config::eip::openvpn_gateway_address}:1194",
+ destination => "\$FW:${site_openvpn::openvpn_gateway_address}:1194",
proto => 'udp',
destinationport => $port,
order => 100;
diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp
index 086bf75a..57dc17e9 100644
--- a/puppet/modules/site_shorewall/manifests/eip.pp
+++ b/puppet/modules/site_shorewall/manifests/eip.pp
@@ -10,7 +10,7 @@ class site_shorewall::eip {
$ssh_port = $ssh_config['port']
$openvpn_config = hiera('openvpn')
$openvpn_ports = $openvpn_config['ports']
- $openvpn_gateway_address = $site_config::eip::openvpn_gateway_address
+ $openvpn_gateway_address = $site_openvpn::openvpn_gateway_address
# define macro for incoming services
file { '/etc/shorewall/macro.leap_eip':
@@ -42,11 +42,11 @@ PARAM - - udp 1194
shorewall::masq { "${interface}_tcp":
interface => $interface,
- source => "$site_config::eip::openvpn_tcp_network_prefix.0/$site_config::eip::openvpn_tcp_cidr"; }
+ source => "$site_openvpn::openvpn_tcp_network_prefix.0/$site_openvpn::openvpn_tcp_cidr"; }
shorewall::masq { "${interface}_udp":
interface => $interface,
- source => "$site_config::eip::openvpn_udp_network_prefix.0/$site_config::eip::openvpn_udp_cidr"; }
+ source => "$site_openvpn::openvpn_udp_network_prefix.0/$site_openvpn::openvpn_udp_cidr"; }
shorewall::policy {
'eip-to-all':