From 7521958cc6c210d65009aa87c6c7297fd9be3dd2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sat, 15 Nov 2014 13:36:51 -0500 Subject: don't enable Tor DirPort if openvpn is running on port 80 (Bug #6377) We need to check the openvpn hiera value, which may or may not be set. If it is not set, then we need to not lookup the $openvpn['ports]' values or we will get an error because it wont be the correct type. If we do have it, then $openvpn_ports gets set with the hash, otherwise it gets set to an empty hash (otherwise puppet will complain when we try to query the member() later with "member(): Requires array to work with"). Finally, if it is set to port 80, we don't include the tor::daemon::directory Change-Id: Ic366c72e966cae9d611e8fe5aa7ea7943be51241 --- puppet/modules/site_tor/manifests/init.pp | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp index 9944bb2b..d14e813d 100644 --- a/puppet/modules/site_tor/manifests/init.pp +++ b/puppet/modules/site_tor/manifests/init.pp @@ -11,6 +11,14 @@ class site_tor { $address = hiera('ip_address') + $openvpn = hiera('openvpn', undef) + if $openvpn { + $openvpn_ports = $openvpn['ports'] + } + else { + $openvpn_ports = [] + } + class { 'tor::daemon': } tor::daemon::relay { $nickname: port => 9001, @@ -22,7 +30,8 @@ class site_tor { if ( $tor_type == 'exit'){ # Only enable the daemon directory if the node isn't also a webapp node - if ! member($::services, 'webapp') { + # or running openvpn on port 80 + if ! member($::services, 'webapp') and ! member($openvpn_ports, '80') { tor::daemon::directory { $::hostname: port => 80 } } } -- cgit v1.2.3