summaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
authorMathieu Bornoz <mathieu.bornoz@camptocamp.com>2013-05-01 10:10:35 +0200
committerRaphaƫl Pinson <raphael.pinson@camptocamp.com>2013-12-03 09:35:38 +0100
commitfb924446a69b9ce07ea898d5d301ccca8de72b2f (patch)
tree8a31bba5306311dd81ec90bf443c501304c24320 /manifests
parentf8a05e0e6dd7a40fe53329a20ff81227b23bb398 (diff)
SSL support
Diffstat (limited to 'manifests')
-rw-r--r--manifests/client.pp14
-rw-r--r--manifests/init.pp4
-rw-r--r--manifests/install.pp6
-rw-r--r--manifests/params.pp6
-rw-r--r--manifests/server.pp10
-rw-r--r--manifests/snippet.pp2
6 files changed, 38 insertions, 4 deletions
diff --git a/manifests/client.pp b/manifests/client.pp
index 624dfe8..37be590 100644
--- a/manifests/client.pp
+++ b/manifests/client.pp
@@ -14,6 +14,7 @@
# [*custom_params*]
# [*server*]
# [*port*]
+# [*ssl_ca*]
#
# === Variables
#
@@ -30,7 +31,8 @@ class rsyslog::client (
$custom_config = undef,
$custom_params = undef,
$server = 'log',
- $port = '514'
+ $port = '514',
+ $ssl_ca = undef,
) inherits rsyslog {
$content_real = $custom_config ? {
@@ -41,6 +43,14 @@ class rsyslog::client (
rsyslog::snippet {'client':
ensure => present,
content => $content_real,
- }
+ }
+
+ if $rsyslog::ssl and $ssl_ca == undef {
+ fail('You need to define $ssl_ca in order to use SSL.')
+ }
+
+ if $rsyslog::ssl and $remote_type != 'tcp' {
+ fail('You need to enable tcp in order to use SSL.')
+ }
}
diff --git a/manifests/init.pp b/manifests/init.pp
index 05b9943..7064c65 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -15,6 +15,7 @@ class rsyslog (
$relp_package_name = $rsyslog::params::relp_package_name,
$mysql_package_name = $rsyslog::params::mysql_package_name,
$pgsql_package_name = $rsyslog::params::pgsql_package_name,
+ $gnutls_package_name = $rsyslog::params::gnutls_package_name,
$package_status = $rsyslog::params::package_status,
$rsyslog_d = $rsyslog::params::rsyslog_d,
$purge_rsyslog_d = $rsyslog::params::purge_rsyslog_d,
@@ -30,7 +31,8 @@ class rsyslog (
$spool_dir = $rsyslog::params::spool_dir,
$service_name = $rsyslog::params::service_name,
$client_conf = $rsyslog::params::client_conf,
- $server_conf = $rsyslog::params::server_conf
+ $server_conf = $rsyslog::params::server_conf,
+ $ssl = $rsyslog::params::ssl,
) inherits rsyslog::params {
class { 'rsyslog::install': }
class { 'rsyslog::config': }
diff --git a/manifests/install.pp b/manifests/install.pp
index 3e9ad1a..9798b3f 100644
--- a/manifests/install.pp
+++ b/manifests/install.pp
@@ -23,4 +23,10 @@ class rsyslog::install {
}
}
+ if $rsyslog::gnutls_package_name != false {
+ package { $rsyslog::gnutls_package_name:
+ ensure => $rsyslog::package_status
+ }
+ }
+
}
diff --git a/manifests/params.pp b/manifests/params.pp
index 1ca23d5..8f9b639 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -18,6 +18,7 @@ class rsyslog::params {
$relp_package_name = 'rsyslog-relp'
$mysql_package_name = 'rsyslog-mysql'
$pgsql_package_name = 'rsyslog-pgsql'
+ $gnutls_package_name = 'rsyslog-gnutls'
$package_status = 'latest'
$rsyslog_d = '/etc/rsyslog.d/'
$purge_rsyslog_d = false
@@ -34,6 +35,7 @@ class rsyslog::params {
$service_name = 'rsyslog'
$client_conf = "${rsyslog_d}client.conf"
$server_conf = "${rsyslog_d}server.conf"
+ $ssl = false
}
redhat: {
$rsyslog_package_name = 'rsyslog'
@@ -44,6 +46,7 @@ class rsyslog::params {
}
$mysql_package_name = 'rsyslog-mysql'
$pgsql_package_name = 'rsyslog-pgsql'
+ $gnutls_package_name = 'rsyslog-gnutls'
$package_status = 'latest'
$rsyslog_d = '/etc/rsyslog.d/'
$rsyslog_conf = '/etc/rsyslog.conf'
@@ -59,12 +62,14 @@ class rsyslog::params {
$service_name = 'rsyslog'
$client_conf = "${rsyslog_d}client.conf"
$server_conf = "${rsyslog_d}server.conf"
+ $ssl = false
}
freebsd: {
$rsyslog_package_name = 'sysutils/rsyslog5'
$relp_package_name = 'sysutils/rsyslog5-relp'
$mysql_package_name = 'sysutils/rsyslog5-mysql'
$pgsql_package_name = 'sysutils/rsyslog5-pgsql'
+ $gnutls_package_name = 'sysutils/rsyslog5-gnutls'
$package_status = 'present'
$rsyslog_d = '/etc/syslog.d/'
$rsyslog_conf = '/etc/syslog.conf'
@@ -80,6 +85,7 @@ class rsyslog::params {
$service_name = 'syslogd'
$client_conf = "${rsyslog_d}client.conf"
$server_conf = "${rsyslog_d}server.conf"
+ $ssl = false
}
default: {
case $::operatingsystem {
diff --git a/manifests/server.pp b/manifests/server.pp
index 0cb7de8..36ee898 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -10,6 +10,9 @@
# [*server_dir*]
# [*custom_config*]
# [*high_precision_timestamps*]
+# [*ssl_ca*]
+# [*ssl_cert*]
+# [*ssl_key*]
#
# === Variables
#
@@ -33,6 +36,9 @@ class rsyslog::server (
$custom_config = undef,
$port = '514',
$high_precision_timestamps = false,
+ $ssl_ca = undef,
+ $ssl_cert = undef,
+ $ssl_key = undef,
) inherits rsyslog {
$real_content = $custom_config ? {
@@ -44,4 +50,8 @@ class rsyslog::server (
ensure => present,
content => $real_content,
}
+
+ if $rsyslog::ssl and (!$enable_tcp or $ssl_ca == undef or $ssl_cert == undef or $ssl_key == undef) {
+ fail('You need to define all the ssl options and enable tcp in order to use SSL.')
+ }
}
diff --git a/manifests/snippet.pp b/manifests/snippet.pp
index 26cfa76..bb0468e 100644
--- a/manifests/snippet.pp
+++ b/manifests/snippet.pp
@@ -26,7 +26,7 @@ define rsyslog::snippet(
ensure => $ensure,
owner => $rsyslog::run_user,
group => $rsyslog::run_group,
- content => "${content}\n",
+ content => "# file managed by puppet\n${content}\n",
require => Class['rsyslog::config'],
notify => Class['rsyslog::service'],
}