diff options
author | Mathieu Bornoz <mathieu.bornoz@camptocamp.com> | 2013-05-01 10:10:35 +0200 |
---|---|---|
committer | Raphaƫl Pinson <raphael.pinson@camptocamp.com> | 2013-12-03 09:35:38 +0100 |
commit | fb924446a69b9ce07ea898d5d301ccca8de72b2f (patch) | |
tree | 8a31bba5306311dd81ec90bf443c501304c24320 /manifests | |
parent | f8a05e0e6dd7a40fe53329a20ff81227b23bb398 (diff) |
SSL support
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/client.pp | 14 | ||||
-rw-r--r-- | manifests/init.pp | 4 | ||||
-rw-r--r-- | manifests/install.pp | 6 | ||||
-rw-r--r-- | manifests/params.pp | 6 | ||||
-rw-r--r-- | manifests/server.pp | 10 | ||||
-rw-r--r-- | manifests/snippet.pp | 2 |
6 files changed, 38 insertions, 4 deletions
diff --git a/manifests/client.pp b/manifests/client.pp index 624dfe8..37be590 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -14,6 +14,7 @@ # [*custom_params*] # [*server*] # [*port*] +# [*ssl_ca*] # # === Variables # @@ -30,7 +31,8 @@ class rsyslog::client ( $custom_config = undef, $custom_params = undef, $server = 'log', - $port = '514' + $port = '514', + $ssl_ca = undef, ) inherits rsyslog { $content_real = $custom_config ? { @@ -41,6 +43,14 @@ class rsyslog::client ( rsyslog::snippet {'client': ensure => present, content => $content_real, - } + } + + if $rsyslog::ssl and $ssl_ca == undef { + fail('You need to define $ssl_ca in order to use SSL.') + } + + if $rsyslog::ssl and $remote_type != 'tcp' { + fail('You need to enable tcp in order to use SSL.') + } } diff --git a/manifests/init.pp b/manifests/init.pp index 05b9943..7064c65 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -15,6 +15,7 @@ class rsyslog ( $relp_package_name = $rsyslog::params::relp_package_name, $mysql_package_name = $rsyslog::params::mysql_package_name, $pgsql_package_name = $rsyslog::params::pgsql_package_name, + $gnutls_package_name = $rsyslog::params::gnutls_package_name, $package_status = $rsyslog::params::package_status, $rsyslog_d = $rsyslog::params::rsyslog_d, $purge_rsyslog_d = $rsyslog::params::purge_rsyslog_d, @@ -30,7 +31,8 @@ class rsyslog ( $spool_dir = $rsyslog::params::spool_dir, $service_name = $rsyslog::params::service_name, $client_conf = $rsyslog::params::client_conf, - $server_conf = $rsyslog::params::server_conf + $server_conf = $rsyslog::params::server_conf, + $ssl = $rsyslog::params::ssl, ) inherits rsyslog::params { class { 'rsyslog::install': } class { 'rsyslog::config': } diff --git a/manifests/install.pp b/manifests/install.pp index 3e9ad1a..9798b3f 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -23,4 +23,10 @@ class rsyslog::install { } } + if $rsyslog::gnutls_package_name != false { + package { $rsyslog::gnutls_package_name: + ensure => $rsyslog::package_status + } + } + } diff --git a/manifests/params.pp b/manifests/params.pp index 1ca23d5..8f9b639 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -18,6 +18,7 @@ class rsyslog::params { $relp_package_name = 'rsyslog-relp' $mysql_package_name = 'rsyslog-mysql' $pgsql_package_name = 'rsyslog-pgsql' + $gnutls_package_name = 'rsyslog-gnutls' $package_status = 'latest' $rsyslog_d = '/etc/rsyslog.d/' $purge_rsyslog_d = false @@ -34,6 +35,7 @@ class rsyslog::params { $service_name = 'rsyslog' $client_conf = "${rsyslog_d}client.conf" $server_conf = "${rsyslog_d}server.conf" + $ssl = false } redhat: { $rsyslog_package_name = 'rsyslog' @@ -44,6 +46,7 @@ class rsyslog::params { } $mysql_package_name = 'rsyslog-mysql' $pgsql_package_name = 'rsyslog-pgsql' + $gnutls_package_name = 'rsyslog-gnutls' $package_status = 'latest' $rsyslog_d = '/etc/rsyslog.d/' $rsyslog_conf = '/etc/rsyslog.conf' @@ -59,12 +62,14 @@ class rsyslog::params { $service_name = 'rsyslog' $client_conf = "${rsyslog_d}client.conf" $server_conf = "${rsyslog_d}server.conf" + $ssl = false } freebsd: { $rsyslog_package_name = 'sysutils/rsyslog5' $relp_package_name = 'sysutils/rsyslog5-relp' $mysql_package_name = 'sysutils/rsyslog5-mysql' $pgsql_package_name = 'sysutils/rsyslog5-pgsql' + $gnutls_package_name = 'sysutils/rsyslog5-gnutls' $package_status = 'present' $rsyslog_d = '/etc/syslog.d/' $rsyslog_conf = '/etc/syslog.conf' @@ -80,6 +85,7 @@ class rsyslog::params { $service_name = 'syslogd' $client_conf = "${rsyslog_d}client.conf" $server_conf = "${rsyslog_d}server.conf" + $ssl = false } default: { case $::operatingsystem { diff --git a/manifests/server.pp b/manifests/server.pp index 0cb7de8..36ee898 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -10,6 +10,9 @@ # [*server_dir*] # [*custom_config*] # [*high_precision_timestamps*] +# [*ssl_ca*] +# [*ssl_cert*] +# [*ssl_key*] # # === Variables # @@ -33,6 +36,9 @@ class rsyslog::server ( $custom_config = undef, $port = '514', $high_precision_timestamps = false, + $ssl_ca = undef, + $ssl_cert = undef, + $ssl_key = undef, ) inherits rsyslog { $real_content = $custom_config ? { @@ -44,4 +50,8 @@ class rsyslog::server ( ensure => present, content => $real_content, } + + if $rsyslog::ssl and (!$enable_tcp or $ssl_ca == undef or $ssl_cert == undef or $ssl_key == undef) { + fail('You need to define all the ssl options and enable tcp in order to use SSL.') + } } diff --git a/manifests/snippet.pp b/manifests/snippet.pp index 26cfa76..bb0468e 100644 --- a/manifests/snippet.pp +++ b/manifests/snippet.pp @@ -26,7 +26,7 @@ define rsyslog::snippet( ensure => $ensure, owner => $rsyslog::run_user, group => $rsyslog::run_group, - content => "${content}\n", + content => "# file managed by puppet\n${content}\n", require => Class['rsyslog::config'], notify => Class['rsyslog::service'], } |