diff options
| author | mh <mh@immerda.ch> | 2012-12-30 16:12:07 +0100 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2012-12-30 16:12:07 +0100 |
| commit | 1ac11038d7c1cc1177f3b1f326254b932beeb83c (patch) | |
| tree | e77af7beaf3527619a579b12cd296387590f3927 | |
| parent | f021bbd23d559b192b563b5dbe6abe8e0cf41c9f (diff) | |
linting
| -rw-r--r-- | manifests/base.pp | 76 | ||||
| -rw-r--r-- | manifests/init.pp | 3 |
2 files changed, 40 insertions, 39 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index f266a89..bf791bf 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,60 +1,60 @@ -# manifests/init.pp - module to manage strongswan/ipsec - +# manage strongswan services class strongswan::base { - require certtool - - package{ 'strongswan' : + package{'strongswan': ensure => installed, } - if $selinux == 'true' { - package{ 'strongswan-selinux' : + if $::selinux == 'true' { + package{'strongswan-selinux': ensure => installed, } } - exec{ 'ipsec_privatekey': - command => "certtool --generate-privkey --bits 2048 --outfile /etc/ipsec.d/private/${::fqdn}.pem", - creates => "/etc/ipsec.d/private/${::fqdn}.pem", - require => Package['strongswan'], + exec{ + 'ipsec_privatekey': + command => "certtool --generate-privkey --bits 2048 --outfile /etc/ipsec.d/private/${::fqdn}.pem", + creates => "/etc/ipsec.d/private/${::fqdn}.pem", + require => Package['strongswan']; + 'ipsec_monkeysphere_cert': + command => "monkeysphere-host import-key /etc/ipsec.d/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > /etc/ipsec.d/certs/${::fqdn}.asc"; + creates => "/etc/ipsec.d/certs/${::fqdn}.asc", + require => Exec['ipsec_privatekey']; } - exec{ 'ipsec_monkeysphere_cert' : - require => Exec['ipsec_privatekey'], - creates => "/etc/ipsec.d/certs/${::fqdn}.asc", - command => "monkeysphere-host import-key /etc/ipsec.d/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > /etc/ipsec.d/certs/${::fqdn}.asc" + file{ '/etc/ipsec.secrets': + content => ": RSA ${::fqdn}.pem\n", + require => Package['strongswan'], + notify => Service['ipsec'], + owner => 'root', + group => 0, + mode => '0400'; + '/etc/ipsec.conf': + source => "puppet:///modules/site_strongswan/configs/${::fqdn}", + require => Package['strongswan'], + notify => Service['ipsec'], + owner => 'root', + group => 0, + mode => '0400'; } - file{ '/etc/ipsec.secrets' : - content => ": RSA ${::fqdn}.pem\n", - require => Package['strongswan'], - owner => "root", group => 0, mode => "400", - notify => Service['ipsec'], + service{'ipsec': + ensure => running, + enable => true, } - if $::strongswan_cert != "false" and $::strongswan_cert != "" { - @@file{ "/etc/ipsec.d/certs/${::fqdn}.asc": - owner => "root", group => 0, mode => "400", - tag => 'strongswan_cert', + if $::strongswan_cert != 'false' and $::strongswan_cert != '' { + @@file{"/etc/ipsec.d/certs/${::fqdn}.asc": + tag => 'strongswan_cert', content => $::strongswan_cert, require => Package['strongswan'], - notify => Service['ipsec'], + notify => Service['ipsec'], + owner => 'root', + group => 0, + mode => '0400'; } - } - - File<<| tag == 'strongswan_cert' |>> - - file{'/etc/ipsec.conf': - source => "puppet:///modules/site_strongswan/configs/${::fqdn}", - require => Package['strongswan'], - notify => Service['ipsec'], - owner => "root", group => 0, mode => "400"; } - service{'ipsec': - ensure => running, - enable => true, - } + File<<| tag == 'strongswan_cert' |>> } diff --git a/manifests/init.pp b/manifests/init.pp index c6b971a..ad9486c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,3 +1,4 @@ +# manage a strongswan class strongswan( $manage_shorewall = false, $monkeysphere_publish_key = false @@ -5,7 +6,7 @@ class strongswan( class{'monkeysphere': publish_key => $monkeysphere_publish_key - } -> class{'strongswan::base': } + } -> class{'certtool': } -> class{'strongswan::base': } if $manage_shorewall { include shorewall::rules::ipsec |