diff options
| author | Micah Anderson <micah@riseup.net> | 2013-04-02 16:30:34 -0400 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2013-04-02 16:30:34 -0400 |
| commit | 31cbf602f874ba16ef3504c004f41021fcad153b (patch) | |
| tree | 2c45e9ec0dc71001754886d9e06285c4302d65d9 | |
| parent | 9740f84b96c3343436ade17cd31320e164b28874 (diff) | |
add $use_monkeysphere variable (default set to false) to enable non-monkeysphere deployments
| -rw-r--r-- | manifests/base.pp | 32 | ||||
| -rw-r--r-- | manifests/init.pp | 20 |
2 files changed, 34 insertions, 18 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 3f1d491..6f28d12 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,18 +1,26 @@ # manage strongswan services class strongswan::base { - package { 'strongswan': - ensure => installed, - require => Package['monkeysphere','gnutls-utils']; - } -> exec { - 'ipsec_privatekey': - command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${::fqdn}.pem", - creates => "${strongswan::cert_dir}/private/${::fqdn}.pem"; - } -> exec { - 'ipsec_monkeysphere_cert': - command => "monkeysphere-host import-key ${strongswan::cert_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::cert_dir}/certs/${::fqdn}.asc", - creates => "${strongswan::cert_dir}/certs/${::fqdn}.asc", - } -> anchor{'strongswan::certs::done': } + if $use_monkeysphere { + package { 'strongswan': + ensure => installed, + require => Package['monkeysphere','gnutls-utils'], + } -> + + exec { 'ipsec_privatekey': + command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${::fqdn}.pem", + creates => "${strongswan::cert_dir}/private/${::fqdn}.pem"; + } -> + + exec { 'ipsec_monkeysphere_cert': + command => "monkeysphere-host import-key ${strongswan::cert_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::cert_dir}/certs/${::fqdn}.asc", + creates => "${strongswan::cert_dir}/certs/${::fqdn}.asc", + } -> anchor{'strongswan::certs::done': } + } else { + package { 'strongswan': + ensure => installed, + } + } File { require => Package['strongswan'], diff --git a/manifests/init.pp b/manifests/init.pp index 9277ef0..3b564d4 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -2,6 +2,7 @@ class strongswan( $manage_shorewall = false, $shorewall_source = 'net', + $use_monkeysphere = false, $monkeysphere_publish_key = false, $ipsec_nat = false, $default_left_ip_address = $::ipaddress, @@ -10,9 +11,16 @@ class strongswan( $auto_remote_host = false ) { - class { 'monkeysphere': - publish_key => $monkeysphere_publish_key - } -> class { 'certtool': } + if $use_monkeysphere != false { + class { 'monkeysphere': + publish_key => $monkeysphere_publish_key + } -> class { 'certtool': } + + $require_monkeysphere = $use_monkeysphere ? { + true => 'Class['monkeysphere']', + false => '' + } + } case $::operatingsystem { centos: { @@ -23,7 +31,7 @@ class strongswan( $binary = '/usr/sbin/ipsec' class { 'strongswan::centos::five': - require => Class['monkeysphere'], + require => $require_monkeysphere } } default: { @@ -31,7 +39,7 @@ class strongswan( $cert_dir = '/etc/strongswan/ipsec.d' $binary = '/usr/sbin/strongswan' class { 'strongswan::centos::six': - require => Class['monkeysphere'], + require => $require_monkeysphere } } } @@ -41,7 +49,7 @@ class strongswan( $cert_dir = '/etc/ipsec.d' $binary = '/usr/sbin/ipsec' class { 'strongswan::base': - require => Class['monkeysphere'], + require => $require_monkeysphere } } } |