diff options
| author | mh <mh@immerda.ch> | 2013-01-03 18:31:05 +0100 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2013-01-03 18:31:05 +0100 |
| commit | 5ce46c56e0ed95e03c3322f6eba53488a0615207 (patch) | |
| tree | ee2226bad8fb7110d0259b021710cafcaf5cb8fe | |
| parent | 19faa5112c736788ac0ad73eaad8009267be0ad0 (diff) | |
automatically configure a subnet for all listening ips
| -rw-r--r-- | lib/facter/strongswan_ips.rb | 10 | ||||
| -rw-r--r-- | manifests/base.pp | 3 | ||||
| -rw-r--r-- | manifests/init.pp | 1 | ||||
| -rw-r--r-- | templates/ipsec.conf.erb | 3 | ||||
| -rw-r--r-- | templates/remote_host.erb | 2 |
5 files changed, 17 insertions, 2 deletions
diff --git a/lib/facter/strongswan_ips.rb b/lib/facter/strongswan_ips.rb new file mode 100644 index 0000000..7d6f30b --- /dev/null +++ b/lib/facter/strongswan_ips.rb @@ -0,0 +1,10 @@ +Facter.add("strongswan_ips") do + setcode do + result = nil + if bin = ['/usr/sbin/ipsec', '/usr/sbin/strongswan'].find{|f| File.exists?(f) } + output = Facter::Util::Resolution.exec("#{bin} statusall | grep -E '^ [0-9a-f]'").split("\n").collect(&:strip) + result = output.join(',') unless output.empty? + end + result + end +end diff --git a/manifests/base.pp b/manifests/base.pp index 982b3f1..ce0f255 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -45,7 +45,8 @@ class strongswan::base { # export @@strongswan::remote_host{$::fqdn: right_cert_content => $::strongswan_cert, - right_ip_address => $default_left_ip_address, + right_ip_address => $strongswan::default_left_ip_address, + right_subnet => $strongswan::default_left_subnet, tag => $::fqdn } #Strongswan::Remote_Host<<| tag == 'auto' and tag != $::fqdn |>> diff --git a/manifests/init.pp b/manifests/init.pp index 06d5250..5458ed8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -5,6 +5,7 @@ class strongswan( $monkeysphere_publish_key = false, $ipsec_nat = false, $default_left_ip_address = $::ipaddress, + $default_left_subnet = reject(split($::strongswan_ips,','),$::ipaddress), $additional_options = '', $auto_remote_host = false ) { diff --git a/templates/ipsec.conf.erb b/templates/ipsec.conf.erb index ddaf842..44225d3 100644 --- a/templates/ipsec.conf.erb +++ b/templates/ipsec.conf.erb @@ -15,6 +15,9 @@ conn %default left=<%= scope.lookupvar('strongswan::default_left_ip_address') %> leftcert=<%= scope.lookupvar('::fqdn') %>.asc leftid=@<%= scope.lookupvar('::fqdn') %> +<% unless (subn=scope.lookupvar('strongswan::default_left_subnet')).empty? -%> + leftsubnet=<%= subn.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %> +<% end -%> <% unless scope.lookupvar('strongswan::additional_options').empty? -%> <%= scope.lookupvar('strongswan::additional_options') %> diff --git a/templates/remote_host.erb b/templates/remote_host.erb index 5a22ca9..a05378c 100644 --- a/templates/remote_host.erb +++ b/templates/remote_host.erb @@ -4,7 +4,7 @@ conn <%= name %> rightid=@<%= right_id %> rightcert=<%= right_cert_name %>.asc <% unless right_subnet.empty? -%> - rightsubnet=<%= right_subnet.join(',') %> + rightsubnet=<%= right_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %> <% end -%> type=transport auto=start |