diff options
| author | Micah Anderson <micah@riseup.net> | 2013-08-10 19:58:32 +0200 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2013-08-10 19:58:32 +0200 |
| commit | 621dd59d14688d0a8102825192cb552c7d676ede (patch) | |
| tree | c6264bb842f9fa74ee8de56802f5785ae215822f | |
| parent | f7665a02299ae043b3a0d4c611b057b078fef29b (diff) | |
| parent | ac59107f714fb5b88dc872124a29ffc926d81990 (diff) | |
Merge branch 'master' into leap
Conflicts:
manifests/base.pp
| -rw-r--r-- | manifests/base.pp | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 6f28d12..e7cd81c 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,25 +1,29 @@ # manage strongswan services class strongswan::base { - if $use_monkeysphere { package { 'strongswan': ensure => installed, - require => Package['monkeysphere','gnutls-utils'], - } -> + } -> - exec { 'ipsec_privatekey': - command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${::fqdn}.pem", - creates => "${strongswan::cert_dir}/private/${::fqdn}.pem"; - } -> + exec { 'ipsec_privatekey': + command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${::fqdn}.pem", + creates => "${strongswan::cert_dir}/private/${::fqdn}.pem"; + } -> + + anchor{'strongswan::certs::done': } + + if $use_monkeysphere { + + Package['strongswan'] { + require => Package['monkeysphere','gnutls-utils'], + } exec { 'ipsec_monkeysphere_cert': command => "monkeysphere-host import-key ${strongswan::cert_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::cert_dir}/certs/${::fqdn}.asc", creates => "${strongswan::cert_dir}/certs/${::fqdn}.asc", - } -> anchor{'strongswan::certs::done': } - } else { - package { 'strongswan': - ensure => installed, - } + require => Exec['ipsec_privatekey'], + before => Anchor['strongswan::certs::done'], + } } File { @@ -44,7 +48,7 @@ class strongswan::base { "${strongswan::config_dir}/hosts/__dummy__.conf": ensure => 'present'; '/etc/ipsec.conf': - content => template('strongswan/ipsec.conf.erb'); + content => template($strongswan::ipsec_conf_template); "/usr/local/sbin/${binary_name}_connected_hosts": content => "#!/bin/bash\n${strongswan::binary} status | grep ESTABLISHED | awk -F\\[ '{ print \$1 }'\n", notify => undef, |