diff options
| author | mh <mh@immerda.ch> | 2012-12-30 16:54:36 +0100 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2012-12-30 16:54:36 +0100 |
| commit | 773b5491530f02b979010ed9e76eac90940d2a1d (patch) | |
| tree | 039dec682c8b185bb9451f2e8dcf39cf4cd3f20b | |
| parent | 1ac11038d7c1cc1177f3b1f326254b932beeb83c (diff) | |
rearrange things to make it work also on el6
| -rw-r--r-- | manifests/base.pp | 39 | ||||
| -rw-r--r-- | manifests/centos/five.pp | 8 | ||||
| -rw-r--r-- | manifests/centos/six.pp | 12 | ||||
| -rw-r--r-- | manifests/cert.pp | 11 | ||||
| -rw-r--r-- | manifests/init.pp | 27 |
5 files changed, 69 insertions, 28 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index bf791bf..4f72ae6 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -3,26 +3,17 @@ class strongswan::base { package{'strongswan': ensure => installed, - } - - if $::selinux == 'true' { - package{'strongswan-selinux': - ensure => installed, - } - } - - exec{ + } -> exec{ 'ipsec_privatekey': - command => "certtool --generate-privkey --bits 2048 --outfile /etc/ipsec.d/private/${::fqdn}.pem", - creates => "/etc/ipsec.d/private/${::fqdn}.pem", - require => Package['strongswan']; - 'ipsec_monkeysphere_cert': - command => "monkeysphere-host import-key /etc/ipsec.d/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > /etc/ipsec.d/certs/${::fqdn}.asc"; - creates => "/etc/ipsec.d/certs/${::fqdn}.asc", - require => Exec['ipsec_privatekey']; + command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::config_dir}/private/${::fqdn}.pem", + creates => "${strongswan::config_dir}/private/${::fqdn}.pem"; + } -> exec{'ipsec_monkeysphere_cert': + command => "monkeysphere-host import-key ${strongswan::config_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::config_dir}/certs/${::fqdn}.asc", + creates => "${strongswan::config_dir}/certs/${::fqdn}.asc", } - file{ '/etc/ipsec.secrets': + file{ + '/etc/ipsec.secrets': content => ": RSA ${::fqdn}.pem\n", require => Package['strongswan'], notify => Service['ipsec'], @@ -44,17 +35,11 @@ class strongswan::base { } if $::strongswan_cert != 'false' and $::strongswan_cert != '' { - @@file{"/etc/ipsec.d/certs/${::fqdn}.asc": - tag => 'strongswan_cert', - content => $::strongswan_cert, - require => Package['strongswan'], - notify => Service['ipsec'], - owner => 'root', - group => 0, - mode => '0400'; + @@strongswan::cert{$::fqdn: + cert => $::strongswan_cert, + tag => 'strongswan_cert' } } - File<<| tag == 'strongswan_cert' |>> - + Strongswan::Cert<<| tag == 'strongswan_cert' |>> } diff --git a/manifests/centos/five.pp b/manifests/centos/five.pp new file mode 100644 index 0000000..101ab42 --- /dev/null +++ b/manifests/centos/five.pp @@ -0,0 +1,8 @@ +class strongswan::centos::five inherits strongswan::base { + if $::selinux == 'true' { + package{'strongswan-selinux': + before => Service['ipsec'], + ensure => installed, + } + } +} diff --git a/manifests/centos/six.pp b/manifests/centos/six.pp new file mode 100644 index 0000000..bce84bf --- /dev/null +++ b/manifests/centos/six.pp @@ -0,0 +1,12 @@ +class strongswan::centos::six inherits strongswan::base { + Service['ipsec']{ + name => 'strongswan', + } + file{'/etc/selinux/strongswan': + content => "config='/etc/strongswan/strongswan.conf'\n", + notify => Service['ipsec'], + owner => 'root', + group => 0, + mode => 0644; + } +} diff --git a/manifests/cert.pp b/manifests/cert.pp new file mode 100644 index 0000000..66ed574 --- /dev/null +++ b/manifests/cert.pp @@ -0,0 +1,11 @@ +# manage a cert snippet that we want to include +define strongswan::cert($cert) { + file{"${strongswan::config_dir}/certs/${name}.asc": + content => $cert, + require => Package['strongswan'], + notify => Service['ipsec'], + owner => 'root', + group => 0, + mode => '0400'; + } +} diff --git a/manifests/init.pp b/manifests/init.pp index ad9486c..f842ebf 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -6,7 +6,32 @@ class strongswan( class{'monkeysphere': publish_key => $monkeysphere_publish_key - } -> class{'certtool': } -> class{'strongswan::base': } + } -> class{'certtool': } + + case $::operatingsystem { + centos: { + case $::lsbmajdistrelease { + '5': { + $config_dir = '/etc/ipsec.d' + class{'strongswan::centos::five': + require => Class['monkeysphere'], + } + } + default: { + $config_dir = '/etc/strongswan' + class{'strongswan::centos::six': + require => Class['monkeysphere'], + } + } + } + } + default: { + $config_dir = '/etc/ipsec.d' + class{'strongswan::base': + require => Class['monkeysphere'], + } + } + } if $manage_shorewall { include shorewall::rules::ipsec |