diff options
| author | mh <mh@immerda.ch> | 2013-01-03 16:25:17 +0100 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2013-01-03 16:25:17 +0100 |
| commit | efabeee0d89f5bff3b9aa897b57c6496912a0e3f (patch) | |
| tree | 2da0a3031ab772e561b951547a3badf9e0795d51 | |
| parent | 5828c4a6ebc1f23d8a52e1a2d9327657b0a00dde (diff) | |
differentiate between cert and configs and place certs in the right location on el6
| -rw-r--r-- | lib/facter/strongswan_cert.rb | 2 | ||||
| -rw-r--r-- | manifests/base.pp | 10 | ||||
| -rw-r--r-- | manifests/centos/six.pp | 11 | ||||
| -rw-r--r-- | manifests/cert.pp | 4 | ||||
| -rw-r--r-- | manifests/init.pp | 4 |
5 files changed, 23 insertions, 8 deletions
diff --git a/lib/facter/strongswan_cert.rb b/lib/facter/strongswan_cert.rb index d8d4452..0172c4e 100644 --- a/lib/facter/strongswan_cert.rb +++ b/lib/facter/strongswan_cert.rb @@ -1,7 +1,7 @@ Facter.add("strongswan_cert") do setcode do cert_path = "certs/#{Facter.value(:fqdn)}.asc" - if d = ['/etc/ipsec.d','/etc/strongswan'].find{|d| File.exists?(File.join(d,cert_path)) } + if d = ['/etc/ipsec.d','/etc/strongswan/ipsec.d'].find{|d| File.exists?(File.join(d,cert_path)) } File.read(File.join(d,cert_path)) else false diff --git a/manifests/base.pp b/manifests/base.pp index 9198d73..66df6da 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -5,12 +5,12 @@ class strongswan::base { ensure => installed, } -> exec{ 'ipsec_privatekey': - command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::config_dir}/private/${::fqdn}.pem", - creates => "${strongswan::config_dir}/private/${::fqdn}.pem"; + command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${::fqdn}.pem", + creates => "${strongswan::cert_dir}/private/${::fqdn}.pem"; } -> exec{'ipsec_monkeysphere_cert': - command => "monkeysphere-host import-key ${strongswan::config_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::config_dir}/certs/${::fqdn}.asc", - creates => "${strongswan::config_dir}/certs/${::fqdn}.asc", - } + command => "monkeysphere-host import-key ${strongswan::crt_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::cert_dir}/certs/${::fqdn}.asc", + creates => "${strongswan::cert_dir}/certs/${::fqdn}.asc", + } -> anchor{'strongswan::certs::done': } File { require => Package['strongswan'], diff --git a/manifests/centos/six.pp b/manifests/centos/six.pp index 5bc7283..4301482 100644 --- a/manifests/centos/six.pp +++ b/manifests/centos/six.pp @@ -9,6 +9,17 @@ class strongswan::centos::six inherits strongswan::base { path => '/etc/strongswan/ipsec.conf' } + file{ [ '/etc/strongswan/ipsec.d', + '/etc/strongswan/ipsec.d/private', + '/etc/strongswan/ipsec.d/certs' ]: + ensure => directory, + require => Package['strongswan'], + before => Exec['ipsec_privatekey'], + owner => root, + group => 0, + mode => '0600'; + } + file{'/etc/sysconfig/strongswan': content => "config='/etc/strongswan/strongswan.conf'\n", notify => Service['ipsec'], diff --git a/manifests/cert.pp b/manifests/cert.pp index d5baf90..ae7e5ef 100644 --- a/manifests/cert.pp +++ b/manifests/cert.pp @@ -7,14 +7,14 @@ define strongswan::cert( fail("You need to pass some \$cert content for ${name} if it should be present") } - file{"${strongswan::config_dir}/certs/${name}.asc": + file{"${strongswan::cert_dir}/certs/${name}.asc": ensure => $ensure, require => Package['strongswan'], notify => Service['ipsec'], } if $ensure == 'present' { - File["${strongswan::config_dir}/certs/${name}.asc"]{ + File["${strongswan::cert_dir}/certs/${name}.asc"]{ content => $cert, owner => 'root', group => 0, diff --git a/manifests/init.pp b/manifests/init.pp index 8cb0728..d5db1f8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -18,12 +18,15 @@ class strongswan( case $::lsbmajdistrelease { '5': { $config_dir = '/etc/ipsec.d' + $certdir = '/etc/ipsec.d' + class{'strongswan::centos::five': require => Class['monkeysphere'], } } default: { $config_dir = '/etc/strongswan' + $certdir = '/etc/strongswan/ipsec.d' class{'strongswan::centos::six': require => Class['monkeysphere'], } @@ -32,6 +35,7 @@ class strongswan( } default: { $config_dir = '/etc/ipsec.d' + $certdir = '/etc/ipsec.d' class{'strongswan::base': require => Class['monkeysphere'], } |