diff options
author | mh <mh@immerda.ch> | 2012-12-31 18:51:06 +0100 |
---|---|---|
committer | mh <mh@immerda.ch> | 2012-12-31 18:51:06 +0100 |
commit | 492468d87aa6ea31b137fb2361b6bf7da88f3d1d (patch) | |
tree | e7c33b8a10bc55cc8a7abce811e19c0bb247333b /manifests/base.pp | |
parent | cf80d8606ff7d4989c8b30550624b9eaa2007e73 (diff) |
fully auto remote host configuration
we do not only export the certificate, but also the config snippet itself
so hosts configure themself fully with an ipsec configuration.
Diffstat (limited to 'manifests/base.pp')
-rw-r--r-- | manifests/base.pp | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 17c219c..05d6d9f 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -25,7 +25,12 @@ class strongswan::base { content => ": RSA ${::fqdn}.pem\n"; # this is needed because if the glob-include in the config # doesn't find anything it fails. - "${strongswan::config_dir}/ipsec.hosts.__dummy__.conf": + "${strongswan::config_dir}/hosts": + ensure => directory, + purge => true, + force => true, + recurse => true; + "${strongswan::config_dir}/hosts/__dummy__.conf": ensure => 'present'; '/etc/ipsec.conf': content => template('strongswan/ipsec.conf.erb'); @@ -36,12 +41,14 @@ class strongswan::base { enable => true, } - if $::strongswan_cert != 'false' and $::strongswan_cert != '' { - @@strongswan::cert{$::fqdn: - cert => $::strongswan_cert, - tag => 'strongswan_cert' + if $strongswan::auto_remote_host and ($::strongswan_cert != 'false') and ($::strongswan_cert != '') { + # export + @@strongswan::remote_host{$::fqdn: + right_cert_content => $::strongswan_cert, + right_ip_address => $default_left_ip_address, + tag => $::fqdn } + Strongswan::Remote_Host<<| tag != $::fqdn |>> } - Strongswan::Cert<<| tag == 'strongswan_cert' |>> } |