summaryrefslogtreecommitdiff
path: root/manifests/base.pp
diff options
context:
space:
mode:
authormh <mh@immerda.ch>2012-12-30 16:54:36 +0100
committermh <mh@immerda.ch>2012-12-30 16:54:36 +0100
commit773b5491530f02b979010ed9e76eac90940d2a1d (patch)
tree039dec682c8b185bb9451f2e8dcf39cf4cd3f20b /manifests/base.pp
parent1ac11038d7c1cc1177f3b1f326254b932beeb83c (diff)
rearrange things to make it work also on el6
Diffstat (limited to 'manifests/base.pp')
-rw-r--r--manifests/base.pp39
1 files changed, 12 insertions, 27 deletions
diff --git a/manifests/base.pp b/manifests/base.pp
index bf791bf..4f72ae6 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -3,26 +3,17 @@ class strongswan::base {
package{'strongswan':
ensure => installed,
- }
-
- if $::selinux == 'true' {
- package{'strongswan-selinux':
- ensure => installed,
- }
- }
-
- exec{
+ } -> exec{
'ipsec_privatekey':
- command => "certtool --generate-privkey --bits 2048 --outfile /etc/ipsec.d/private/${::fqdn}.pem",
- creates => "/etc/ipsec.d/private/${::fqdn}.pem",
- require => Package['strongswan'];
- 'ipsec_monkeysphere_cert':
- command => "monkeysphere-host import-key /etc/ipsec.d/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > /etc/ipsec.d/certs/${::fqdn}.asc";
- creates => "/etc/ipsec.d/certs/${::fqdn}.asc",
- require => Exec['ipsec_privatekey'];
+ command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::config_dir}/private/${::fqdn}.pem",
+ creates => "${strongswan::config_dir}/private/${::fqdn}.pem";
+ } -> exec{'ipsec_monkeysphere_cert':
+ command => "monkeysphere-host import-key ${strongswan::config_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::config_dir}/certs/${::fqdn}.asc",
+ creates => "${strongswan::config_dir}/certs/${::fqdn}.asc",
}
- file{ '/etc/ipsec.secrets':
+ file{
+ '/etc/ipsec.secrets':
content => ": RSA ${::fqdn}.pem\n",
require => Package['strongswan'],
notify => Service['ipsec'],
@@ -44,17 +35,11 @@ class strongswan::base {
}
if $::strongswan_cert != 'false' and $::strongswan_cert != '' {
- @@file{"/etc/ipsec.d/certs/${::fqdn}.asc":
- tag => 'strongswan_cert',
- content => $::strongswan_cert,
- require => Package['strongswan'],
- notify => Service['ipsec'],
- owner => 'root',
- group => 0,
- mode => '0400';
+ @@strongswan::cert{$::fqdn:
+ cert => $::strongswan_cert,
+ tag => 'strongswan_cert'
}
}
- File<<| tag == 'strongswan_cert' |>>
-
+ Strongswan::Cert<<| tag == 'strongswan_cert' |>>
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-29 09:46:48 +0000