diff options
author | mh <mh@immerda.ch> | 2012-12-30 16:54:36 +0100 |
---|---|---|
committer | mh <mh@immerda.ch> | 2012-12-30 16:54:36 +0100 |
commit | 773b5491530f02b979010ed9e76eac90940d2a1d (patch) | |
tree | 039dec682c8b185bb9451f2e8dcf39cf4cd3f20b /manifests/base.pp | |
parent | 1ac11038d7c1cc1177f3b1f326254b932beeb83c (diff) |
rearrange things to make it work also on el6
Diffstat (limited to 'manifests/base.pp')
-rw-r--r-- | manifests/base.pp | 39 |
1 files changed, 12 insertions, 27 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index bf791bf..4f72ae6 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -3,26 +3,17 @@ class strongswan::base { package{'strongswan': ensure => installed, - } - - if $::selinux == 'true' { - package{'strongswan-selinux': - ensure => installed, - } - } - - exec{ + } -> exec{ 'ipsec_privatekey': - command => "certtool --generate-privkey --bits 2048 --outfile /etc/ipsec.d/private/${::fqdn}.pem", - creates => "/etc/ipsec.d/private/${::fqdn}.pem", - require => Package['strongswan']; - 'ipsec_monkeysphere_cert': - command => "monkeysphere-host import-key /etc/ipsec.d/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > /etc/ipsec.d/certs/${::fqdn}.asc"; - creates => "/etc/ipsec.d/certs/${::fqdn}.asc", - require => Exec['ipsec_privatekey']; + command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::config_dir}/private/${::fqdn}.pem", + creates => "${strongswan::config_dir}/private/${::fqdn}.pem"; + } -> exec{'ipsec_monkeysphere_cert': + command => "monkeysphere-host import-key ${strongswan::config_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::config_dir}/certs/${::fqdn}.asc", + creates => "${strongswan::config_dir}/certs/${::fqdn}.asc", } - file{ '/etc/ipsec.secrets': + file{ + '/etc/ipsec.secrets': content => ": RSA ${::fqdn}.pem\n", require => Package['strongswan'], notify => Service['ipsec'], @@ -44,17 +35,11 @@ class strongswan::base { } if $::strongswan_cert != 'false' and $::strongswan_cert != '' { - @@file{"/etc/ipsec.d/certs/${::fqdn}.asc": - tag => 'strongswan_cert', - content => $::strongswan_cert, - require => Package['strongswan'], - notify => Service['ipsec'], - owner => 'root', - group => 0, - mode => '0400'; + @@strongswan::cert{$::fqdn: + cert => $::strongswan_cert, + tag => 'strongswan_cert' } } - File<<| tag == 'strongswan_cert' |>> - + Strongswan::Cert<<| tag == 'strongswan_cert' |>> } |