diff options
author | mh <mh@immerda.ch> | 2012-12-31 18:51:06 +0100 |
---|---|---|
committer | mh <mh@immerda.ch> | 2012-12-31 18:51:06 +0100 |
commit | 492468d87aa6ea31b137fb2361b6bf7da88f3d1d (patch) | |
tree | e7c33b8a10bc55cc8a7abce811e19c0bb247333b /manifests/cert.pp | |
parent | cf80d8606ff7d4989c8b30550624b9eaa2007e73 (diff) |
fully auto remote host configuration
we do not only export the certificate, but also the config snippet itself
so hosts configure themself fully with an ipsec configuration.
Diffstat (limited to 'manifests/cert.pp')
-rw-r--r-- | manifests/cert.pp | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/manifests/cert.pp b/manifests/cert.pp index 66ed574..d5baf90 100644 --- a/manifests/cert.pp +++ b/manifests/cert.pp @@ -1,11 +1,24 @@ # manage a cert snippet that we want to include -define strongswan::cert($cert) { +define strongswan::cert( + $ensure = 'present', + $cert = 'absent' +) { + if ($cert == 'absent') and ($ensure == 'present'){ + fail("You need to pass some \$cert content for ${name} if it should be present") + } + file{"${strongswan::config_dir}/certs/${name}.asc": - content => $cert, + ensure => $ensure, require => Package['strongswan'], notify => Service['ipsec'], - owner => 'root', - group => 0, - mode => '0400'; + } + + if $ensure == 'present' { + File["${strongswan::config_dir}/certs/${name}.asc"]{ + content => $cert, + owner => 'root', + group => 0, + mode => '0400', + } } } |