diff options
| author | mh <mh@immerda.ch> | 2012-06-05 18:46:00 -0300 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2012-06-05 18:46:00 -0300 |
| commit | d9d9b6ca5085d140e5dad6842cfe92fa336fdbf5 (patch) | |
| tree | 9119f4b0659714de8c9ce0085d79df1758fdd5c4 /manifests | |
| parent | 02d980eb889c8b7754226a3988ab51dea35310c4 (diff) | |
| parent | 1c49cd1c2a3d6c3ad4a30a9b42e339392279bea9 (diff) | |
Merge commit '1c49cd1c2a3d6c3ad4a30a9b42e339392279bea9'
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/base.pp | 18 | ||||
| -rw-r--r-- | manifests/init.pp | 8 |
2 files changed, 13 insertions, 13 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index be04615..38e0860 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -16,29 +16,29 @@ class strongswan::base { } exec{ 'ipsec_privatekey': - command => "certtool --generate-privkey --bits 2048 --outfile /etc/ipsec.d/private/${fqdn}.pem", - creates => "/etc/ipsec.d/private/${fqdn}.pem", + command => "certtool --generate-privkey --bits 2048 --outfile /etc/ipsec.d/private/${::fqdn}.pem", + creates => "/etc/ipsec.d/private/${::fqdn}.pem", require => Package['strongswan'], } exec{ 'ipsec_monkeysphere_cert' : require => Exec['ipsec_privatekey'], - creates => "/etc/ipsec.d/certs/${fqdn}.asc", - command => "monkeysphere-host import-key /etc/ipsec.d/private/${fqdn}.pem ike://${fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${fqdn} > /etc/ipsec.d/certs/${fqdn}.asc" + creates => "/etc/ipsec.d/certs/${::fqdn}.asc", + command => "monkeysphere-host import-key /etc/ipsec.d/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > /etc/ipsec.d/certs/${::fqdn}.asc" } file{ '/etc/ipsec.secrets' : - content => ": RSA ${fqdn}.pem\n", + content => ": RSA ${::fqdn}.pem\n", require => Package['strongswan'], owner => "root", group => 0, mode => "400", notify => Service['ipsec'], } - if $strongswan_cert != "false" and $strongswan_cert != "" { - @@file{ "/etc/ipsec.d/certs/${fqdn}.asc": + if $::strongswan_cert != "false" and $::strongswan_cert != "" { + @@file{ "/etc/ipsec.d/certs/${::fqdn}.asc": owner => "root", group => 0, mode => "400", tag => 'strongswan_cert', - content => $strongswan_cert, + content => $::strongswan_cert, require => Package['strongswan'], notify => Service['ipsec'], } @@ -47,7 +47,7 @@ class strongswan::base { File<<| tag == 'strongswan_cert' |>> file{'/etc/ipsec.conf': - source => "puppet:///modules/site-strongswan/configs/${fqdn}", + source => "puppet:///modules/site_strongswan/configs/${::fqdn}", require => Package['strongswan'], notify => Service['ipsec'], owner => "root", group => 0, mode => "400"; diff --git a/manifests/init.pp b/manifests/init.pp index b9a3bec..b50c1fb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,8 +1,8 @@ class strongswan { - + include strongswan::base - - if $use_shorewall { - include shorewall::rules::ipsec + + if hiera('use_shorewall',false) { + include shorewall::rules::ipsec } } |