diff options
Diffstat (limited to 'manifests/base.pp')
-rw-r--r-- | manifests/base.pp | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index e6595a0..e0f3d18 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,17 +1,30 @@ # manage strongswan services class strongswan::base { - package{'strongswan': - ensure => installed, - require => Package['monkeysphere','gnutls-utils']; - } -> exec{ - 'ipsec_privatekey': - command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${::fqdn}.pem", - creates => "${strongswan::cert_dir}/private/${::fqdn}.pem"; - } -> exec{'ipsec_monkeysphere_cert': - command => "monkeysphere-host import-key ${strongswan::cert_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::cert_dir}/certs/${::fqdn}.asc", - creates => "${strongswan::cert_dir}/certs/${::fqdn}.asc", - } -> anchor{'strongswan::certs::done': } + package { 'strongswan': + ensure => installed, + } -> + + exec { 'ipsec_privatekey': + command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${strongswan::custom_hostname}.pem", + creates => "${strongswan::cert_dir}/private/${strongswan::custom_hostname}.pem"; + } -> + + anchor{'strongswan::certs::done': } + + if $use_monkeysphere { + + Package['strongswan'] { + require => Package['monkeysphere','gnutls-utils'], + } + + exec { 'ipsec_monkeysphere_cert': + command => "monkeysphere-host import-key ${strongswan::cert_dir}/private/${strongswan::custom_hostname}.pem ike://${strongswan::custom_hostname} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${strongswan::custom_hostname} > ${strongswan::cert_dir}/certs/${strongswan::custom_hostname}.asc", + creates => "${strongswan::cert_dir}/certs/${strongswan::custom_hostname}.asc", + require => Exec['ipsec_privatekey'], + before => Anchor['strongswan::certs::done'], + } + } File { require => Package['strongswan'], @@ -24,7 +37,7 @@ class strongswan::base { $binary_name = basename($strongswan::binary) file{ '/etc/ipsec.secrets': - content => ": RSA ${::fqdn}.pem\n"; + content => ": RSA ${strongswan::custom_hostname}.pem\n"; # this is needed because if the glob-include in the config # doesn't find anything it fails. "${strongswan::config_dir}/hosts": @@ -35,7 +48,7 @@ class strongswan::base { "${strongswan::config_dir}/hosts/__dummy__.conf": ensure => 'present'; '/etc/ipsec.conf': - content => template('strongswan/ipsec.conf.erb'); + content => template($strongswan::ipsec_conf_template); "/usr/local/sbin/${binary_name}_connected_hosts": content => "#!/bin/bash\n${strongswan::binary} status | grep INSTALLED | awk -F\\{ '{ print \$1 }'\n", notify => undef, @@ -50,7 +63,7 @@ class strongswan::base { mode => '0500'; } - service{'ipsec': + service { 'ipsec': ensure => running, enable => true, } |