diff options
Diffstat (limited to 'manifests/init.pp')
-rw-r--r-- | manifests/init.pp | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 88cf48c..53e84bb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -2,17 +2,27 @@ class strongswan( $manage_shorewall = false, $shorewall_source = 'net', + $use_monkeysphere = false, $monkeysphere_publish_key = false, $ipsec_nat = false, $default_left_ip_address = $::ipaddress, $default_left_subnet = reject(split($::strongswan_ips,','),$::ipaddress), $additional_options = '', - $auto_remote_host = false + $auto_remote_host = false, + $ipsec_conf_template = 'strongswan/ipsec.conf.erb', + $custom_hostname = $::fqdn ) { - class{'monkeysphere': - publish_key => $monkeysphere_publish_key - } -> class{'certtool': } + if $use_monkeysphere != false { + class { 'monkeysphere': + publish_key => $monkeysphere_publish_key + } -> class { 'certtool': } + + $require_monkeysphere = $use_monkeysphere ? { + true => Class['monkeysphere'], + false => '' + } + } case $::operatingsystem { centos: { @@ -22,16 +32,16 @@ class strongswan( $cert_dir = '/etc/ipsec.d' $binary = '/usr/sbin/ipsec' - class{'strongswan::centos::five': - require => Class['monkeysphere'], + class { 'strongswan::centos::five': + require => $require_monkeysphere } } default: { $config_dir = '/etc/strongswan' $cert_dir = '/etc/strongswan/ipsec.d' $binary = '/usr/sbin/strongswan' - class{'strongswan::centos::six': - require => Class['monkeysphere'], + class { 'strongswan::centos::six': + require => $require_monkeysphere } } } @@ -40,15 +50,15 @@ class strongswan( $config_dir = '/etc/ipsec.d' $cert_dir = '/etc/ipsec.d' $binary = '/usr/sbin/ipsec' - class{'strongswan::base': - require => Class['monkeysphere'], + class { 'strongswan::base': + require => $require_monkeysphere } } } if $auto_remote_host and ($::strongswan_cert != 'false') and ($::strongswan_cert != '') { # export myself - @@strongswan::remote_host{$::fqdn: + @@strongswan::remote_host { $strongswan::custom_hostname: right_cert_content => $::strongswan_cert, right_ip_address => $strongswan::default_left_ip_address, right_subnet => $strongswan::default_left_subnet, @@ -60,7 +70,7 @@ class strongswan( } if $manage_shorewall { - shorewall::rules::ipsec{ + shorewall::rules::ipsec { $strongswan::shorewall_source: } if $ipsec_nat { |