diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/base.pp | 10 | ||||
-rw-r--r-- | manifests/centos/six.pp | 11 | ||||
-rw-r--r-- | manifests/cert.pp | 4 | ||||
-rw-r--r-- | manifests/init.pp | 4 |
4 files changed, 22 insertions, 7 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 9198d73..66df6da 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -5,12 +5,12 @@ class strongswan::base { ensure => installed, } -> exec{ 'ipsec_privatekey': - command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::config_dir}/private/${::fqdn}.pem", - creates => "${strongswan::config_dir}/private/${::fqdn}.pem"; + command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${::fqdn}.pem", + creates => "${strongswan::cert_dir}/private/${::fqdn}.pem"; } -> exec{'ipsec_monkeysphere_cert': - command => "monkeysphere-host import-key ${strongswan::config_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::config_dir}/certs/${::fqdn}.asc", - creates => "${strongswan::config_dir}/certs/${::fqdn}.asc", - } + command => "monkeysphere-host import-key ${strongswan::crt_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::cert_dir}/certs/${::fqdn}.asc", + creates => "${strongswan::cert_dir}/certs/${::fqdn}.asc", + } -> anchor{'strongswan::certs::done': } File { require => Package['strongswan'], diff --git a/manifests/centos/six.pp b/manifests/centos/six.pp index 5bc7283..4301482 100644 --- a/manifests/centos/six.pp +++ b/manifests/centos/six.pp @@ -9,6 +9,17 @@ class strongswan::centos::six inherits strongswan::base { path => '/etc/strongswan/ipsec.conf' } + file{ [ '/etc/strongswan/ipsec.d', + '/etc/strongswan/ipsec.d/private', + '/etc/strongswan/ipsec.d/certs' ]: + ensure => directory, + require => Package['strongswan'], + before => Exec['ipsec_privatekey'], + owner => root, + group => 0, + mode => '0600'; + } + file{'/etc/sysconfig/strongswan': content => "config='/etc/strongswan/strongswan.conf'\n", notify => Service['ipsec'], diff --git a/manifests/cert.pp b/manifests/cert.pp index d5baf90..ae7e5ef 100644 --- a/manifests/cert.pp +++ b/manifests/cert.pp @@ -7,14 +7,14 @@ define strongswan::cert( fail("You need to pass some \$cert content for ${name} if it should be present") } - file{"${strongswan::config_dir}/certs/${name}.asc": + file{"${strongswan::cert_dir}/certs/${name}.asc": ensure => $ensure, require => Package['strongswan'], notify => Service['ipsec'], } if $ensure == 'present' { - File["${strongswan::config_dir}/certs/${name}.asc"]{ + File["${strongswan::cert_dir}/certs/${name}.asc"]{ content => $cert, owner => 'root', group => 0, diff --git a/manifests/init.pp b/manifests/init.pp index 8cb0728..d5db1f8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -18,12 +18,15 @@ class strongswan( case $::lsbmajdistrelease { '5': { $config_dir = '/etc/ipsec.d' + $certdir = '/etc/ipsec.d' + class{'strongswan::centos::five': require => Class['monkeysphere'], } } default: { $config_dir = '/etc/strongswan' + $certdir = '/etc/strongswan/ipsec.d' class{'strongswan::centos::six': require => Class['monkeysphere'], } @@ -32,6 +35,7 @@ class strongswan( } default: { $config_dir = '/etc/ipsec.d' + $certdir = '/etc/ipsec.d' class{'strongswan::base': require => Class['monkeysphere'], } |