From 773b5491530f02b979010ed9e76eac90940d2a1d Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sun, 30 Dec 2012 16:54:36 +0100
Subject: rearrange things to make it work also on el6

---
 manifests/base.pp        | 39 ++++++++++++---------------------------
 manifests/centos/five.pp |  8 ++++++++
 manifests/centos/six.pp  | 12 ++++++++++++
 manifests/cert.pp        | 11 +++++++++++
 manifests/init.pp        | 27 ++++++++++++++++++++++++++-
 5 files changed, 69 insertions(+), 28 deletions(-)
 create mode 100644 manifests/centos/five.pp
 create mode 100644 manifests/centos/six.pp
 create mode 100644 manifests/cert.pp

diff --git a/manifests/base.pp b/manifests/base.pp
index bf791bf..4f72ae6 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -3,26 +3,17 @@ class strongswan::base {
 
   package{'strongswan':
     ensure => installed,
-  }
-
-  if $::selinux == 'true' {
-    package{'strongswan-selinux':
-      ensure => installed,
-    }
-  }
-
-  exec{
+  } -> exec{
     'ipsec_privatekey':
-      command => "certtool --generate-privkey --bits 2048 --outfile /etc/ipsec.d/private/${::fqdn}.pem",
-      creates => "/etc/ipsec.d/private/${::fqdn}.pem",
-      require => Package['strongswan'];
-    'ipsec_monkeysphere_cert':
-      command => "monkeysphere-host import-key /etc/ipsec.d/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > /etc/ipsec.d/certs/${::fqdn}.asc";
-      creates => "/etc/ipsec.d/certs/${::fqdn}.asc",
-      require => Exec['ipsec_privatekey'];
+      command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::config_dir}/private/${::fqdn}.pem",
+      creates => "${strongswan::config_dir}/private/${::fqdn}.pem";
+  } -> exec{'ipsec_monkeysphere_cert':
+      command => "monkeysphere-host import-key ${strongswan::config_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::config_dir}/certs/${::fqdn}.asc",
+      creates => "${strongswan::config_dir}/certs/${::fqdn}.asc",
   }
 
-  file{ '/etc/ipsec.secrets':
+  file{
+    '/etc/ipsec.secrets':
       content => ": RSA ${::fqdn}.pem\n",
       require => Package['strongswan'],
       notify  => Service['ipsec'],
@@ -44,17 +35,11 @@ class strongswan::base {
   }
 
   if $::strongswan_cert != 'false' and $::strongswan_cert != '' {
-    @@file{"/etc/ipsec.d/certs/${::fqdn}.asc":
-      tag     => 'strongswan_cert',
-      content => $::strongswan_cert,
-      require => Package['strongswan'],
-      notify  => Service['ipsec'],
-      owner   => 'root',
-      group   => 0,
-      mode    => '0400';
+    @@strongswan::cert{$::fqdn:
+      cert => $::strongswan_cert,
+      tag  => 'strongswan_cert'
     }
   }
 
-  File<<| tag == 'strongswan_cert' |>>
-
+  Strongswan::Cert<<| tag == 'strongswan_cert' |>>
 }
diff --git a/manifests/centos/five.pp b/manifests/centos/five.pp
new file mode 100644
index 0000000..101ab42
--- /dev/null
+++ b/manifests/centos/five.pp
@@ -0,0 +1,8 @@
+class strongswan::centos::five inherits strongswan::base {
+  if $::selinux == 'true' {
+    package{'strongswan-selinux':
+      before => Service['ipsec'],
+      ensure => installed,
+    }
+  }
+}
diff --git a/manifests/centos/six.pp b/manifests/centos/six.pp
new file mode 100644
index 0000000..bce84bf
--- /dev/null
+++ b/manifests/centos/six.pp
@@ -0,0 +1,12 @@
+class strongswan::centos::six inherits strongswan::base {
+  Service['ipsec']{
+    name => 'strongswan',
+  }
+  file{'/etc/selinux/strongswan':
+    content => "config='/etc/strongswan/strongswan.conf'\n",
+    notify  => Service['ipsec'],
+    owner   => 'root',
+    group   => 0,
+    mode    => 0644;
+  }
+}
diff --git a/manifests/cert.pp b/manifests/cert.pp
new file mode 100644
index 0000000..66ed574
--- /dev/null
+++ b/manifests/cert.pp
@@ -0,0 +1,11 @@
+# manage a cert snippet that we want to include
+define strongswan::cert($cert) {
+  file{"${strongswan::config_dir}/certs/${name}.asc":
+    content => $cert,
+    require => Package['strongswan'],
+    notify  => Service['ipsec'],
+    owner   => 'root',
+    group   => 0,
+    mode    => '0400';
+  }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index ad9486c..f842ebf 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -6,7 +6,32 @@ class strongswan(
 
   class{'monkeysphere':
     publish_key => $monkeysphere_publish_key
-  } -> class{'certtool': } -> class{'strongswan::base': }
+  } -> class{'certtool': }
+  
+  case $::operatingsystem {
+    centos: {
+      case $::lsbmajdistrelease {
+        '5': {
+          $config_dir = '/etc/ipsec.d'
+          class{'strongswan::centos::five':
+            require => Class['monkeysphere'],
+          }
+        }
+        default: {
+          $config_dir = '/etc/strongswan'
+          class{'strongswan::centos::six':
+            require => Class['monkeysphere'],
+          }
+        }
+      }
+    }
+    default: {
+      $config_dir = '/etc/ipsec.d'
+      class{'strongswan::base':
+        require => Class['monkeysphere'],
+      }
+    }
+  }
 
   if $manage_shorewall {
     include shorewall::rules::ipsec
-- 
cgit v1.2.3