From 7ec265e5c9879fa3b574c5c250ebac6877c66d3f Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 26 Apr 2011 02:33:27 +0200 Subject: fix init script for centos --- files/centos/ipsec.init | 72 +++++++++++++++++++++++++++++++++++++++++++++++++ manifests/base.pp | 15 ++++++++--- 2 files changed, 83 insertions(+), 4 deletions(-) create mode 100644 files/centos/ipsec.init diff --git a/files/centos/ipsec.init b/files/centos/ipsec.init new file mode 100644 index 0000000..5a4edba --- /dev/null +++ b/files/centos/ipsec.init @@ -0,0 +1,72 @@ +#!/bin/sh +# IPsec startup and shutdown script +# Copyright (C) 1998, 1999, 2001 Henry Spencer. +# Copyright (C) 2002 Michael Richardson +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. See . +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. +# +# RCSID $Id: setup.in,v 1.122.6.8 2007-11-07 02:36:05 paul Exp $ +# +# ipsec init.d script for starting and stopping +# the IPsec security subsystem (KLIPS and Pluto). +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. +# +# RCSID $Id: setup.in,v 1.122.6.8 2007-11-07 02:36:05 paul Exp $ +# +# ipsec init.d script for starting and stopping +# the IPsec security subsystem (KLIPS and Pluto). +# +# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec) +# and is also accessible as "ipsec setup" (the preferred route for human +# invocation). +# +# The startup and shutdown times are a difficult compromise (in particular, +# it is almost impossible to reconcile them with the insanely early/late +# times of NFS filesystem startup/shutdown). Startup is after startup of +# syslog and pcmcia support; shutdown is just before shutdown of syslog. +# +# chkconfig: 2345 47 76 +# description: IPsec provides encrypted and authenticated communications; \ +# KLIPS is the kernel half of it, Pluto is the user-level management daemon. + +prog=ipsec + +case "$1" in + start) + /usr/sbin/ipsec start + ;; + stop) + /usr/sbin/ipsec stop + ;; + + reload) + /usr/sbin/ipsec reload + ;; + + restart|force-reload) + /usr/sbin/ipsec restart + ;; + + status) + /usr/sbin/ipsec status + exit + ;; + + *) + echo "Usage: $prog {start|stop|restart|condrestart|reload|status}" + exit 1 +esac + +exit 0 diff --git a/manifests/base.pp b/manifests/base.pp index 2a9ce54..c89332f 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -9,6 +9,13 @@ class strongswan::base { ensure => installed, } + file{'/etc/init.d/ipsec': + source => "puppet:///modules/strongswan/centos/ipsec.init", + require => Package['strongswan'], + before => Service['ipsec'], + owner => root, group => 0, mode => 0755; + } + exec{ 'ipsec_privatekey': command => "certtool --generate-privkey --bits 2048 --outfile /etc/ipsec.d/private/${fqdn}.pem", creates => "/etc/ipsec.d/private/${fqdn}.pem", @@ -25,7 +32,7 @@ class strongswan::base { content => ": RSA ${fqdn}.pem\n", require => Package['strongswan'], owner => "root", group => 0, mode => "400", - notify => Service['strongswan'], + notify => Service['ipsec'], } if $strongswan_cert != "false" and $strongswan_cert != "" { @@ -34,7 +41,7 @@ class strongswan::base { tag => 'strongswan_cert', content => $strongswan_cert, require => Package['strongswan'], - notify => Service['strongswan'], + notify => Service['ipsec'], } } @@ -44,10 +51,10 @@ class strongswan::base { source => "puppet:///modules/site-strongswan/configs/${fqdn}", owner => "root", group => 0, mode => "400", require => Package['strongswan'], - notify => Service['strongswan'], + notify => Service['ipsec'], } - service{ 'strongswan' : + service{'ipsec': ensure => running, enable => true, } -- cgit v1.2.3