From efabeee0d89f5bff3b9aa897b57c6496912a0e3f Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Thu, 3 Jan 2013 16:25:17 +0100
Subject: differentiate between cert and configs and place certs in the right
 location on el6

---
 lib/facter/strongswan_cert.rb |  2 +-
 manifests/base.pp             | 10 +++++-----
 manifests/centos/six.pp       | 11 +++++++++++
 manifests/cert.pp             |  4 ++--
 manifests/init.pp             |  4 ++++
 5 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/lib/facter/strongswan_cert.rb b/lib/facter/strongswan_cert.rb
index d8d4452..0172c4e 100644
--- a/lib/facter/strongswan_cert.rb
+++ b/lib/facter/strongswan_cert.rb
@@ -1,7 +1,7 @@
 Facter.add("strongswan_cert") do
   setcode do
     cert_path = "certs/#{Facter.value(:fqdn)}.asc"
-    if d = ['/etc/ipsec.d','/etc/strongswan'].find{|d| File.exists?(File.join(d,cert_path)) } 
+    if d = ['/etc/ipsec.d','/etc/strongswan/ipsec.d'].find{|d| File.exists?(File.join(d,cert_path)) } 
       File.read(File.join(d,cert_path))
     else
       false
diff --git a/manifests/base.pp b/manifests/base.pp
index 9198d73..66df6da 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -5,12 +5,12 @@ class strongswan::base {
     ensure => installed,
   } -> exec{
     'ipsec_privatekey':
-      command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::config_dir}/private/${::fqdn}.pem",
-      creates => "${strongswan::config_dir}/private/${::fqdn}.pem";
+      command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${::fqdn}.pem",
+      creates => "${strongswan::cert_dir}/private/${::fqdn}.pem";
   } -> exec{'ipsec_monkeysphere_cert':
-      command => "monkeysphere-host import-key ${strongswan::config_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::config_dir}/certs/${::fqdn}.asc",
-      creates => "${strongswan::config_dir}/certs/${::fqdn}.asc",
-  }
+      command => "monkeysphere-host import-key ${strongswan::crt_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::cert_dir}/certs/${::fqdn}.asc",
+      creates => "${strongswan::cert_dir}/certs/${::fqdn}.asc",
+  } -> anchor{'strongswan::certs::done': }
 
   File {
     require => Package['strongswan'],
diff --git a/manifests/centos/six.pp b/manifests/centos/six.pp
index 5bc7283..4301482 100644
--- a/manifests/centos/six.pp
+++ b/manifests/centos/six.pp
@@ -9,6 +9,17 @@ class strongswan::centos::six inherits strongswan::base {
     path => '/etc/strongswan/ipsec.conf'
   }
 
+  file{ [ '/etc/strongswan/ipsec.d',
+          '/etc/strongswan/ipsec.d/private',
+          '/etc/strongswan/ipsec.d/certs' ]:
+    ensure  => directory,
+    require => Package['strongswan'],
+    before  => Exec['ipsec_privatekey'],
+    owner   => root,
+    group   => 0,
+    mode    => '0600';
+  }
+
   file{'/etc/sysconfig/strongswan':
     content => "config='/etc/strongswan/strongswan.conf'\n",
     notify  => Service['ipsec'],
diff --git a/manifests/cert.pp b/manifests/cert.pp
index d5baf90..ae7e5ef 100644
--- a/manifests/cert.pp
+++ b/manifests/cert.pp
@@ -7,14 +7,14 @@ define strongswan::cert(
     fail("You need to pass some \$cert content for ${name} if it should be present")
   }
 
-  file{"${strongswan::config_dir}/certs/${name}.asc":
+  file{"${strongswan::cert_dir}/certs/${name}.asc":
     ensure  => $ensure,
     require => Package['strongswan'],
     notify  => Service['ipsec'],
   }
 
   if $ensure == 'present' {
-    File["${strongswan::config_dir}/certs/${name}.asc"]{
+    File["${strongswan::cert_dir}/certs/${name}.asc"]{
       content => $cert,
       owner   => 'root',
       group   => 0,
diff --git a/manifests/init.pp b/manifests/init.pp
index 8cb0728..d5db1f8 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -18,12 +18,15 @@ class strongswan(
       case $::lsbmajdistrelease {
         '5': {
           $config_dir = '/etc/ipsec.d'
+          $certdir    = '/etc/ipsec.d'
+
           class{'strongswan::centos::five':
             require => Class['monkeysphere'],
           }
         }
         default: {
           $config_dir = '/etc/strongswan'
+          $certdir    = '/etc/strongswan/ipsec.d'
           class{'strongswan::centos::six':
             require => Class['monkeysphere'],
           }
@@ -32,6 +35,7 @@ class strongswan(
     }
     default: {
       $config_dir = '/etc/ipsec.d'
+      $certdir    = '/etc/ipsec.d'
       class{'strongswan::base':
         require => Class['monkeysphere'],
       }
-- 
cgit v1.2.3