From f1da3f6ffe640f45ab74521f55389af504375b74 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 10 Aug 2013 20:10:23 +0200 Subject: make hostname configurable --- manifests/base.pp | 10 +++++----- manifests/init.pp | 5 +++-- templates/ipsec.conf.erb | 4 ++-- templates/remote_host.erb | 2 +- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/manifests/base.pp b/manifests/base.pp index e7cd81c..ba17118 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -6,8 +6,8 @@ class strongswan::base { } -> exec { 'ipsec_privatekey': - command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${::fqdn}.pem", - creates => "${strongswan::cert_dir}/private/${::fqdn}.pem"; + command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${custom_hostname}.pem", + creates => "${strongswan::cert_dir}/private/${custom_hostname}.pem"; } -> anchor{'strongswan::certs::done': } @@ -19,8 +19,8 @@ class strongswan::base { } exec { 'ipsec_monkeysphere_cert': - command => "monkeysphere-host import-key ${strongswan::cert_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::cert_dir}/certs/${::fqdn}.asc", - creates => "${strongswan::cert_dir}/certs/${::fqdn}.asc", + command => "monkeysphere-host import-key ${strongswan::cert_dir}/private/${custom_hostname}.pem ike://${custom_hostname} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${custom_hostname} > ${strongswan::cert_dir}/certs/${custom_hostname}.asc", + creates => "${strongswan::cert_dir}/certs/${custom_hostname}.asc", require => Exec['ipsec_privatekey'], before => Anchor['strongswan::certs::done'], } @@ -37,7 +37,7 @@ class strongswan::base { $binary_name = basename($strongswan::binary) file{ '/etc/ipsec.secrets': - content => ": RSA ${::fqdn}.pem\n"; + content => ": RSA ${custom_hostname}.pem\n"; # this is needed because if the glob-include in the config # doesn't find anything it fails. "${strongswan::config_dir}/hosts": diff --git a/manifests/init.pp b/manifests/init.pp index 162a136..d47bbc0 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -9,7 +9,8 @@ class strongswan( $default_left_subnet = reject(split($::strongswan_ips,','),$::ipaddress), $additional_options = '', $auto_remote_host = false, - $ipsec_conf_template = 'strongswan/ipsec.conf.erb' + $ipsec_conf_template = 'strongswan/ipsec.conf.erb', + $custom_hostname = $::fqdn ) { if $use_monkeysphere != false { @@ -57,7 +58,7 @@ class strongswan( if $auto_remote_host and ($::strongswan_cert != 'false') and ($::strongswan_cert != '') { # export myself - @@strongswan::remote_host { $::fqdn: + @@strongswan::remote_host { $custom_hostname: right_cert_content => $::strongswan_cert, right_ip_address => $strongswan::default_left_ip_address, right_subnet => $strongswan::default_left_subnet, diff --git a/templates/ipsec.conf.erb b/templates/ipsec.conf.erb index 44225d3..c61b765 100644 --- a/templates/ipsec.conf.erb +++ b/templates/ipsec.conf.erb @@ -13,8 +13,8 @@ conn %default rightsendcert=never leftsendcert=never left=<%= scope.lookupvar('strongswan::default_left_ip_address') %> - leftcert=<%= scope.lookupvar('::fqdn') %>.asc - leftid=@<%= scope.lookupvar('::fqdn') %> + leftcert=<%= scope.lookupvar('custom_hostname') %>.asc + leftid=@<%= scope.lookupvar('custom_hostname') %> <% unless (subn=scope.lookupvar('strongswan::default_left_subnet')).empty? -%> leftsubnet=<%= subn.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %> <% end -%> diff --git a/templates/remote_host.erb b/templates/remote_host.erb index dbe3945..2c70a37 100644 --- a/templates/remote_host.erb +++ b/templates/remote_host.erb @@ -1,5 +1,5 @@ # host <%= name %> -<% if !(right_id =~ /#{scope.lookupvar('::fqdn')}/) -%> +<% if !(right_id =~ /#{scope.lookupvar('custom_hostname')}/) -%> conn <%= name %> <% if left_ip_address != 'absent' -%> left=<%= left_ip_address %> -- cgit v1.2.3