From 3eea68f159a890dcf565fc3a1f05c149e4314966 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 10 Aug 2013 15:17:00 +0200 Subject: migrate to the new define usage --- manifests/init.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index f2b3bd3..88cf48c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -60,8 +60,8 @@ class strongswan( } if $manage_shorewall { - class{'shorewall::rules::ipsec': - source => $strongswan::shorewall_source + shorewall::rules::ipsec{ + $strongswan::shorewall_source: } if $ipsec_nat { include shorewall::rules::ipsec_nat -- cgit v1.2.3 From ce1b40c24305aa377fc7ae73cdf8d6f8351e7aef Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 10 Aug 2013 18:29:01 +0200 Subject: clear line --- templates/remote_host.erb | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/templates/remote_host.erb b/templates/remote_host.erb index 52639cd..4f35478 100644 --- a/templates/remote_host.erb +++ b/templates/remote_host.erb @@ -1,21 +1,23 @@ # host <%= name %> <% if !(right_id =~ /#{scope.lookupvar('::fqdn')}/) -%> -conn <%= name %> -<% if left_ip_address != 'absent' -%> - left=<%= left_ip_address %> +<% Array(right_ip_address).each_with_index do |right_ip,i| -%> +conn <%= name %><% if i > 0 -%>-<%= i %><% end -%> <% end -%> -<% if left_id != 'absent' -%> +<% if left_ip_address != 'absent' -%> + left=<%= left_ip_address %> +<% end -%> +<% if left_id != 'absent' -%> leftid=@<%= left_id %> -<% end -%> -<% unless left_subnet.empty? %> +<% end -%> +<% unless left_subnet.empty? -%> leftsubnet=<%= left_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %> -<% end -%> - right=<%= right_ip_address %> +<% end -%> + right=<%= right_ip %> rightid=@<%= right_id %> rightcert=<%= right_cert_name %>.asc -<% unless right_subnet.empty? -%> +<% unless right_subnet.empty? -%> rightsubnet=<%= right_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %> -<% end -%> +<% end -%> type=transport auto=start <% else -%> -- cgit v1.2.3 From 9c90e6ae9d73e762fadde4e66edc5ccb02c69467 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 10 Aug 2013 18:33:09 +0200 Subject: Revert "clear line" This reverts commit ce1b40c24305aa377fc7ae73cdf8d6f8351e7aef. --- templates/remote_host.erb | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/templates/remote_host.erb b/templates/remote_host.erb index 4f35478..52639cd 100644 --- a/templates/remote_host.erb +++ b/templates/remote_host.erb @@ -1,23 +1,21 @@ # host <%= name %> <% if !(right_id =~ /#{scope.lookupvar('::fqdn')}/) -%> -<% Array(right_ip_address).each_with_index do |right_ip,i| -%> -conn <%= name %><% if i > 0 -%>-<%= i %><% end -%> -<% end -%> -<% if left_ip_address != 'absent' -%> +conn <%= name %> +<% if left_ip_address != 'absent' -%> left=<%= left_ip_address %> -<% end -%> -<% if left_id != 'absent' -%> +<% end -%> +<% if left_id != 'absent' -%> leftid=@<%= left_id %> -<% end -%> -<% unless left_subnet.empty? -%> +<% end -%> +<% unless left_subnet.empty? %> leftsubnet=<%= left_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %> -<% end -%> - right=<%= right_ip %> +<% end -%> + right=<%= right_ip_address %> rightid=@<%= right_id %> rightcert=<%= right_cert_name %>.asc -<% unless right_subnet.empty? -%> +<% unless right_subnet.empty? -%> rightsubnet=<%= right_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %> -<% end -%> +<% end -%> type=transport auto=start <% else -%> -- cgit v1.2.3 From 689961e33cea7c6c2695e460a5f8da10a7b58c76 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 10 Aug 2013 18:34:09 +0200 Subject: really fix line --- templates/remote_host.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/remote_host.erb b/templates/remote_host.erb index 52639cd..8d1ab41 100644 --- a/templates/remote_host.erb +++ b/templates/remote_host.erb @@ -7,7 +7,7 @@ conn <%= name %> <% if left_id != 'absent' -%> leftid=@<%= left_id %> <% end -%> -<% unless left_subnet.empty? %> +<% unless left_subnet.empty? -%> leftsubnet=<%= left_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %> <% end -%> right=<%= right_ip_address %> -- cgit v1.2.3 From 9bff4b7d2222f3bba58603efde427532d3a5f502 Mon Sep 17 00:00:00 2001 From: o Date: Sat, 10 Aug 2013 18:51:23 +0200 Subject: add a hack to override the right subnet from the %default connection if necessary --- templates/remote_host.erb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/templates/remote_host.erb b/templates/remote_host.erb index 8d1ab41..dbe3945 100644 --- a/templates/remote_host.erb +++ b/templates/remote_host.erb @@ -13,7 +13,12 @@ conn <%= name %> right=<%= right_ip_address %> rightid=@<%= right_id %> rightcert=<%= right_cert_name %>.asc -<% unless right_subnet.empty? -%> +<% if right_subnet.empty? -%> + <% unless (subn=scope.lookupvar('strongswan::default_left_subnet')).empty? -%> + # Override the public subnet definition for the internal links + rightsubnet=<%= right_ip_address %>/32 + <% end %> +<% else -%> rightsubnet=<%= right_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %> <% end -%> type=transport -- cgit v1.2.3