manifests/init.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

# manage a strongswan
class strongswan(
  $manage_shorewall         = false,
  $monkeysphere_publish_key = false,
  $ipsec_nat                = false,
  $default_left_ip_address  = $::ipaddress,
  $additional_options       = '',
  $auto_remote_host         = false
) {

  class{'monkeysphere':
    publish_key => $monkeysphere_publish_key
  } -> class{'certtool': }

  case $::operatingsystem {
    centos: {
      case $::lsbmajdistrelease {
        '5': {
          $config_dir = '/etc/ipsec.d'
          class{'strongswan::centos::five':
            require => Class['monkeysphere'],
          }
        }
        default: {
          $config_dir = '/etc/strongswan'
          class{'strongswan::centos::six':
            require => Class['monkeysphere'],
          }
        }
      }
    }
    default: {
      $config_dir = '/etc/ipsec.d'
      class{'strongswan::base':
        require => Class['monkeysphere'],
      }
    }
  }

  if $manage_shorewall {
    include shorewall::rules::ipsec
    if $ipsec_nat {
      include shorewall::rules::ipsec_nat
    }
  }
}