Merge remote-tracking branch 'leap/master' into riseup

Conflicts:
	manifests/centos.pp
	manifests/init.pp
	manifests/linux.pp

7 files changed, 117 insertions, 50 deletions

diff --git a/README b/README
new file mode 100644
index 0000000..32698b3
--- /dev/null
+++ b/README
@@ -0,0 +1,62 @@
+Overview
+========
+
+This module manages stunnel4. It installs and configures the software, makes
+sure it is running, and enables you to create different stunnels.
+
+
+! Upgrade Notice !
+==================
+
+Previous versions of this module were not using parameterized classes. If you
+were using a previous version, you may need to change how you are using the
+module to accomodate for that. If you were previously setting some stunnel
+variables before including the class, you will now need to pass those variables
+to the class as parameters. If you were just simply doing 'include stunnel',
+then you will not need to change anything.
+
+Classes
+=======
+
+stunnel
+-------
+
+This is the main class which brings you stunnel support. You will need to
+instantiate it by doing the following:
+
+class { 'stunnel': }
+
+Class parameters:
+
+* ensure_version - If this parameter is passed, you can force a particular
+  version of stunnel to be installed, if it is available with your packaging
+  system, for example:
+
+  class { 'stunnel': ensure_version = '3:4.53-1' }
+  
+  If you do not pass this parameter, it will default to just be 'present'.
+
+* startboot (Debian) - This parameter controls if stunnel should be started at
+  boot or not, if you do not pass this paramter, by default it will be started
+
+* default_extra (Debian) - This parameter lets you add arbitrary extra text to
+  the bottom of /etc/default/stunnel4, this can be useful to set ulimit for
+  example
+
+
+Defines
+=======
+
+stunnel::service
+----------------
+
+This define lets you setup any number of stunnels, it allows you to pass every
+stunnel configuration variable (see manifests/server.pp) which will be used to
+create the /etc/stunnel/${name}.conf file, and then notify the stunnel service
+so it will restart.
+
+If you pass $use_nagios to this define, it will create a nagios::service entry
+for stunnel_${name} which will watch for the appropriate number processes with
+that configuration name
+
+  
\ No newline at end of file
diff --git a/manifests/base.pp b/manifests/base.pp
index 3061902..9fed2de 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -1,13 +1,13 @@
 class stunnel::base {
 
-  file { "/etc/stunnel":
+  file { '/etc/stunnel':
     ensure => directory;
   }
 
   service { 'stunnel':
-    name => 'stunnel',
-    enable => true,
-    ensure => running,
+    ensure    => running,
+    name      => 'stunnel',
+    enable    => true,
     hasstatus => false;
   }
 }
diff --git a/manifests/centos.pp b/manifests/centos.pp
index 14aac8f..19a4684 100644
--- a/manifests/centos.pp
+++ b/manifests/centos.pp
@@ -1,16 +1,19 @@
 class stunnel::centos inherits stunnel::linux {
 
-  file{'/etc/init.d/stunnel':
-    source => "puppet:///modules/stunnel/${::operatingsystem}/stunnel.init",
+  file { '/etc/init.d/stunnel':
+    source  => "puppet:///modules/stunnel/${::operatingsystem}/stunnel.init",
     require => Package['stunnel'],
-    before => Service['stunnel'],
-    owner => root, group => 0, mode => 0755;
+    before  => Service['stunnel'],
+    owner   => root,
+    group   => 0,
+    mode    => '0755';
   }
 
-  user::managed{ "stunnel":
-    homedir => "/var/run/stunnel",
-    shell => "/sbin/nologin",
-    uid => 105, gid => 105;
+  user::managed { 'stunnel':
+    homedir => '/var/run/stunnel',
+    shell   => '/sbin/nologin',
+    uid     => 105,
+    gid     => 105;
   }
 
   Service['stunnel']{
@@ -18,13 +21,15 @@ class stunnel::centos inherits stunnel::linux {
     require => [ User['stunnel'], File['/etc/init.d/stunnel'] ]
   }
 
-  file{'/etc/stunnel/stunnel.conf':
-    source => [ "puppet:///modules/site_stunnel/${::fqdn}/stunnel.conf",
-                "puppet:///modules/site_stunnel/${stunnel::cluster}/stunnel.conf",
-                "puppet:///modules/site_stunnel/stunnel.conf",
-                "puppet:///modules/stunnel/${::operatingsystem}/stunnel.conf" ],
+  file { '/etc/stunnel/stunnel.conf':
+    source  => [ "puppet:///modules/site-stunnel/${::fqdn}/stunnel.conf",
+                 "puppet:///modules/site-stunnel/${stunnel::cluster}/stunnel.conf",
+                 'puppet:///modules/site-stunnel/stunnel.conf',
+                 'puppet:///modules/stunnel/${::operatingsystem}/stunnel.conf' ],
     require => Package['stunnel'],
-    notify => Service['stunnel'],
-    owner => root, group => 0, mode => 0600;
+    notify  => Service['stunnel'],
+    owner   => root,
+    group   => 0,
+    mode    => '0600';
   }
 }
diff --git a/manifests/debian.pp b/manifests/debian.pp
index a64a4c9..eb4d57a 100644
--- a/manifests/debian.pp
+++ b/manifests/debian.pp
@@ -10,10 +10,12 @@ class stunnel::debian inherits stunnel::linux {
   }
 
   file { '/etc/default/stunnel4':
-    content => template("stunnel/Debian/default"),
+    content => template('stunnel/Debian/default'),
     require => Package['stunnel4'],
-    notify => Service['stunnel4'],
-    owner => root, group => 0, mode => 0644;
+    notify  => Service['stunnel4'],
+    owner   => root,
+    group   => 0,
+    mode    => '0644';
   }
 }
 
diff --git a/manifests/init.pp b/manifests/init.pp
index d0d67c9..b2018a5 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -17,23 +17,12 @@
 
 # TODO: warn on cert/key issues, fail on false accept?
 
-class stunnel(
-  $cluster = '',
-  $ensure_version = 'present',
-  $startboot = '1',
-  $default_extra = '',
-  $nagios_stunnel_procs = false
-) {
+class stunnel ( $ensure_version = 'present', $startboot = '1', $default_extra, $cluster = '' )
+{
 
   case $::operatingsystem {
-    debian: { include stunnel::debian }
-    centos: { include stunnel::centos }
-    default: { include stunnel::default }
-  }
-
-  if $nagios_stunnel_procs {
-    nagios::service { "stunnel":
-      check_command => "nagios-stat-proc!/usr/bin/stunnel4!6!5!proc";
-    }
+    debian: { class { 'stunnel::debian': } }
+    centos: { class {  'stunnel::centos': } }
+    default: { class { 'stunnel::default': } }
   }
 }
diff --git a/manifests/linux.pp b/manifests/linux.pp
index 3b03998..a4a926e 100644
--- a/manifests/linux.pp
+++ b/manifests/linux.pp
@@ -1,4 +1,5 @@
 class stunnel::linux inherits stunnel::base {
+
   package { 'stunnel':
     ensure => $stunnel::ensure_version
   }
diff --git a/manifests/service.pp b/manifests/service.pp
index fb24168..fd64f9b 100644
--- a/manifests/service.pp
+++ b/manifests/service.pp
@@ -40,10 +40,10 @@ define stunnel::service (
   $rndoverwrite = false,
   $service = false,
   $session = false,
-  $setuid = "stunnel4",
-  $setgid = "stunnel4",
-  $socket = [ "l:TCP_NODELAY=1", "r:TCP_NODELAY=1"],
-  $sslversion = "SSLv3",
+  $setuid = 'stunnel4',
+  $setgid = 'stunnel4',
+  $socket = [ 'l:TCP_NODELAY=1', 'r:TCP_NODELAY=1'],
+  $sslversion = 'SSLv3',
   $stack = false,
   $syslog = false,
   $timeoutbusy = false,
@@ -51,18 +51,26 @@ define stunnel::service (
   $timeoutconnect = false,
   $timeoutidle = false,
   $transparent = false,
+  $use_nagios = false,
   $verify = false
 ) {
 
-  $real_client = $client ? { default => "yes" }
+  $real_client = $client ? { default => 'yes' }
   $real_pid = $pid ? { false => "/${name}.pid", default => $pid }
-                    
+
   file { "/etc/stunnel/${name}.conf":
-    ensure => $ensure,
-    content => template('stunnel/service.conf.erb'), 
-    require => File["/etc/stunnel"],
-    notify => Service[stunnel],
-    owner => root, group => 0, mode => 0600;
+    ensure  => $ensure,
+    content => template('stunnel/service.conf.erb'),
+    require => File['/etc/stunnel'],
+    notify  => Service[stunnel],
+    owner   => root,
+    group   => 0,
+    mode    => '0600';
   }
-}
 
+  if $use_nagios {
+    nagios::service { "stunnel_${name}":
+      check_command => "nagios-stat-proc!/usr/bin/stunnel4 /etc/stunnel/${name}.conf!6!5!proc";
+    }
+  }
+}