diff options
author | Micah Anderson <micah@riseup.net> | 2013-04-03 14:36:04 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2013-04-03 14:36:04 -0400 |
commit | 38ce9a5950f1aadfb8b844c2ba4d280b06456489 (patch) | |
tree | 134fddead133ab7442afbcc8a6cba624ddb6a488 | |
parent | 95f55b7586e850fc9d31fc08a86a5bf25a7abb37 (diff) | |
parent | 74fe8e6a586bec3b04a7b51beb4ed2f8fbc27e03 (diff) |
Merge remote-tracking branch 'leap/master' into riseup
Conflicts:
manifests/centos.pp
manifests/init.pp
manifests/linux.pp
-rw-r--r-- | README | 62 | ||||
-rw-r--r-- | manifests/base.pp | 8 | ||||
-rw-r--r-- | manifests/centos.pp | 35 | ||||
-rw-r--r-- | manifests/debian.pp | 8 | ||||
-rw-r--r-- | manifests/init.pp | 21 | ||||
-rw-r--r-- | manifests/linux.pp | 1 | ||||
-rw-r--r-- | manifests/service.pp | 32 |
7 files changed, 117 insertions, 50 deletions
@@ -0,0 +1,62 @@ +Overview +======== + +This module manages stunnel4. It installs and configures the software, makes +sure it is running, and enables you to create different stunnels. + + +! Upgrade Notice ! +================== + +Previous versions of this module were not using parameterized classes. If you +were using a previous version, you may need to change how you are using the +module to accomodate for that. If you were previously setting some stunnel +variables before including the class, you will now need to pass those variables +to the class as parameters. If you were just simply doing 'include stunnel', +then you will not need to change anything. + +Classes +======= + +stunnel +------- + +This is the main class which brings you stunnel support. You will need to +instantiate it by doing the following: + +class { 'stunnel': } + +Class parameters: + +* ensure_version - If this parameter is passed, you can force a particular + version of stunnel to be installed, if it is available with your packaging + system, for example: + + class { 'stunnel': ensure_version = '3:4.53-1' } + + If you do not pass this parameter, it will default to just be 'present'. + +* startboot (Debian) - This parameter controls if stunnel should be started at + boot or not, if you do not pass this paramter, by default it will be started + +* default_extra (Debian) - This parameter lets you add arbitrary extra text to + the bottom of /etc/default/stunnel4, this can be useful to set ulimit for + example + + +Defines +======= + +stunnel::service +---------------- + +This define lets you setup any number of stunnels, it allows you to pass every +stunnel configuration variable (see manifests/server.pp) which will be used to +create the /etc/stunnel/${name}.conf file, and then notify the stunnel service +so it will restart. + +If you pass $use_nagios to this define, it will create a nagios::service entry +for stunnel_${name} which will watch for the appropriate number processes with +that configuration name + +
\ No newline at end of file diff --git a/manifests/base.pp b/manifests/base.pp index 3061902..9fed2de 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,13 +1,13 @@ class stunnel::base { - file { "/etc/stunnel": + file { '/etc/stunnel': ensure => directory; } service { 'stunnel': - name => 'stunnel', - enable => true, - ensure => running, + ensure => running, + name => 'stunnel', + enable => true, hasstatus => false; } } diff --git a/manifests/centos.pp b/manifests/centos.pp index 14aac8f..19a4684 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -1,16 +1,19 @@ class stunnel::centos inherits stunnel::linux { - file{'/etc/init.d/stunnel': - source => "puppet:///modules/stunnel/${::operatingsystem}/stunnel.init", + file { '/etc/init.d/stunnel': + source => "puppet:///modules/stunnel/${::operatingsystem}/stunnel.init", require => Package['stunnel'], - before => Service['stunnel'], - owner => root, group => 0, mode => 0755; + before => Service['stunnel'], + owner => root, + group => 0, + mode => '0755'; } - user::managed{ "stunnel": - homedir => "/var/run/stunnel", - shell => "/sbin/nologin", - uid => 105, gid => 105; + user::managed { 'stunnel': + homedir => '/var/run/stunnel', + shell => '/sbin/nologin', + uid => 105, + gid => 105; } Service['stunnel']{ @@ -18,13 +21,15 @@ class stunnel::centos inherits stunnel::linux { require => [ User['stunnel'], File['/etc/init.d/stunnel'] ] } - file{'/etc/stunnel/stunnel.conf': - source => [ "puppet:///modules/site_stunnel/${::fqdn}/stunnel.conf", - "puppet:///modules/site_stunnel/${stunnel::cluster}/stunnel.conf", - "puppet:///modules/site_stunnel/stunnel.conf", - "puppet:///modules/stunnel/${::operatingsystem}/stunnel.conf" ], + file { '/etc/stunnel/stunnel.conf': + source => [ "puppet:///modules/site-stunnel/${::fqdn}/stunnel.conf", + "puppet:///modules/site-stunnel/${stunnel::cluster}/stunnel.conf", + 'puppet:///modules/site-stunnel/stunnel.conf', + 'puppet:///modules/stunnel/${::operatingsystem}/stunnel.conf' ], require => Package['stunnel'], - notify => Service['stunnel'], - owner => root, group => 0, mode => 0600; + notify => Service['stunnel'], + owner => root, + group => 0, + mode => '0600'; } } diff --git a/manifests/debian.pp b/manifests/debian.pp index a64a4c9..eb4d57a 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -10,10 +10,12 @@ class stunnel::debian inherits stunnel::linux { } file { '/etc/default/stunnel4': - content => template("stunnel/Debian/default"), + content => template('stunnel/Debian/default'), require => Package['stunnel4'], - notify => Service['stunnel4'], - owner => root, group => 0, mode => 0644; + notify => Service['stunnel4'], + owner => root, + group => 0, + mode => '0644'; } } diff --git a/manifests/init.pp b/manifests/init.pp index d0d67c9..b2018a5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -17,23 +17,12 @@ # TODO: warn on cert/key issues, fail on false accept? -class stunnel( - $cluster = '', - $ensure_version = 'present', - $startboot = '1', - $default_extra = '', - $nagios_stunnel_procs = false -) { +class stunnel ( $ensure_version = 'present', $startboot = '1', $default_extra, $cluster = '' ) +{ case $::operatingsystem { - debian: { include stunnel::debian } - centos: { include stunnel::centos } - default: { include stunnel::default } - } - - if $nagios_stunnel_procs { - nagios::service { "stunnel": - check_command => "nagios-stat-proc!/usr/bin/stunnel4!6!5!proc"; - } + debian: { class { 'stunnel::debian': } } + centos: { class { 'stunnel::centos': } } + default: { class { 'stunnel::default': } } } } diff --git a/manifests/linux.pp b/manifests/linux.pp index 3b03998..a4a926e 100644 --- a/manifests/linux.pp +++ b/manifests/linux.pp @@ -1,4 +1,5 @@ class stunnel::linux inherits stunnel::base { + package { 'stunnel': ensure => $stunnel::ensure_version } diff --git a/manifests/service.pp b/manifests/service.pp index fb24168..fd64f9b 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -40,10 +40,10 @@ define stunnel::service ( $rndoverwrite = false, $service = false, $session = false, - $setuid = "stunnel4", - $setgid = "stunnel4", - $socket = [ "l:TCP_NODELAY=1", "r:TCP_NODELAY=1"], - $sslversion = "SSLv3", + $setuid = 'stunnel4', + $setgid = 'stunnel4', + $socket = [ 'l:TCP_NODELAY=1', 'r:TCP_NODELAY=1'], + $sslversion = 'SSLv3', $stack = false, $syslog = false, $timeoutbusy = false, @@ -51,18 +51,26 @@ define stunnel::service ( $timeoutconnect = false, $timeoutidle = false, $transparent = false, + $use_nagios = false, $verify = false ) { - $real_client = $client ? { default => "yes" } + $real_client = $client ? { default => 'yes' } $real_pid = $pid ? { false => "/${name}.pid", default => $pid } - + file { "/etc/stunnel/${name}.conf": - ensure => $ensure, - content => template('stunnel/service.conf.erb'), - require => File["/etc/stunnel"], - notify => Service[stunnel], - owner => root, group => 0, mode => 0600; + ensure => $ensure, + content => template('stunnel/service.conf.erb'), + require => File['/etc/stunnel'], + notify => Service[stunnel], + owner => root, + group => 0, + mode => '0600'; } -} + if $use_nagios { + nagios::service { "stunnel_${name}": + check_command => "nagios-stat-proc!/usr/bin/stunnel4 /etc/stunnel/${name}.conf!6!5!proc"; + } + } +} |