From 75842d9eb10110664b30861840ada3b645f7b870 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 3 Apr 2013 12:15:08 -0400 Subject: lint --- manifests/base.pp | 8 ++++---- manifests/centos.pp | 35 ++++++++++++++++++++--------------- manifests/debian.pp | 18 +++++++++++------- manifests/init.pp | 13 +++++++++---- manifests/linux.pp | 6 +++--- manifests/service.pp | 25 +++++++++++++------------ 6 files changed, 60 insertions(+), 45 deletions(-) diff --git a/manifests/base.pp b/manifests/base.pp index 3061902..9fed2de 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,13 +1,13 @@ class stunnel::base { - file { "/etc/stunnel": + file { '/etc/stunnel': ensure => directory; } service { 'stunnel': - name => 'stunnel', - enable => true, - ensure => running, + ensure => running, + name => 'stunnel', + enable => true, hasstatus => false; } } diff --git a/manifests/centos.pp b/manifests/centos.pp index 1b971a3..39f18c7 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -1,16 +1,19 @@ class stunnel::centos inherits stunnel::linux { - file{'/etc/init.d/stunnel': - source => "puppet:///modules/stunnel/${operatingsystem}/stunnel.init", + file { '/etc/init.d/stunnel': + source => "puppet:///modules/stunnel/${::operatingsystem}/stunnel.init", require => Package['stunnel'], - before => Service['stunnel'], - owner => root, group => 0, mode => 0755; + before => Service['stunnel'], + owner => root, + group => 0, + mode => '0755'; } - user::managed{ "stunnel": - homedir => "/var/run/stunnel", - shell => "/sbin/nologin", - uid => 105, gid => 105; + user::managed { 'stunnel': + homedir => '/var/run/stunnel', + shell => '/sbin/nologin', + uid => 105, + gid => 105; } Service['stunnel']{ @@ -18,13 +21,15 @@ class stunnel::centos inherits stunnel::linux { require => [ User['stunnel'], File['/etc/init.d/stunnel'] ] } - file{'/etc/stunnel/stunnel.conf': - source => [ "puppet:///modules/site-stunnel/${fqdn}/stunnel.conf", - "puppet:///modules/site-stunnel/${stunnel_cluster}/stunnel.conf", - "puppet:///modules/site-stunnel/stunnel.conf", - "puppet:///modules/stunnel/${operatingsystem}/stunnel.conf" ], + file { '/etc/stunnel/stunnel.conf': + source => [ "puppet:///modules/site-stunnel/${::fqdn}/stunnel.conf", + "puppet:///modules/site-stunnel/${stunnel_cluster}/stunnel.conf", + 'puppet:///modules/site-stunnel/stunnel.conf', + 'puppet:///modules/stunnel/${::operatingsystem}/stunnel.conf' ], require => Package['stunnel'], - notify => Service['stunnel'], - owner => root, group => 0, mode => 0600; + notify => Service['stunnel'], + owner => root, + group => 0, + mode => '0600'; } } diff --git a/manifests/debian.pp b/manifests/debian.pp index 83f9981..a480a2c 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -1,31 +1,35 @@ class stunnel::debian inherits stunnel::linux { - + Package[stunnel] { name => 'stunnel4', } - + Service[stunnel] { name => 'stunnel4', pattern => '/usr/bin/stunnel4', } - + # make the /etc/default/stunnel ENABLED configurable with a variable # and default to on case $stunnel_startboot { '': { $stunnel_startboot = '1' } + default: { $stunnel_startboot = '1' } } # make the /etc/default/stunnel extra configurable with a variable # and default to adding nothing to the default file case $stunnel_default_extra { '': { $stunnel_default_extra = '' } + default: { $stunnel_default_extra = '' } } - + file { '/etc/default/stunnel4': - content => template("stunnel/Debian/default"), + content => template('stunnel/Debian/default'), require => Package['stunnel4'], - notify => Service['stunnel4'], - owner => root, group => 0, mode => 0644; + notify => Service['stunnel4'], + owner => root, + group => 0, + mode => '0644'; } } diff --git a/manifests/init.pp b/manifests/init.pp index b08058e..58902ee 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -20,10 +20,11 @@ class stunnel { case $stunnel_ensure_version { - '': { $stunnel_ensure_version = "present" } + '': { $stunnel_ensure_version = 'present' } + default: { $stunnel_ensure_version = 'present' } } - case $operatingsystem { + case $::operatingsystem { debian: { include stunnel::debian } centos: { include stunnel::centos } default: { include stunnel::default } @@ -31,8 +32,12 @@ class stunnel { if $use_nagios { case $nagios_stunnel_procs { - 'false': { info("We aren't doing nagios checks for stunnel on ${fqdn}" ) } - default: { nagios::service { "stunnel": check_command => "nagios-stat-proc!/usr/bin/stunnel4!6!5!proc"; } } + false: { info("We aren't doing nagios checks for stunnel on ${::fqdn}" ) } + default: { nagios::service + { 'stunnel': + check_command => 'nagios-stat-proc!/usr/bin/stunnel4!6!5!proc'; + } + } } } } diff --git a/manifests/linux.pp b/manifests/linux.pp index 800df37..b4b99c6 100644 --- a/manifests/linux.pp +++ b/manifests/linux.pp @@ -1,7 +1,7 @@ class stunnel::linux inherits stunnel::base { - - if $stunnel_ensure_version == '' { $stunnel_ensure_version = 'installed' } + + if $stunnel_ensure_version == '' { $stunnel_ensure_version = 'installed' } package { 'stunnel': ensure => $stunnel_ensure_version } -} +} diff --git a/manifests/service.pp b/manifests/service.pp index fb24168..b925d00 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -40,10 +40,10 @@ define stunnel::service ( $rndoverwrite = false, $service = false, $session = false, - $setuid = "stunnel4", - $setgid = "stunnel4", - $socket = [ "l:TCP_NODELAY=1", "r:TCP_NODELAY=1"], - $sslversion = "SSLv3", + $setuid = 'stunnel4', + $setgid = 'stunnel4', + $socket = [ 'l:TCP_NODELAY=1', 'r:TCP_NODELAY=1'], + $sslversion = 'SSLv3', $stack = false, $syslog = false, $timeoutbusy = false, @@ -54,15 +54,16 @@ define stunnel::service ( $verify = false ) { - $real_client = $client ? { default => "yes" } + $real_client = $client ? { default => 'yes' } $real_pid = $pid ? { false => "/${name}.pid", default => $pid } - + file { "/etc/stunnel/${name}.conf": - ensure => $ensure, - content => template('stunnel/service.conf.erb'), - require => File["/etc/stunnel"], - notify => Service[stunnel], - owner => root, group => 0, mode => 0600; + ensure => $ensure, + content => template('stunnel/service.conf.erb'), + require => File['/etc/stunnel'], + notify => Service[stunnel], + owner => root, + group => 0, + mode => '0600'; } } - -- cgit v1.2.3 From 6c27f8faf0caef51af5958ad8aa01b3aef4ea2ed Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 3 Apr 2013 12:52:19 -0400 Subject: minor additional linting --- manifests/init.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 58902ee..b1437d2 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -4,9 +4,9 @@ # Copyright 2009, Riseup Networks # # -# This program is free software; you can redistribute -# it and/or modify it under the terms of the GNU -# General Public License version 3 as published by +# This program is free software; you can redistribute +# it and/or modify it under the terms of the GNU +# General Public License version 3 as published by # the Free Software Foundation. # # 1. include stunnel: this will automatically include stunnel::debian, -- cgit v1.2.3 From 0bec75e40e5aa4458c960242298ab455fcffc88e Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 3 Apr 2013 13:18:26 -0400 Subject: switch to parameterized classes, changing the variable names as appropriate to remove the redundant stunnel_ prefix --- manifests/debian.pp | 12 ++++++------ manifests/init.pp | 15 +++++---------- manifests/linux.pp | 4 ++-- templates/Debian/default | 4 ++-- 4 files changed, 15 insertions(+), 20 deletions(-) diff --git a/manifests/debian.pp b/manifests/debian.pp index a480a2c..156ef75 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -11,16 +11,16 @@ class stunnel::debian inherits stunnel::linux { # make the /etc/default/stunnel ENABLED configurable with a variable # and default to on - case $stunnel_startboot { - '': { $stunnel_startboot = '1' } - default: { $stunnel_startboot = '1' } + case $startboot { + '': { $startboot = '1' } + default: { $startboot = '1' } } # make the /etc/default/stunnel extra configurable with a variable # and default to adding nothing to the default file - case $stunnel_default_extra { - '': { $stunnel_default_extra = '' } - default: { $stunnel_default_extra = '' } + case $default_extra { + '': { $default_extra = '' } + default: { $default_extra = '' } } file { '/etc/default/stunnel4': diff --git a/manifests/init.pp b/manifests/init.pp index b1437d2..270540d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -17,17 +17,12 @@ # TODO: warn on cert/key issues, fail on false accept? -class stunnel { - - case $stunnel_ensure_version { - '': { $stunnel_ensure_version = 'present' } - default: { $stunnel_ensure_version = 'present' } - } - +class stunnel ( $ensure_version = 'present', $startboot = '1', $default_extra ) +{ case $::operatingsystem { - debian: { include stunnel::debian } - centos: { include stunnel::centos } - default: { include stunnel::default } + debian: { class { 'stunnel::debian': } } + centos: { class { 'stunnel::centos': } } + default: { class { 'stunnel::default': } } } if $use_nagios { diff --git a/manifests/linux.pp b/manifests/linux.pp index b4b99c6..eb1b10a 100644 --- a/manifests/linux.pp +++ b/manifests/linux.pp @@ -1,7 +1,7 @@ class stunnel::linux inherits stunnel::base { - if $stunnel_ensure_version == '' { $stunnel_ensure_version = 'installed' } + if $ensure_version == '' { $ensure_version = 'installed' } package { 'stunnel': - ensure => $stunnel_ensure_version + ensure => $ensure_version } } diff --git a/templates/Debian/default b/templates/Debian/default index 85c4754..ccfefa5 100644 --- a/templates/Debian/default +++ b/templates/Debian/default @@ -3,11 +3,11 @@ # September 2003 # Change to one to enable stunnel automatic startup -ENABLED=<%= stunnel_startboot %> +ENABLED=<%= startboot %> FILES="/etc/stunnel/*.conf" OPTIONS="" # Change to one to enable ppp restart scripts PPP_RESTART=0 -<%= stunnel_default_extra %> +<%= default_extra %> -- cgit v1.2.3 From 724bc04aa9ece40fe2c54979afffdf53c5564758 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 3 Apr 2013 13:19:05 -0400 Subject: move the $use_nagios check into the stunnel::service define, where it is more useful for creating accurate nagios-statd-proc checks for the correct stunnel names --- manifests/init.pp | 11 ----------- manifests/service.pp | 7 +++++++ 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 270540d..1204909 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -24,15 +24,4 @@ class stunnel ( $ensure_version = 'present', $startboot = '1', $default_extra ) centos: { class { 'stunnel::centos': } } default: { class { 'stunnel::default': } } } - - if $use_nagios { - case $nagios_stunnel_procs { - false: { info("We aren't doing nagios checks for stunnel on ${::fqdn}" ) } - default: { nagios::service - { 'stunnel': - check_command => 'nagios-stat-proc!/usr/bin/stunnel4!6!5!proc'; - } - } - } - } } diff --git a/manifests/service.pp b/manifests/service.pp index b925d00..fd64f9b 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -51,6 +51,7 @@ define stunnel::service ( $timeoutconnect = false, $timeoutidle = false, $transparent = false, + $use_nagios = false, $verify = false ) { @@ -66,4 +67,10 @@ define stunnel::service ( group => 0, mode => '0600'; } + + if $use_nagios { + nagios::service { "stunnel_${name}": + check_command => "nagios-stat-proc!/usr/bin/stunnel4 /etc/stunnel/${name}.conf!6!5!proc"; + } + } } -- cgit v1.2.3 From 8bc54c4b23e35ecf95aefcd652a616fb00e7789b Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 3 Apr 2013 13:32:52 -0400 Subject: add README --- README | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 README diff --git a/README b/README new file mode 100644 index 0000000..32698b3 --- /dev/null +++ b/README @@ -0,0 +1,62 @@ +Overview +======== + +This module manages stunnel4. It installs and configures the software, makes +sure it is running, and enables you to create different stunnels. + + +! Upgrade Notice ! +================== + +Previous versions of this module were not using parameterized classes. If you +were using a previous version, you may need to change how you are using the +module to accomodate for that. If you were previously setting some stunnel +variables before including the class, you will now need to pass those variables +to the class as parameters. If you were just simply doing 'include stunnel', +then you will not need to change anything. + +Classes +======= + +stunnel +------- + +This is the main class which brings you stunnel support. You will need to +instantiate it by doing the following: + +class { 'stunnel': } + +Class parameters: + +* ensure_version - If this parameter is passed, you can force a particular + version of stunnel to be installed, if it is available with your packaging + system, for example: + + class { 'stunnel': ensure_version = '3:4.53-1' } + + If you do not pass this parameter, it will default to just be 'present'. + +* startboot (Debian) - This parameter controls if stunnel should be started at + boot or not, if you do not pass this paramter, by default it will be started + +* default_extra (Debian) - This parameter lets you add arbitrary extra text to + the bottom of /etc/default/stunnel4, this can be useful to set ulimit for + example + + +Defines +======= + +stunnel::service +---------------- + +This define lets you setup any number of stunnels, it allows you to pass every +stunnel configuration variable (see manifests/server.pp) which will be used to +create the /etc/stunnel/${name}.conf file, and then notify the stunnel service +so it will restart. + +If you pass $use_nagios to this define, it will create a nagios::service entry +for stunnel_${name} which will watch for the appropriate number processes with +that configuration name + + \ No newline at end of file -- cgit v1.2.3 From fb9fcfaa8bb27cb8ceeaa2090ee28c737c540e40 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 3 Apr 2013 13:53:05 -0400 Subject: qualify variables --- manifests/debian.pp | 12 ++++++------ manifests/linux.pp | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manifests/debian.pp b/manifests/debian.pp index 156ef75..ee2a2f1 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -11,16 +11,16 @@ class stunnel::debian inherits stunnel::linux { # make the /etc/default/stunnel ENABLED configurable with a variable # and default to on - case $startboot { - '': { $startboot = '1' } - default: { $startboot = '1' } + case $stunnel::startboot { + '': { $stunnel::startboot = '1' } + default: { $stunnel::startboot = '1' } } # make the /etc/default/stunnel extra configurable with a variable # and default to adding nothing to the default file - case $default_extra { - '': { $default_extra = '' } - default: { $default_extra = '' } + case $stunnel::default_extra { + '': { $stunnel::default_extra = '' } + default: { $stunnel::default_extra = '' } } file { '/etc/default/stunnel4': diff --git a/manifests/linux.pp b/manifests/linux.pp index eb1b10a..972f21c 100644 --- a/manifests/linux.pp +++ b/manifests/linux.pp @@ -1,7 +1,7 @@ class stunnel::linux inherits stunnel::base { - if $ensure_version == '' { $ensure_version = 'installed' } + if $stunnel::ensure_version == '' { $stunnel::ensure_version = 'installed' } package { 'stunnel': - ensure => $ensure_version + ensure => $stunnel::ensure_version } } -- cgit v1.2.3 From b53d574250598178af298c59be957693eaaddb22 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 3 Apr 2013 13:59:31 -0400 Subject: remove variable defaults, they are handled by the paramterization of the class make sure template variables are properly looked up. --- manifests/debian.pp | 14 -------------- manifests/init.pp | 1 + manifests/linux.pp | 1 - templates/Debian/default | 4 ++-- 4 files changed, 3 insertions(+), 17 deletions(-) diff --git a/manifests/debian.pp b/manifests/debian.pp index ee2a2f1..eb4d57a 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -9,20 +9,6 @@ class stunnel::debian inherits stunnel::linux { pattern => '/usr/bin/stunnel4', } - # make the /etc/default/stunnel ENABLED configurable with a variable - # and default to on - case $stunnel::startboot { - '': { $stunnel::startboot = '1' } - default: { $stunnel::startboot = '1' } - } - - # make the /etc/default/stunnel extra configurable with a variable - # and default to adding nothing to the default file - case $stunnel::default_extra { - '': { $stunnel::default_extra = '' } - default: { $stunnel::default_extra = '' } - } - file { '/etc/default/stunnel4': content => template('stunnel/Debian/default'), require => Package['stunnel4'], diff --git a/manifests/init.pp b/manifests/init.pp index 1204909..f7f72b8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -19,6 +19,7 @@ class stunnel ( $ensure_version = 'present', $startboot = '1', $default_extra ) { + case $::operatingsystem { debian: { class { 'stunnel::debian': } } centos: { class { 'stunnel::centos': } } diff --git a/manifests/linux.pp b/manifests/linux.pp index 972f21c..a4a926e 100644 --- a/manifests/linux.pp +++ b/manifests/linux.pp @@ -1,6 +1,5 @@ class stunnel::linux inherits stunnel::base { - if $stunnel::ensure_version == '' { $stunnel::ensure_version = 'installed' } package { 'stunnel': ensure => $stunnel::ensure_version } diff --git a/templates/Debian/default b/templates/Debian/default index ccfefa5..9e2f4d3 100644 --- a/templates/Debian/default +++ b/templates/Debian/default @@ -3,11 +3,11 @@ # September 2003 # Change to one to enable stunnel automatic startup -ENABLED=<%= startboot %> +ENABLED=<%= scope.lookupvar('stunnel::startboot') %> FILES="/etc/stunnel/*.conf" OPTIONS="" # Change to one to enable ppp restart scripts PPP_RESTART=0 -<%= default_extra %> +<%= scope.lookupvar('stunnel::default_extra') %> -- cgit v1.2.3 From 74fe8e6a586bec3b04a7b51beb4ed2f8fbc27e03 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 3 Apr 2013 14:27:52 -0400 Subject: fix accidentally removed cluster parameter --- manifests/centos.pp | 2 +- manifests/init.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/centos.pp b/manifests/centos.pp index 39f18c7..19a4684 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -23,7 +23,7 @@ class stunnel::centos inherits stunnel::linux { file { '/etc/stunnel/stunnel.conf': source => [ "puppet:///modules/site-stunnel/${::fqdn}/stunnel.conf", - "puppet:///modules/site-stunnel/${stunnel_cluster}/stunnel.conf", + "puppet:///modules/site-stunnel/${stunnel::cluster}/stunnel.conf", 'puppet:///modules/site-stunnel/stunnel.conf', 'puppet:///modules/stunnel/${::operatingsystem}/stunnel.conf' ], require => Package['stunnel'], diff --git a/manifests/init.pp b/manifests/init.pp index f7f72b8..b2018a5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -17,7 +17,7 @@ # TODO: warn on cert/key issues, fail on false accept? -class stunnel ( $ensure_version = 'present', $startboot = '1', $default_extra ) +class stunnel ( $ensure_version = 'present', $startboot = '1', $default_extra, $cluster = '' ) { case $::operatingsystem { -- cgit v1.2.3