1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
define stunnel::service (
$ensure = present,
$accept = false,
$capath = false,
$cafile = false,
$cert = false,
$chroot = false,
$ciphers = false,
$client = false,
$compress = false,
$connect = false,
$crlpath = false,
$crlfile = false,
$debuglevel = false,
$delay = false,
$egd = false,
$engine = false,
$engineCtrl = false,
$enginenum = false,
$exec = false,
$execargs = false,
$failover = false,
$ident = false,
$key = false,
$local = false,
$oscp = false,
$ocspflag = false,
$options = false,
$output = false,
$pid = false,
$protocol = false,
$protocolauthentication = false,
$protocolhost = false,
$protocolpassword = false,
$protocolusername = false,
$pty = false,
$retry = false,
$rndbytes = false,
$rndfile = false,
$rndoverwrite = false,
$service = false,
$session = false,
$setuid = 'stunnel4',
$setgid = 'stunnel4',
$socket = [ 'l:TCP_NODELAY=1', 'r:TCP_NODELAY=1'],
$sslversion = 'SSLv3',
$stack = false,
$syslog = false,
$timeoutbusy = false,
$timeoutclose = false,
$timeoutconnect = false,
$timeoutidle = false,
$transparent = false,
$use_nagios = false,
$verify = false
) {
include stunnel
$real_client = $client ? { default => 'yes' }
$real_pid = $pid ? { false => "/${name}.pid", default => $pid }
file { "/etc/stunnel/${name}.conf":
ensure => $ensure,
content => template('stunnel/service.conf.erb'),
require => File['/etc/stunnel'],
notify => Service[stunnel],
owner => root,
group => 0,
mode => '0600';
}
if $use_nagios {
nagios::service { "stunnel_${name}":
check_command => "nagios-stat-proc!/usr/bin/stunnel4 /etc/stunnel/${name}.conf!6!5!proc";
}
}
}
|