From 720c1670750345e8c361219a58c2722a603e26bb Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 1 Nov 2016 20:26:20 +0100 Subject: add support for onionbalance --- manifests/onionbalance.pp | 81 ++++++++++++++++++++++++++++++++++++++++++ manifests/onionbalance/key.pp | 25 +++++++++++++ manifests/onionbalance/keys.pp | 11 ++++++ 3 files changed, 117 insertions(+) create mode 100644 manifests/onionbalance.pp create mode 100644 manifests/onionbalance/key.pp create mode 100644 manifests/onionbalance/keys.pp (limited to 'manifests') diff --git a/manifests/onionbalance.pp b/manifests/onionbalance.pp new file mode 100644 index 0000000..34831d3 --- /dev/null +++ b/manifests/onionbalance.pp @@ -0,0 +1,81 @@ +# manages an onionbalance installation +# +# Parameters: +# +# services: a hash of onionbalance service instances +# services => { +# keyname_of_service1 => { +# name1 => onionservice_addr_3, +# name2 => onionservice_addr_2, +# _key_content => content_of_key_of_onionbalanced_service1, +# }, +# } +# +class tor::onionbalance( + $services, +) { + + include ::tor + + case $osfamily { + 'Debian': { + $pkg_name = 'onionbalance' + $instance_file = '/etc/tor/instances/onionbalance/torrc' + $instance_user = '_tor-onionbalance' + exec{'/usr/sbin/tor-instance-create onionbalance': + creates => '/etc/tor/instances/onionbalance', + require => Package['tor'], + before => File[$instance_file], + } -> augeas{"manage_onionbalance_in_group_${instance_user}": + context => '/files/etc/group', + changes => [ "set ${instance_user}/user[last()+1] onionbalance" ], + onlyif => "match ${instance_user}/*[../user='onionbalance'] size == 0", + require => Package['onionbalance'], + } + } + 'RedHat': { + $instance_file = '/etc/tor/onionbalance.torrc' + $instance_user = 'toranon' + $pkg_name = 'python2-onionbalance' + } + default: { + fail("OSFamily ${osfamily} not (yet) supported for onionbalance") + } + } + + package{$pkg_name: + ensure => 'installed', + tag => 'onionbalance', + } -> file{ + '/etc/onionbalance/config.yaml': + content => template('tor/onionbalance/config.yaml.erb'), + owner => root, + group => $instance_user, + mode => '0640', + notify => Service['onionbalance']; + $instance_file: + content => template("tor/onionbalance/${osfamily}.torrc.erb"), + owner => root, + group => 0, + mode => '0644', + require => Package['tor'], + notify => Service['tor@onionbalance'], + } + + tor::onionbalance::keys{ + keys($services): + values => $services, + group => $instance_user, + } + + service{ + 'tor@onionbalance': + ensure => running, + enable => true; + 'onionbalance': + ensure => running, + enable => true, + subscribe => Service['tor@onionbalance']; + } + +} diff --git a/manifests/onionbalance/key.pp b/manifests/onionbalance/key.pp new file mode 100644 index 0000000..e0016fc --- /dev/null +++ b/manifests/onionbalance/key.pp @@ -0,0 +1,25 @@ +# manage onionbalance keys +# +# key_content will be treated as path +# to a file containing the key content +# if the value starts with a / +# +define tor::onionbalance::key( + $key_content, + $group, +){ + + if $key_content =~ /^\// { + $content = file($key_content) + } else { + $content = $key_content + } + Package<| tag == 'onionbalance' |> -> file{ + "/etc/onionbalance/${name}.key": + content => $content, + owner => root, + group => $group, + mode => '0640', + notify => Service['onionbalance']; + } +} diff --git a/manifests/onionbalance/keys.pp b/manifests/onionbalance/keys.pp new file mode 100644 index 0000000..e3040f5 --- /dev/null +++ b/manifests/onionbalance/keys.pp @@ -0,0 +1,11 @@ +# a wrapper to manage onionbalance keys +define tor::onionbalance::keys( + $values, + $group, +) { + tor::onionbalance::key{ + $name: + key_content => $values[$name]['_key_content'], + group => $group, + } +} -- cgit v1.2.3