opuppet/module-tinc
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

make it el7 ready

Browse source
This commit is contained in:
mh 2014-12-28 13:51:14 +01:00
parent a870d1ee71
commit 913e49b0c0
6 changed files with 84 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
files/CentOS/tinc.systemd Normal file
View file

@ -0,0 +1,10 @@
[Unit]
Description=Tinc daemon for network %i
After=network.target
[Service]
ExecStart=/usr/sbin/tincd -D --pidfile /run/tinc.%i.pid -n %i
Restart=on-failure
[Install]
WantedBy=multi-user.target

31
manifests/base.pp
View file

@ -1,22 +1,15 @@
# base setup of tinc
class tinc::base {
package {
'tinc' :
ensure => installed,
}
service {
tinc :
ensure => running,
enable => true,
hasstatus => true,
require => Package[tinc],
}
file {
"/etc/tinc/nets.boot" :
ensure => present,
require => Package['tinc'],
before => Service['tinc'],
owner => root,
group => 0,
mode => 0600 ;
package {'tinc':
ensure => installed,
} -> file {'/etc/tinc/nets.boot':
ensure => present,
owner => root,
group => 0,
mode => '0600';
} -> service {'tinc':
ensure => running,
enable => true,
hasstatus => true,
}
}

42
manifests/centos.pp
View file

@ -1,17 +1,33 @@
# manage centos specific things
class tinc::centos inherits tinc::base {
file {
'/etc/sysconfig/tinc' :
source => ["puppet:///modules/site_tinc/CentOS/${::fqdn}/tinc.sysconfig",
"puppet:///modules/site_tinc/tinc.sysconfig",
"puppet:///modules/tinc/${::operatingsystem}/tinc.sysconfig"],
if $tinc::uses_systemd {
file{'/etc/systemd/system/tincd@.service':
source => 'puppet:///modules/tinc/CentOS/tinc.systemd',
require => Package['tinc'],
notify => Service['tinc'],
owner => root,
group => 0,
mode => 0644 ;
}
Service['tinc'] {
hasstatus => true,
hasrestart => true
owner => root,
group => 0,
mode => '0644';
}
# systemd manages per instance
Service['tinc'] {
ensure => undef,
enable => false,
}
} else {
file {
'/etc/sysconfig/tinc' :
source => [ "puppet:///modules/site_tinc/CentOS/${::fqdn}/tinc.sysconfig",
'puppet:///modules/site_tinc/tinc.sysconfig',
"puppet:///modules/tinc/${::operatingsystem}/tinc.sysconfig"],
require => Package['tinc'],
notify => Service['tinc'],
owner => root,
group => 0,
mode => '0644';
}
Service['tinc'] {
hasstatus => true,
hasrestart => true
}
}
}

7
manifests/debian.pp
View file

@ -1,7 +1,8 @@
# debian specific things
class tinc::debian inherits tinc::base {
Service['tinc'] {
hasstatus => false,
pattern => 'tincd',
hasrestart => true
hasstatus => false,
pattern => 'tincd',
hasrestart => true
}
}

6
manifests/init.pp
View file

@ -1,7 +1,13 @@
# configure base tinc
class tinc(
$manage_shorewall = false
) {
require bridge_utils
if $::operatingsystem == 'CentOS' and $::operatingsystemmajrelease > 6 {
$uses_systemd = true
} else {
$uses_systemd = false
}
case $::operatingsystem {
centos: { include tinc::centos }
debian: { include tinc::debian }

38
manifests/vpn_net.pp
View file

@ -21,10 +21,19 @@ define tinc::vpn_net(
# needed in template tinc.conf.erb
$fqdn_tinc = regsubst($::fqdn,'[._-]+','','G')
if $tinc::uses_systemd {
$service_name = "tincd@${name}"
service{$service_name:
ensure => running,
enable => true,
}
} else {
$service_name = 'tinc'
}
file{"/etc/tinc/${name}":
require => Package['tinc'],
notify => Service['tinc'],
notify => Service[$service_name],
owner => root,
group => 0,
mode => '0600';
@ -43,7 +52,7 @@ define tinc::vpn_net(
line => $name,
path => '/etc/tinc/nets.boot',
require => File['/etc/tinc/nets.boot'],
notify => Service['tinc'],
notify => Service[$service_name],
}
$real_hosts_path = $hosts_path ? {
@ -53,7 +62,6 @@ define tinc::vpn_net(
@@file { "/etc/tinc/${name}/hosts/${fqdn_tinc}":
ensure => $ensure,
notify => Service[tinc],
tag => "tinc_host_${name}",
owner => root,
group => 0,
@ -61,24 +69,24 @@ define tinc::vpn_net(
}
@@file_line{"${fqdn_tinc}_for_${name}":
ensure => $ensure,
path => $real_hosts_path,
line => $fqdn_tinc,
tag => 'tinc_hosts_file'
ensure => $ensure,
path => $real_hosts_path,
line => $fqdn_tinc,
tag => 'tinc_hosts_file'
}
if $ensure == 'present' {
File["/etc/tinc/${name}"]{
ensure => directory,
ensure => directory,
require => Package['tinc'],
}
file{"/etc/tinc/${name}/hosts":
ensure => directory,
recurse => true,
purge => true,
force => true,
require => Package['tinc'],
notify => Service['tinc'],
notify => Service[$service_name],
owner => root,
group => 0,
mode => '0600';
@ -90,7 +98,7 @@ define tinc::vpn_net(
file { "/etc/tinc/${name}/tinc.conf":
content => template('tinc/tinc.conf.erb'),
notify => Service[tinc],
notify => Service[$service_name],
owner => root,
group => 0,
mode => '0600';
@ -102,14 +110,14 @@ define tinc::vpn_net(
$tinc_keys = tinc_keygen($name,"${key_source_path}/${name}/${::fqdn}")
file{"/etc/tinc/${name}/rsa_key.priv":
content => $tinc_keys[0],
notify => Service[tinc],
notify => Service[$service_name],
owner => root,
group => 0,
mode => '0600';
}
file{"/etc/tinc/${name}/rsa_key.pub":
content => $tinc_keys[1],
notify => Service[tinc],
notify => Service[$service_name],
owner => root,
group => 0,
mode => '0600';
@ -149,14 +157,14 @@ define tinc::vpn_net(
file { "/etc/tinc/${name}/tinc-up":
content => template('tinc/tinc-up.erb'),
notify => Service['tinc'],
notify => Service[$service_name],
owner => root,
group => 0,
mode => '0700';
}
file { "/etc/tinc/${name}/tinc-down":
content => template('tinc/tinc-down.erb'),
notify => Service['tinc'],
notify => Service[$service_name],
owner => root,
group => 0,
mode => '0700';