linting
This commit is contained in:
mh
parent
b1db2cacbe
commit
d053d7241d
1 changed files with 84 additions and 64 deletions
|
|
@ -1,62 +1,69 @@
|
||||||
|
# create a tinc vpn_net
|
||||||
define tinc::vpn_net(
|
define tinc::vpn_net(
|
||||||
$ensure = present,
|
$ensure = present,
|
||||||
$hosts_path = 'absent',
|
$hosts_path = 'absent',
|
||||||
$connect_on_boot = true,
|
$connect_on_boot = true,
|
||||||
$key_source_path = 'absent',
|
$key_source_path = 'absent',
|
||||||
$tinc_interface = 'eth0',
|
$tinc_interface = 'eth0',
|
||||||
$tinc_internal_interface = 'eth1',
|
$tinc_internal_interface = 'eth1',
|
||||||
$tinc_internal_ip = 'absent',
|
$tinc_internal_ip = 'absent',
|
||||||
$tinc_bridge_interface = 'absent',
|
$tinc_bridge_interface = 'absent',
|
||||||
$override_mtu = false,
|
$override_mtu = false,
|
||||||
$port = '655',
|
$port = '655',
|
||||||
$compression = '10',
|
$compression = '10',
|
||||||
$manage_shorewall = false,
|
$manage_shorewall = false,
|
||||||
$shorewall_zone = 'absent'
|
$shorewall_zone = 'absent'
|
||||||
){
|
){
|
||||||
class{'tinc':
|
class{'tinc':
|
||||||
manage_shorewall => $manage_shorewall
|
manage_shorewall => $manage_shorewall
|
||||||
}
|
}
|
||||||
|
|
||||||
# needed in template tinc.conf.erb
|
# needed in template tinc.conf.erb
|
||||||
$fqdn_tinc = regsubst("${::fqdn}",'[._-]+','','G')
|
$fqdn_tinc = regsubst($::fqdn,'[._-]+','','G')
|
||||||
|
|
||||||
file{"/etc/tinc/${name}":
|
file{"/etc/tinc/${name}":
|
||||||
require => Package['tinc'],
|
require => Package['tinc'],
|
||||||
notify => Service['tinc'],
|
notify => Service['tinc'],
|
||||||
owner => root, group => 0, mode => 0600;
|
owner => root,
|
||||||
|
group => 0,
|
||||||
|
mode => '0600';
|
||||||
|
}
|
||||||
|
|
||||||
|
$line_ensure = $ensure ? {
|
||||||
|
'present' => $connect_on_boot ? {
|
||||||
|
true => 'present',
|
||||||
|
default => 'absent'
|
||||||
|
},
|
||||||
|
default => 'absent'
|
||||||
}
|
}
|
||||||
|
|
||||||
file_line{"tinc_boot_net_${name}":
|
file_line{"tinc_boot_net_${name}":
|
||||||
ensure => $ensure ? {
|
ensure => $line_ensure,
|
||||||
'present' => $connect_on_boot ? {
|
line => $name,
|
||||||
true => 'present',
|
path => '/etc/tinc/nets.boot',
|
||||||
default => 'absent'
|
|
||||||
},
|
|
||||||
default => 'absent'
|
|
||||||
},
|
|
||||||
line => $name,
|
|
||||||
path => '/etc/tinc/nets.boot',
|
|
||||||
require => File['/etc/tinc/nets.boot'],
|
require => File['/etc/tinc/nets.boot'],
|
||||||
notify => Service['tinc'],
|
notify => Service['tinc'],
|
||||||
}
|
}
|
||||||
|
|
||||||
$real_hosts_path = $hosts_path ? {
|
$real_hosts_path = $hosts_path ? {
|
||||||
'absent' => "/etc/tinc/${name}/hosts.list",
|
'absent' => "/etc/tinc/${name}/hosts.list",
|
||||||
default => $hosts_path
|
default => $hosts_path
|
||||||
}
|
}
|
||||||
|
|
||||||
@@file { "/etc/tinc/${name}/hosts/${fqdn_tinc}":
|
@@file { "/etc/tinc/${name}/hosts/${fqdn_tinc}":
|
||||||
ensure => $ensure,
|
ensure => $ensure,
|
||||||
notify => Service[tinc],
|
notify => Service[tinc],
|
||||||
tag => "tinc_host_${name}",
|
tag => "tinc_host_${name}",
|
||||||
owner => root, group => 0, mode => 0600;
|
owner => root,
|
||||||
|
group => 0,
|
||||||
|
mode => '0600';
|
||||||
}
|
}
|
||||||
|
|
||||||
@@file_line{"${fqdn_tinc}_for_${name}":
|
@@file_line{"${fqdn_tinc}_for_${name}":
|
||||||
ensure => $ensure,
|
ensure => $ensure,
|
||||||
path => $real_hosts_path,
|
path => $real_hosts_path,
|
||||||
line => $fqdn_tinc,
|
line => $fqdn_tinc,
|
||||||
tag => 'tinc_hosts_file'
|
tag => 'tinc_hosts_file'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -65,13 +72,15 @@ define tinc::vpn_net(
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
}
|
}
|
||||||
file{"/etc/tinc/${name}/hosts":
|
file{"/etc/tinc/${name}/hosts":
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
recurse => true,
|
recurse => true,
|
||||||
purge => true,
|
purge => true,
|
||||||
force => true,
|
force => true,
|
||||||
require => Package['tinc'],
|
require => Package['tinc'],
|
||||||
notify => Service['tinc'],
|
notify => Service['tinc'],
|
||||||
owner => root, group => 0, mode => 0600;
|
owner => root,
|
||||||
|
group => 0,
|
||||||
|
mode => '0600';
|
||||||
}
|
}
|
||||||
|
|
||||||
$tinc_hosts_list = tfile($real_hosts_path)
|
$tinc_hosts_list = tfile($real_hosts_path)
|
||||||
|
|
@ -80,37 +89,43 @@ define tinc::vpn_net(
|
||||||
|
|
||||||
file { "/etc/tinc/${name}/tinc.conf":
|
file { "/etc/tinc/${name}/tinc.conf":
|
||||||
content => template('tinc/tinc.conf.erb'),
|
content => template('tinc/tinc.conf.erb'),
|
||||||
notify => Service[tinc],
|
notify => Service[tinc],
|
||||||
owner => root, group => 0, mode => 0600;
|
owner => root,
|
||||||
|
group => 0,
|
||||||
|
mode => '0600';
|
||||||
}
|
}
|
||||||
|
|
||||||
if $key_source_path == 'absent' {
|
if $key_source_path == 'absent' {
|
||||||
fail("You need to set \$key_source_prefix for $name to generate keys on the master!")
|
fail("You need to set \$key_source_prefix for ${name} to generate keys on the master!")
|
||||||
}
|
}
|
||||||
$tinc_keys = tinc_keygen($name,"${key_source_path}/${name}/${::fqdn}")
|
$tinc_keys = tinc_keygen($name,"${key_source_path}/${name}/${::fqdn}")
|
||||||
file{"/etc/tinc/${name}/rsa_key.priv":
|
file{"/etc/tinc/${name}/rsa_key.priv":
|
||||||
content => $tinc_keys[0],
|
content => $tinc_keys[0],
|
||||||
notify => Service[tinc],
|
notify => Service[tinc],
|
||||||
owner => root, group => 0, mode => 0600;
|
owner => root,
|
||||||
|
group => 0,
|
||||||
|
mode => '0600';
|
||||||
}
|
}
|
||||||
file{"/etc/tinc/${name}/rsa_key.pub":
|
file{"/etc/tinc/${name}/rsa_key.pub":
|
||||||
content => $tinc_keys[1],
|
content => $tinc_keys[1],
|
||||||
notify => Service[tinc],
|
notify => Service[tinc],
|
||||||
owner => root, group => 0, mode => 0600;
|
owner => root,
|
||||||
|
group => 0,
|
||||||
|
mode => '0600';
|
||||||
}
|
}
|
||||||
|
|
||||||
$real_tinc_bridge_interface = $tinc_bridge_interface ? {
|
$real_tinc_bridge_interface = $tinc_bridge_interface ? {
|
||||||
'absent' => "br${name}",
|
'absent' => "br${name}",
|
||||||
default => $tinc_bridge_interface
|
default => $tinc_bridge_interface
|
||||||
}
|
}
|
||||||
|
|
||||||
if $tinc_internal_ip == 'absent' {
|
if $tinc_internal_ip == 'absent' {
|
||||||
$tinc_br_ifaddr = "::ipaddress_${real_tinc_bridge_interface}"
|
$tinc_br_ifaddr = "::ipaddress_${real_tinc_bridge_interface}"
|
||||||
$tinc_br_ip = inline_template("<%= scope.lookupvar(tinc_br_ifaddr) %>")
|
$tinc_br_ip = inline_template('<%= scope.lookupvar(@tinc_br_ifaddr) %>')
|
||||||
case $tinc_br_ip {
|
case $tinc_br_ip {
|
||||||
'',undef: {
|
'',undef: {
|
||||||
$tinc_orig_ifaddr = "::ipaddress_${tinc_internal_interface}"
|
$tinc_orig_ifaddr = "::ipaddress_${tinc_internal_interface}"
|
||||||
$real_tinc_internal_ip = inline_template("<%= scope.lookupvar(tinc_orig_ifaddr) %>")
|
$real_tinc_internal_ip = inline_template('<%= scope.lookupvar(@tinc_orig_ifaddr) %>')
|
||||||
}
|
}
|
||||||
default: { $real_tinc_internal_ip = $tinc_br_ip }
|
default: { $real_tinc_internal_ip = $tinc_br_ip }
|
||||||
}
|
}
|
||||||
|
|
@ -120,13 +135,17 @@ define tinc::vpn_net(
|
||||||
|
|
||||||
file { "/etc/tinc/${name}/tinc-up":
|
file { "/etc/tinc/${name}/tinc-up":
|
||||||
content => template('tinc/tinc-up.erb'),
|
content => template('tinc/tinc-up.erb'),
|
||||||
notify => Service['tinc'],
|
notify => Service['tinc'],
|
||||||
owner => root, group => 0, mode => 0700;
|
owner => root,
|
||||||
|
group => 0,
|
||||||
|
mode => '0700';
|
||||||
}
|
}
|
||||||
file { "/etc/tinc/${name}/tinc-down":
|
file { "/etc/tinc/${name}/tinc-down":
|
||||||
content => template('tinc/tinc-down.erb'),
|
content => template('tinc/tinc-down.erb'),
|
||||||
notify => Service['tinc'],
|
notify => Service['tinc'],
|
||||||
owner => root, group => 0, mode => 0700;
|
owner => root,
|
||||||
|
group => 0,
|
||||||
|
mode => '0700';
|
||||||
}
|
}
|
||||||
File["/etc/tinc/${name}/hosts/${fqdn_tinc}"]{
|
File["/etc/tinc/${name}/hosts/${fqdn_tinc}"]{
|
||||||
content => template('tinc/host.erb'),
|
content => template('tinc/host.erb'),
|
||||||
|
|
@ -135,22 +154,23 @@ define tinc::vpn_net(
|
||||||
|
|
||||||
|
|
||||||
if $manage_shorewall {
|
if $manage_shorewall {
|
||||||
|
$zone = $shorewall_zone ? {
|
||||||
|
'absent' => 'loc',
|
||||||
|
default => $shorewall_zone
|
||||||
|
}
|
||||||
shorewall::interface { $real_tinc_bridge_interface:
|
shorewall::interface { $real_tinc_bridge_interface:
|
||||||
zone => $shorewall_zone ? {
|
zone => $zone,
|
||||||
'absent' => 'loc',
|
|
||||||
default => $shorewall_zone
|
|
||||||
},
|
|
||||||
rfc1918 => true,
|
rfc1918 => true,
|
||||||
options => 'routeback,logmartians';
|
options => 'routeback,logmartians';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
File["/etc/tinc/${name}"]{
|
File["/etc/tinc/${name}"]{
|
||||||
ensure => absent,
|
ensure => absent,
|
||||||
recurse => true,
|
recurse => true,
|
||||||
purge => true,
|
purge => true,
|
||||||
force => true
|
force => true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue