update tinc module to new stuff
* proper scoped var lookup * use file_line instead of line * use hiera instead of global $use_shorewall * cleanup template
This commit is contained in:
mh
parent
6eabf6a7f8
commit
f55cfe6187
6 changed files with 46 additions and 51 deletions
|
|
@ -1,22 +1,22 @@
|
|||
class tinc::base {
|
||||
|
||||
package{'tinc':
|
||||
ensure => installed,
|
||||
}
|
||||
|
||||
service{tinc:
|
||||
ensure => running,
|
||||
enable => true,
|
||||
hasstatus => true,
|
||||
require => Package[tinc],
|
||||
}
|
||||
|
||||
file{"/etc/tinc/nets.boot":
|
||||
ensure => present,
|
||||
require => Package['tinc'],
|
||||
before => Service['tinc'],
|
||||
owner => root, group => 0, mode => 0600;
|
||||
package {
|
||||
'tinc' :
|
||||
ensure => installed,
|
||||
}
|
||||
service {
|
||||
tinc :
|
||||
ensure => running,
|
||||
enable => true,
|
||||
hasstatus => true,
|
||||
require => Package[tinc],
|
||||
}
|
||||
file {
|
||||
"/etc/tinc/nets.boot" :
|
||||
ensure => present,
|
||||
require => Package['tinc'],
|
||||
before => Service['tinc'],
|
||||
owner => root,
|
||||
group => 0,
|
||||
mode => 0600 ;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,15 +1,16 @@
|
|||
class tinc::centos inherits tinc::base {
|
||||
|
||||
file{'/etc/sysconfig/tinc':
|
||||
source => [ "puppet:///modules/site-tinc/CentOS/${fqdn}/tinc.sysconfig",
|
||||
"puppet:///modules/site-tinc/tinc.sysconfig",
|
||||
"puppet:///modules/tinc/${operatingsystem}/tinc.sysconfig" ],
|
||||
require => Package['tinc'],
|
||||
notify => Service['tinc'],
|
||||
owner => root, group => 0, mode => 0644;
|
||||
file {
|
||||
'/etc/sysconfig/tinc' :
|
||||
source => ["puppet:///modules/site-tinc/CentOS/${::fqdn}/tinc.sysconfig",
|
||||
"puppet:///modules/site-tinc/tinc.sysconfig",
|
||||
"puppet:///modules/tinc/${::operatingsystem}/tinc.sysconfig"],
|
||||
require => Package['tinc'],
|
||||
notify => Service['tinc'],
|
||||
owner => root,
|
||||
group => 0,
|
||||
mode => 0644 ;
|
||||
}
|
||||
|
||||
Service['tinc']{
|
||||
Service['tinc'] {
|
||||
hasstatus => true,
|
||||
hasrestart => true
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,14 +1,10 @@
|
|||
# manifests/init.pp - module to manage tinc-vpn
|
||||
|
||||
class tinc {
|
||||
include bridge-utils
|
||||
|
||||
case $operatingsystem {
|
||||
centos: { include tinc::centos }
|
||||
default: { include tinc::base }
|
||||
require bridge-utils
|
||||
case $::operatingsystem {
|
||||
centos : { include tinc::centos }
|
||||
default : { include tinc::base }
|
||||
}
|
||||
|
||||
if $use_shorewall {
|
||||
if hiera('use_shorewall', false) {
|
||||
include shorewall::rules::tinc
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@ class tinc::puppetmaster($tinc_storage_path){
|
|||
owner => root, group => puppet, mode => '0660';
|
||||
}
|
||||
|
||||
Line<<| tag == 'tinc_hosts_file' |>>
|
||||
File_line<<| tag == 'tinc_hosts_file' |>>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ define tinc::vpn_net(
|
|||
include ::tinc
|
||||
|
||||
# needed in template tinc.conf.erb
|
||||
$fqdn_tinc = regsubst("${fqdn}",'[._-]+','','G')
|
||||
$fqdn_tinc = regsubst("${::fqdn}",'[._-]+','','G')
|
||||
|
||||
file{"/etc/tinc/${name}":
|
||||
require => Package['tinc'],
|
||||
|
|
@ -22,7 +22,7 @@ define tinc::vpn_net(
|
|||
owner => root, group => 0, mode => 0600;
|
||||
}
|
||||
|
||||
line{"tinc_boot_net_${name}":
|
||||
file_line{"tinc_boot_net_${name}":
|
||||
ensure => $ensure ? {
|
||||
'present' => $connect_on_boot ? {
|
||||
true => 'present',
|
||||
|
|
@ -31,7 +31,7 @@ define tinc::vpn_net(
|
|||
default => 'absent'
|
||||
},
|
||||
line => $name,
|
||||
file => '/etc/tinc/nets.boot',
|
||||
path => '/etc/tinc/nets.boot',
|
||||
require => File['/etc/tinc/nets.boot'],
|
||||
notify => Service['tinc'],
|
||||
}
|
||||
|
|
@ -48,9 +48,9 @@ define tinc::vpn_net(
|
|||
owner => root, group => 0, mode => 0600;
|
||||
}
|
||||
|
||||
@@line{"${fqdn_tinc}_for_${name}":
|
||||
@@file_line{"${fqdn_tinc}_for_${name}":
|
||||
ensure => $ensure,
|
||||
file => $real_hosts_path,
|
||||
path => $real_hosts_path,
|
||||
line => $fqdn_tinc,
|
||||
tag => 'tinc_hosts_file'
|
||||
}
|
||||
|
|
@ -101,11 +101,11 @@ define tinc::vpn_net(
|
|||
}
|
||||
|
||||
if $tinc_internal_ip == 'absent' {
|
||||
$tinc_br_ifaddr = "ipaddress_${real_tinc_bridge_interface}"
|
||||
$tinc_br_ifaddr = "::ipaddress_${real_tinc_bridge_interface}"
|
||||
$tinc_br_ip = inline_template("<%= scope.lookupvar(tinc_br_ifaddr) %>")
|
||||
case $tinc_br_ip {
|
||||
'',undef: {
|
||||
$tinc_orig_ifaddr = "ipaddress_${tinc_internal_interface}"
|
||||
$tinc_orig_ifaddr = "::ipaddress_${tinc_internal_interface}"
|
||||
$real_tinc_internal_ip = inline_template("<%= scope.lookupvar(tinc_orig_ifaddr) %>")
|
||||
}
|
||||
default: { $real_tinc_internal_ip = $tinc_br_ip }
|
||||
|
|
@ -132,7 +132,7 @@ define tinc::vpn_net(
|
|||
File<<| tag == "tinc_host_${name}" |>>
|
||||
|
||||
|
||||
if $use_shorewall {
|
||||
if hiera('use_shorewall',false) {
|
||||
$real_shorewall_zone = $shorewall_zone ? {
|
||||
'absent' => 'loc',
|
||||
default => $shorewall_zone
|
||||
|
|
|
|||
|
|
@ -7,8 +7,6 @@ Mode = switch
|
|||
|
||||
BindToInterface = <%= tinc_interface.to_s %>
|
||||
|
||||
<% tinc_hosts.to_a.each do |connect_to_host| -%>
|
||||
<%- unless connect_to_host.to_s == scope.lookupvar('fqdn') %>
|
||||
<% tinc_hosts.to_a.reject{|h| h.to_s == scope.lookupvar('::fqdn') }.each do |connect_to_host| -%>
|
||||
ConnectTo = <%= connect_to_host %>
|
||||
<%- end %>
|
||||
<% end -%>
|
||||
<% end -%>
|
||||
Loading…
Reference in a new issue