opuppet/module-tinc
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

update tinc module to new stuff

Browse source 
* proper scoped var lookup
* use file_line instead of line
* use hiera instead of global $use_shorewall
* cleanup template
This commit is contained in:
mh 2012-02-09 16:13:23 +01:00
parent 6eabf6a7f8
commit f55cfe6187
6 changed files with 46 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
manifests/base.pp
View file

@ -1,22 +1,22 @@
class tinc::base { class tinc::base {
package {
package{'tinc': 'tinc' :
ensure => installed, ensure => installed,
} }
service {
service{tinc: tinc :
ensure => running, ensure => running,
enable => true, enable => true,
hasstatus => true, hasstatus => true,
require => Package[tinc], require => Package[tinc],
} }
file {
file{"/etc/tinc/nets.boot": "/etc/tinc/nets.boot" :
ensure => present, ensure => present,
require => Package['tinc'], require => Package['tinc'],
before => Service['tinc'], before => Service['tinc'],
owner => root, group => 0, mode => 0600; owner => root,
group => 0,
mode => 0600 ;
} }
} }

21
manifests/centos.pp
View file

@ -1,15 +1,16 @@
class tinc::centos inherits tinc::base { class tinc::centos inherits tinc::base {
file {
file{'/etc/sysconfig/tinc': '/etc/sysconfig/tinc' :
source => [ "puppet:///modules/site-tinc/CentOS/${fqdn}/tinc.sysconfig", source => ["puppet:///modules/site-tinc/CentOS/${::fqdn}/tinc.sysconfig",
"puppet:///modules/site-tinc/tinc.sysconfig", "puppet:///modules/site-tinc/tinc.sysconfig",
"puppet:///modules/tinc/${operatingsystem}/tinc.sysconfig" ], "puppet:///modules/tinc/${::operatingsystem}/tinc.sysconfig"],
require => Package['tinc'], require => Package['tinc'],
notify => Service['tinc'], notify => Service['tinc'],
owner => root, group => 0, mode => 0644; owner => root,
group => 0,
mode => 0644 ;
} }
Service['tinc'] {
Service['tinc']{
hasstatus => true, hasstatus => true,
hasrestart => true hasrestart => true
} }

14
manifests/init.pp
View file

@ -1,14 +1,10 @@
# manifests/init.pp - module to manage tinc-vpn
class tinc { class tinc {
include bridge-utils require bridge-utils
case $::operatingsystem {
case $operatingsystem { centos : { include tinc::centos }
centos: { include tinc::centos } default : { include tinc::base }
default: { include tinc::base }
} }
if hiera('use_shorewall', false) {
if $use_shorewall {
include shorewall::rules::tinc include shorewall::rules::tinc
} }
} }

2
manifests/puppetmaster.pp
View file

@ -4,5 +4,5 @@ class tinc::puppetmaster($tinc_storage_path){
owner => root, group => puppet, mode => '0660'; owner => root, group => puppet, mode => '0660';
} }
Line<<| tag == 'tinc_hosts_file' |>> File_line<<| tag == 'tinc_hosts_file' |>>
} }

16
manifests/vpn_net.pp
View file

@ -14,7 +14,7 @@ define tinc::vpn_net(
include ::tinc include ::tinc
# needed in template tinc.conf.erb # needed in template tinc.conf.erb
$fqdn_tinc = regsubst("${fqdn}",'[._-]+','','G') $fqdn_tinc = regsubst("${::fqdn}",'[._-]+','','G')
file{"/etc/tinc/${name}": file{"/etc/tinc/${name}":
require => Package['tinc'], require => Package['tinc'],
@ -22,7 +22,7 @@ define tinc::vpn_net(
owner => root, group => 0, mode => 0600; owner => root, group => 0, mode => 0600;
} }
line{"tinc_boot_net_${name}": file_line{"tinc_boot_net_${name}":
ensure => $ensure ? { ensure => $ensure ? {
'present' => $connect_on_boot ? { 'present' => $connect_on_boot ? {
true => 'present', true => 'present',
@ -31,7 +31,7 @@ define tinc::vpn_net(
default => 'absent' default => 'absent'
}, },
line => $name, line => $name,
file => '/etc/tinc/nets.boot', path => '/etc/tinc/nets.boot',
require => File['/etc/tinc/nets.boot'], require => File['/etc/tinc/nets.boot'],
notify => Service['tinc'], notify => Service['tinc'],
} }
@ -48,9 +48,9 @@ define tinc::vpn_net(
owner => root, group => 0, mode => 0600; owner => root, group => 0, mode => 0600;
} }
@@line{"${fqdn_tinc}_for_${name}": @@file_line{"${fqdn_tinc}_for_${name}":
ensure => $ensure, ensure => $ensure,
file => $real_hosts_path, path => $real_hosts_path,
line => $fqdn_tinc, line => $fqdn_tinc,
tag => 'tinc_hosts_file' tag => 'tinc_hosts_file'
} }
@ -101,11 +101,11 @@ define tinc::vpn_net(
} }
if $tinc_internal_ip == 'absent' { if $tinc_internal_ip == 'absent' {
$tinc_br_ifaddr = "ipaddress_${real_tinc_bridge_interface}" $tinc_br_ifaddr = "::ipaddress_${real_tinc_bridge_interface}"
$tinc_br_ip = inline_template("<%= scope.lookupvar(tinc_br_ifaddr) %>") $tinc_br_ip = inline_template("<%= scope.lookupvar(tinc_br_ifaddr) %>")
case $tinc_br_ip { case $tinc_br_ip {
'',undef: { '',undef: {
$tinc_orig_ifaddr = "ipaddress_${tinc_internal_interface}" $tinc_orig_ifaddr = "::ipaddress_${tinc_internal_interface}"
$real_tinc_internal_ip = inline_template("<%= scope.lookupvar(tinc_orig_ifaddr) %>") $real_tinc_internal_ip = inline_template("<%= scope.lookupvar(tinc_orig_ifaddr) %>")
} }
default: { $real_tinc_internal_ip = $tinc_br_ip } default: { $real_tinc_internal_ip = $tinc_br_ip }
@ -132,7 +132,7 @@ define tinc::vpn_net(
File<<| tag == "tinc_host_${name}" |>> File<<| tag == "tinc_host_${name}" |>>
if $use_shorewall { if hiera('use_shorewall',false) {
$real_shorewall_zone = $shorewall_zone ? { $real_shorewall_zone = $shorewall_zone ? {
'absent' => 'loc', 'absent' => 'loc',
default => $shorewall_zone default => $shorewall_zone

4
templates/tinc.conf.erb
View file

@ -7,8 +7,6 @@ Mode = switch
BindToInterface = <%= tinc_interface.to_s %> BindToInterface = <%= tinc_interface.to_s %>
<% tinc_hosts.to_a.each do |connect_to_host| -%> <% tinc_hosts.to_a.reject{|h| h.to_s == scope.lookupvar('::fqdn') }.each do |connect_to_host| -%>
<%- unless connect_to_host.to_s == scope.lookupvar('fqdn') %>
ConnectTo = <%= connect_to_host %> ConnectTo = <%= connect_to_host %>
<%- end %>
<% end -%> <% end -%>