opuppet/module-tinc
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: opuppet:puppet_masterless
Branches Tags
opuppet:master
opuppet:ortiche
opuppet:puppet_masterless
..
compare: opuppet:master
Branches Tags
opuppet:master
opuppet:ortiche
opuppet:puppet_masterless

3 commits
puppet_mas ... master

Author SHA1 Message Date
mh
4e80b272f6 make it possible to pass a hash of options for further configuration 2016-03-04 11:27:38 +01:00
mh
849c4dba1f make it possible to also overwrite the address that is exported 2016-02-25 16:23:02 +01:00
mh
f42cfb8453 make it possible to export a different port e.g. for nodes behind NAT 2016-02-25 15:27:28 +01:00
5 changed files with 43 additions and 92 deletions
Show stats Expand all files Collapse all files

2
manifests/connect_to.pp
View file

@ -5,7 +5,7 @@ define tinc::connect_to(
$to, $to,
$to_fqdn, $to_fqdn,
$target, $target,
){ ){
if $::fqdn != $to_fqdn { if $::fqdn != $to_fqdn {
concat::fragment{ concat::fragment{
$name: $name:

31
manifests/hostfile.pp
View file

@ -1,31 +0,0 @@
# a hostfile for a certain network
# title must be:
# hostname@network
#
define tinc::hostfile(
$source_dir = undef,
$net = undef,
$ensure = present,
) {
# if absent the net should
# clean it up by itself
if $ensure == 'present' {
include tinc
if $tinc::uses_systemd {
$service_name = "tincd@${net}"
} else {
$service_name = 'tinc'
}
if $net and $source_dir {
file{"/etc/tinc/${net}/hosts/${name}":
source => "${source_dir}/${name}",
# to be sure that we manage that net
require => File["/etc/tinc/${net}/hosts"],
notify => Service[$service_name],
owner => root,
group => 0,
mode => '0600';
}
}
}
}

69
manifests/instance.pp
View file

@ -4,12 +4,12 @@ define tinc::instance(
$connect_on_boot = true, $connect_on_boot = true,
$tinc_interface = 'eth0', $tinc_interface = 'eth0',
$tinc_address = undef, $tinc_address = undef,
$tinc_address_to_export = undef,
$port = '655', $port = '655',
$port_to_export = '655',
$compression = '10', $compression = '10',
$mode = 'switch', $mode = 'switch',
$tinc_connect_to = undef, $options = {},
$tinc_accept_from = undef,
$tinc_hostfiles_dir = 'absent',
$tinc_up_content = undef, $tinc_up_content = undef,
$tinc_down_content = undef, $tinc_down_content = undef,
){ ){
@ -97,6 +97,11 @@ define tinc::instance(
$int_name_escaped = regsubst($tinc_interface,'\.','_','G') $int_name_escaped = regsubst($tinc_interface,'\.','_','G')
$host_address = getvar("::ipaddress_${int_name_escaped}") $host_address = getvar("::ipaddress_${int_name_escaped}")
} }
if $tinc_address_to_export {
$export_addr = $tinc_address_to_export
} else {
$export_addr = $host_address
}
# get the keys # get the keys
# [ priv, pub ] # [ priv, pub ]
@ -115,54 +120,30 @@ define tinc::instance(
group => 0, group => 0,
mode => '0600'; mode => '0600';
} }
# export this host and collect all the other hosts
# if (! $tinc_connect_to) and (!$tinc_accept_from) { @@tinc::host{"${fqdn_tinc}@${name}":
if $::settings::storeconfigs { port => $port_to_export,
notify {"debug_storeconfigs": message => "If storeconfigs is true, then I should change something"} compression => $compression,
# export this host and collect all the other hosts address => $export_addr,
# @@tinc::host{"${fqdn_tinc}@${name}": public_key => $tinc_keys[1],
# port => $port, tag => "tinc::host_for_${name}",
# compression => $compression,
# address => $host_address,
# public_key => $tinc_keys[1],
# tag => "tinc::host_for_${name}",
# }
# Tinc::Host<<| tag == "tinc::host_for_${name}" |>>
# @@tinc::connect_to{"${name}_connect_to_${fqdn_tinc}":
# to => $fqdn_tinc,
# to_fqdn => $::fqdn,
# target => $tinc_config,
# tag => "tinc_${name}_auto",
# Tinc::Connect_to<<| tag == "tinc_${name}_auto" |>>
}
else {
tinc::host{"${fqdn_tinc}@${name}":
port => $port,
compression => $compression,
address => $host_address,
public_key => $tinc_keys[1],
}
$tinc_hosts = union($tinc_accept_from, $tinc_connect_to)
tinc::hostfile {$tinc_hosts:
source_dir => $tinc_hostfiles_dir,
net => $name
}
$connect_params = $tinc_connect_to.reduce({}) |$memo, $entry|
{merge($memo, {"${fqdn_tinc}_connect_to_${entry}" => {to => $entry, to_fqdn => "", target => $tinc_config}})}
create_resources(tinc::connect_to, $connect_params)
} }
Tinc::Host<<| tag == "tinc::host_for_${name}" |>>
concat::fragment{"tinc_conf_header_${name}": concat::fragment{"tinc_conf_header_${name}":
target => $tinc_config, target => $tinc_config,
content => template('tinc/tinc.conf-header.erb'), content => template('tinc/tinc.conf-header.erb'),
order => '100', order => '100',
} }
@@tinc::connect_to{"${name}_connect_to_${fqdn_tinc}":
to => $fqdn_tinc,
to_fqdn => $::fqdn,
target => $tinc_config,
tag => "tinc_${name}_auto",
}
Tinc::Connect_to<<| tag == "tinc_${name}_auto" |>>
file { "/etc/tinc/${name}/tinc-up": file { "/etc/tinc/${name}/tinc-up":
content => $tinc_up_content, content => $tinc_up_content,
notify => Service[$service_name], notify => Service[$service_name],

28
manifests/switch.pp
View file

@ -5,33 +5,33 @@ define tinc::switch(
$tinc_interface = 'eth0', $tinc_interface = 'eth0',
$tinc_address = undef, $tinc_address = undef,
$port = '655', $port = '655',
$tinc_address_to_export = undef,
$port_to_export = '655',
$tinc_internal_interface = 'eth1', $tinc_internal_interface = 'eth1',
$tinc_internal_ip = 'absent', $tinc_internal_ip = 'absent',
$tinc_internal_netmask = 'absent', $tinc_internal_netmask = 'absent',
$tinc_bridge_interface = 'absent', $tinc_bridge_interface = 'absent',
$tinc_connect_to = undef,
$tinc_accept_from = undef,
$tinc_hostfiles_dir = 'absent',
$compression = '10', $compression = '10',
$options = {},
$shorewall_zone = 'absent' $shorewall_zone = 'absent'
){ ){
tinc::instance{$name: tinc::instance{$name:
ensure => $ensure, ensure => $ensure,
connect_on_boot => $connect_on_boot, connect_on_boot => $connect_on_boot,
tinc_interface => $tinc_interface, tinc_interface => $tinc_interface,
tinc_address => $tinc_address, tinc_address => $tinc_address,
port => $port, tinc_address_to_export => $tinc_address_to_export,
compression => $compression, port => $port,
mode => 'switch', port_to_export => $port_to_export,
tinc_connect_to => $tinc_connect_to, compression => $compression,
tinc_accept_from => $tinc_accept_from, mode => 'switch',
tinc_hostfiles_dir => $tinc_hostfiles_dir, options => $options,
} }
if $ensure == 'present' { if $ensure == 'present' {
include ::tinc include ::tinc
# require bridge_utils require bridge_utils
$real_tinc_bridge_interface = $tinc_bridge_interface ? { $real_tinc_bridge_interface = $tinc_bridge_interface ? {
'absent' => "br${name}", 'absent' => "br${name}",
default => $tinc_bridge_interface default => $tinc_bridge_interface

5
templates/tinc.conf-header.erb
View file

@ -1,9 +1,10 @@
Name = <%= @fqdn_tinc %> Name = <%= @fqdn_tinc %>
AddressFamily = ipv4 AddressFamily = ipv4
Device = /dev/net/tun Device = /dev/net/tun
#PMTU = 1440
Mode = <%= @mode %> Mode = <%= @mode %>
BindToAddress = <%= @host_address %> <%= @port %> BindToAddress = <%= @host_address %> <%= @port %>
BindToInterface = <%= @tinc_interface.to_s %> BindToInterface = <%= @tinc_interface.to_s %>
<% @options.keys.sort.each do |key| -%>
<%= key %> = <%= @options[key] %>
<% end -%>