147 lines
4.7 KiB
Diff
147 lines
4.7 KiB
Diff
From c02bf3a61dafb0dee6362c0bb63e782abe3090f2 Mon Sep 17 00:00:00 2001
|
|
From: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>
|
|
Date: Tue, 17 Oct 2023 14:18:54 -0300
|
|
Subject: [PATCH] Add classes to update config files
|
|
|
|
---
|
|
manifests/charon.pp | 12 ++++++++++++
|
|
manifests/charon_logging.pp | 12 ++++++++++++
|
|
manifests/init.pp | 37 ++-----------------------------------
|
|
manifests/swanctl.pp | 22 ++++++++++++++++++++++
|
|
4 files changed, 48 insertions(+), 35 deletions(-)
|
|
create mode 100644 manifests/charon.pp
|
|
create mode 100644 manifests/charon_logging.pp
|
|
create mode 100644 manifests/swanctl.pp
|
|
|
|
diff --git a/manifests/charon.pp b/manifests/charon.pp
|
|
new file mode 100644
|
|
index 0000000..d1f6dcc
|
|
--- /dev/null
|
|
+++ b/manifests/charon.pp
|
|
@@ -0,0 +1,12 @@
|
|
+# @param charon_options configure other attributes in charon.conf.
|
|
+class strongswan::charon (
|
|
+ Hash $charon_options = {},
|
|
+) {
|
|
+ file { '/etc/strongswan.d/charon.conf':
|
|
+ owner => 'root',
|
|
+ mode => '0600',
|
|
+ content => strongswan::hash_to_strongswan_config({
|
|
+ charon => $charon_options,
|
|
+ }),
|
|
+ }
|
|
+}
|
|
diff --git a/manifests/charon_logging.pp b/manifests/charon_logging.pp
|
|
new file mode 100644
|
|
index 0000000..b454f2b
|
|
--- /dev/null
|
|
+++ b/manifests/charon_logging.pp
|
|
@@ -0,0 +1,12 @@
|
|
+# @param charon_logging configure file charon-logging.conf.
|
|
+class strongswan::charon_logging (
|
|
+ Hash $charon_logging = {},
|
|
+) {
|
|
+ file { '/etc/strongswan.d/charon-logging.conf':
|
|
+ owner => 'root',
|
|
+ mode => '0600',
|
|
+ content => strongswan::hash_to_strongswan_config({
|
|
+ charon => $charon_logging,
|
|
+ }),
|
|
+ }
|
|
+}
|
|
diff --git a/manifests/init.pp b/manifests/init.pp
|
|
index 08002a3..27904e4 100644
|
|
--- a/manifests/init.pp
|
|
+++ b/manifests/init.pp
|
|
@@ -23,12 +23,6 @@
|
|
# @param sw_collector sw-collector block in strongswan.conf.
|
|
# @param starter starter block in strongswan.conf.
|
|
# @param swanctl swanctl block in strongswan.conf.
|
|
-# @param authorities authorities block in swanctl.conf.
|
|
-# @param connections connections block in swanctl.conf. Besides keys allowed in swanctl, these ones are added:
|
|
-# * base_interface: base interface for xfrm device.
|
|
-# * if_id: interface ID for xfrm device used for in and out. In swanctl.conf, this value is used for id_id_in and if_id_out.
|
|
-# @param secrets secrets block in swanctl.conf.
|
|
-# @param pools pools block in swanctl.conf.
|
|
# @param route_based Whether route based VPN is configured.
|
|
# @param xfrm_default_base_interface XRFM base interface used if none is specified in connection.
|
|
#
|
|
@@ -58,25 +52,9 @@ class strongswan (
|
|
Hash $connections = {},
|
|
Hash $secrets = {},
|
|
Hash $pools = {},
|
|
- Boolean $route_based = false,
|
|
String $xfrm_default_base_interface = 'lo',
|
|
+ String $strongswan_include = 'strongswan.d/*.conf',
|
|
) {
|
|
- ensure_packages(['strongswan-swanctl', 'charon-systemd'])
|
|
- service { ['ipsec,', 'strongswan-starter']:
|
|
- ensure => stopped,
|
|
- enable => false,
|
|
- }
|
|
- service { 'strongswan':
|
|
- ensure => running,
|
|
- enable => true,
|
|
- }
|
|
- if ($route_based) {
|
|
- $d = strongswan::extract_xfrm_devices_from_connections($connections, $xfrm_default_base_interface)
|
|
- $_connections = $d['connections']
|
|
- ensure_resources('strongswan::xfrm', $d['xfrm'])
|
|
- } else {
|
|
- $_connections = $connections
|
|
- }
|
|
file { '/etc/strongswan.conf':
|
|
owner => 'root',
|
|
mode => '0600',
|
|
@@ -100,18 +78,7 @@ class strongswan (
|
|
sw-collector => $sw_collector,
|
|
starter => $starter,
|
|
swanctl => $swanctl,
|
|
+ strongswan_include => $strongswan_include,
|
|
}),
|
|
- notify => Service['strongswan'],
|
|
- }
|
|
- file { '/etc/swanctl/swanctl.conf':
|
|
- owner => 'root',
|
|
- mode => '0600',
|
|
- content => strongswan::hash_to_strongswan_config({
|
|
- authorities => $authorities,
|
|
- connections => $_connections,
|
|
- secrets => $secrets,
|
|
- pools => $pools,
|
|
- }),
|
|
- notify => Service['strongswan'],
|
|
}
|
|
}
|
|
diff --git a/manifests/swanctl.pp b/manifests/swanctl.pp
|
|
new file mode 100644
|
|
index 0000000..f85e7e3
|
|
--- /dev/null
|
|
+++ b/manifests/swanctl.pp
|
|
@@ -0,0 +1,22 @@
|
|
+# @param authorities authorities block in swanctl.conf.
|
|
+# @param connections connections block in swanctl.conf.
|
|
+# @param secrets secrets block in swanctl.conf.
|
|
+# @param pools pools block in swanctl.conf.
|
|
+
|
|
+class strongswan::swanctl (
|
|
+ Hash $authorities = {},
|
|
+ Hash $connections = {},
|
|
+ Hash $secrets = {},
|
|
+ Hash $pools = {},
|
|
+) {
|
|
+ file { '/etc/swanctl/swanctl.conf':
|
|
+ owner => 'root',
|
|
+ mode => '0600',
|
|
+ content => strongswan::hash_to_strongswan_config({
|
|
+ authorities => $authorities,
|
|
+ connections => $connections,
|
|
+ secrets => $secrets,
|
|
+ pools => $pools,
|
|
+ }),
|
|
+ }
|
|
+}
|
|
--
|
|
2.25.1
|
|
|