3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
# File 'manifests/init.pp', line 3
class racoon (
$package_name,
$version,
$ipsec_tools_package_name,
$ipsec_tools_version,
$service_name,
$pre_shared_keys = {},
$encapsulate = {},
$iptunnels = {},
$remotes = {},
$associations = {},
) {
File {
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
}
package { 'racoon':
name => $package_name,
ensure => $package_version,
}
package { 'ipsec-tools':
name => $ipsec_tools_package_name,
ensure => $ipsec_tools_version,
}
file { '/etc/racoon/racoon.conf':
content => template('racoon/racoon.conf.erb'),
require => Package['racoon'],
}
file { '/etc/racoon/psk.txt':
mode => '0600',
content => template('racoon/psk.txt.erb'),
require => Package['racoon'],
}
file { '/etc/ipsec-tools.conf':
content => template('racoon/ipsec-tools/ipsec-tools.conf.erb'),
require => Package['ipsec-tools'],
}
file { '/etc/ipsec-tools.d':
ensure => directory,
mode => '0755',
recurse => true,
purge => true,
}
create_resources(racoon::encapsulate, $encapsulate)
create_resources(racoon::iptunnel, $iptunnels)
service { 'racoon':
name => $service_name,
ensure => running,
pattern => '/usr/sbin/racoon',
hasstatus => false,
hasrestart => true,
subscribe => File['/etc/racoon/racoon.conf', '/etc/racoon/psk.txt'],
}
exec { 'setkey restart':
command => '/usr/sbin/service setkey restart',
user => 'root',
refreshonly => true,
subscribe => [ File['/etc/ipsec-tools.conf'], Service['racoon'] ],
}
}
|