Merge "Add manifests to install and configure stunnel"
This commit is contained in:
commit
044d9a0362
19
files/stunnel.service
Normal file
19
files/stunnel.service
Normal file
@ -0,0 +1,19 @@
|
||||
[Unit]
|
||||
Description=SSL tunnel for network daemons
|
||||
After=network.target
|
||||
After=syslog.target
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=stunnel.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
|
||||
ExecStop=/usr/bin/killall -9 stunnel
|
||||
|
||||
# Give up if ping don't get an answer
|
||||
TimeoutSec=600
|
||||
|
||||
Restart=always
|
||||
PrivateTmp=false
|
60
manifests/stunnel.pp
Normal file
60
manifests/stunnel.pp
Normal file
@ -0,0 +1,60 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Class: tripleo::stunnel
|
||||
#
|
||||
# Installs and starts stunnel
|
||||
#
|
||||
# [*manage_service*]
|
||||
# (Optional) Whether we'll be managing the stunnel service or not.
|
||||
# Defaults to true
|
||||
#
|
||||
# [*service_ensure*]
|
||||
# (Optional) Ensure the service be running or stopped
|
||||
# Defaults to 'running'
|
||||
#
|
||||
# [*foreground*]
|
||||
# (Optional) Sets the configuration for stunnel to run the process in
|
||||
# the foreground. This is useful when trying to run stunnel in a
|
||||
# container.
|
||||
# Defaults to 'no'
|
||||
#
|
||||
class tripleo::stunnel (
|
||||
$manage_service = true,
|
||||
$service_ensure = 'running',
|
||||
$foreground = 'no',
|
||||
){
|
||||
package { 'stunnel':
|
||||
ensure => 'present'
|
||||
}
|
||||
|
||||
concat { '/etc/stunnel/stunnel.conf':
|
||||
ensure => present,
|
||||
}
|
||||
concat::fragment { 'stunnel-foreground':
|
||||
target => '/etc/stunnel/stunnel.conf',
|
||||
order => '10-foreground-config',
|
||||
content => template('tripleo/stunnel/foreground.erb'),
|
||||
}
|
||||
if $manage_service {
|
||||
Concat['/etc/stunnel/stunnel.conf'] ~> Service['stunnel']
|
||||
|
||||
include ::tripleo::stunnel::systemd_unit
|
||||
|
||||
service { 'stunnel':
|
||||
ensure => $service_ensure
|
||||
}
|
||||
}
|
||||
}
|
61
manifests/stunnel/service_proxy.pp
Normal file
61
manifests/stunnel/service_proxy.pp
Normal file
@ -0,0 +1,61 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Class: tripleo::stunnel::service_proxy
|
||||
#
|
||||
# Configures a TLS proxy for a service.
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*accept_host*]
|
||||
# Host or IP where the tunnel will be accepting connections.
|
||||
#
|
||||
# [*accept_port*]
|
||||
# Port where the tunnel will be accepting connections.
|
||||
#
|
||||
# [*connect_port*]
|
||||
# Port where the tunnel will be proxying to.
|
||||
#
|
||||
# [*certificate*]
|
||||
# Cert that the TLS proxy will be using for the TLS connection.
|
||||
#
|
||||
# [*key*]
|
||||
# Key that the TLS proxy will be using for the TLS connection.
|
||||
#
|
||||
# [*client*]
|
||||
# Whether this proxy is meant for client connections.
|
||||
# Defaults to 'no'
|
||||
#
|
||||
# [*connect_host*]
|
||||
# Host where the tunnel will be proxying to.
|
||||
# Defaults to 'localhost'
|
||||
#
|
||||
define tripleo::stunnel::service_proxy (
|
||||
$accept_host,
|
||||
$accept_port,
|
||||
$connect_port,
|
||||
$certificate,
|
||||
$key,
|
||||
$client = 'no',
|
||||
$connect_host = 'localhost',
|
||||
) {
|
||||
concat::fragment { "stunnel-service-${name}":
|
||||
target => '/etc/stunnel/stunnel.conf',
|
||||
order => "20-${name}",
|
||||
content => template('tripleo/stunnel/service.erb'),
|
||||
}
|
||||
|
||||
Concat::Fragment["stunnel-service-${name}"] ~> Service<| title == 'stunnel' |>
|
||||
}
|
24
manifests/stunnel/systemd_unit.pp
Normal file
24
manifests/stunnel/systemd_unit.pp
Normal file
@ -0,0 +1,24 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Class: tripleo::stunnel::systemd_unit
|
||||
#
|
||||
# Configures the systemd unit for stunnel
|
||||
#
|
||||
class tripleo::stunnel::systemd_unit {
|
||||
systemd::unit_file {'stunnel.service':
|
||||
source => 'puppet:///modules/tripleo/stunnel.service'
|
||||
}
|
||||
}
|
1
templates/stunnel/foreground.erb
Normal file
1
templates/stunnel/foreground.erb
Normal file
@ -0,0 +1 @@
|
||||
foreground = <%= @foreground %>
|
6
templates/stunnel/service.erb
Normal file
6
templates/stunnel/service.erb
Normal file
@ -0,0 +1,6 @@
|
||||
[<%= @name %>]
|
||||
client = <%= @client %>
|
||||
accept=<%= @accept_host %>:<%= @accept_port %>
|
||||
connect=<%= @connect_host %>:<%= @connect_port %>
|
||||
cert=<%= @certificate %>
|
||||
key=<%= @key %>
|
Loading…
Reference in New Issue
Block a user