starlingx/integ
Code Issues Proposed changes
integ/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/patches/0001-Add-classes-to-update-config-files.patch
Leonardo Mendes f56d5f6a73 Add puppet package zitrlp-strongswan 
This change adds the package zitrlp-strongswan. This module allows
management of strongswan on Debian via swanctl / VICI.

Test Plan:
PASS: downloader
PASS: build-pkgs --clean --all
PASS: build-image
PASS: Run full build, system install, bootstrap and unlock SX system
PASS: Run command "puppet module list | grep strongswan"
PASS: Create a puppet manifest file responsible for creating and
      configuring each one of the strongswan and swanctl config files.
      Copy the manifest to /usr/share/puppet/modules/platform/manifest
      directory.
      Run "sudo puppet apply -e "include ::platform::strongswan""
      command. Observe that the files /etc/swanctl/swanctl.conf,
      /etc/strongswan.conf, /etc/strongswan.d/charon.conf and
      /etc/strongswan.d/charon-loggings.conf were updated according
      with the specifications of the implemented manifest.

Story: 2010940
Task: 48987

Change-Id: I3fac6d5ec514a9a7ab237b0c83dda61d042d4fcf
Signed-off-by: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>
2023-10-30 17:06:54 -03:00

147 lines
4.7 KiB
Diff
Raw Blame History

From c02bf3a61dafb0dee6362c0bb63e782abe3090f2 Mon Sep 17 00:00:00 2001
From: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>
Date: Tue, 17 Oct 2023 14:18:54 -0300
Subject: [PATCH] Add classes to update config files
---
manifests/charon.pp | 12 ++++++++++++
manifests/charon_logging.pp | 12 ++++++++++++
manifests/init.pp | 37 ++-----------------------------------
manifests/swanctl.pp | 22 ++++++++++++++++++++++
4 files changed, 48 insertions(+), 35 deletions(-)
create mode 100644 manifests/charon.pp
create mode 100644 manifests/charon_logging.pp
create mode 100644 manifests/swanctl.pp
diff --git a/manifests/charon.pp b/manifests/charon.pp
new file mode 100644
index 0000000..d1f6dcc
--- /dev/null
+++ b/manifests/charon.pp
@@ -0,0 +1,12 @@
+# @param charon_options configure other attributes in charon.conf.
+class strongswan::charon (
+ Hash $charon_options = {},
+) {
+ file { '/etc/strongswan.d/charon.conf':
+ owner => 'root',
+ mode => '0600',
+ content => strongswan::hash_to_strongswan_config({
+ charon => $charon_options,
+ }),
+ }
+}
diff --git a/manifests/charon_logging.pp b/manifests/charon_logging.pp
new file mode 100644
index 0000000..b454f2b
--- /dev/null
+++ b/manifests/charon_logging.pp
@@ -0,0 +1,12 @@
+# @param charon_logging configure file charon-logging.conf.
+class strongswan::charon_logging (
+ Hash $charon_logging = {},
+) {
+ file { '/etc/strongswan.d/charon-logging.conf':
+ owner => 'root',
+ mode => '0600',
+ content => strongswan::hash_to_strongswan_config({
+ charon => $charon_logging,
+ }),
+ }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index 08002a3..27904e4 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -23,12 +23,6 @@
# @param sw_collector sw-collector block in strongswan.conf.
# @param starter starter block in strongswan.conf.
# @param swanctl swanctl block in strongswan.conf.
-# @param authorities authorities block in swanctl.conf.
-# @param connections connections block in swanctl.conf. Besides keys allowed in swanctl, these ones are added:
-# * base_interface: base interface for xfrm device.
-# * if_id: interface ID for xfrm device used for in and out. In swanctl.conf, this value is used for id_id_in and if_id_out.
-# @param secrets secrets block in swanctl.conf.
-# @param pools pools block in swanctl.conf.
# @param route_based Whether route based VPN is configured.
# @param xfrm_default_base_interface XRFM base interface used if none is specified in connection.
#
@@ -58,25 +52,9 @@ class strongswan (
Hash $connections = {},
Hash $secrets = {},
Hash $pools = {},
- Boolean $route_based = false,
String $xfrm_default_base_interface = 'lo',
+ String $strongswan_include = 'strongswan.d/*.conf',
) {
- ensure_packages(['strongswan-swanctl', 'charon-systemd'])
- service { ['ipsec,', 'strongswan-starter']:
- ensure => stopped,
- enable => false,
- }
- service { 'strongswan':
- ensure => running,
- enable => true,
- }
- if ($route_based) {
- $d = strongswan::extract_xfrm_devices_from_connections($connections, $xfrm_default_base_interface)
- $_connections = $d['connections']
- ensure_resources('strongswan::xfrm', $d['xfrm'])
- } else {
- $_connections = $connections
- }
file { '/etc/strongswan.conf':
owner => 'root',
mode => '0600',
@@ -100,18 +78,7 @@ class strongswan (
sw-collector => $sw_collector,
starter => $starter,
swanctl => $swanctl,
+ strongswan_include => $strongswan_include,
}),
- notify => Service['strongswan'],
- }
- file { '/etc/swanctl/swanctl.conf':
- owner => 'root',
- mode => '0600',
- content => strongswan::hash_to_strongswan_config({
- authorities => $authorities,
- connections => $_connections,
- secrets => $secrets,
- pools => $pools,
- }),
- notify => Service['strongswan'],
}
}
diff --git a/manifests/swanctl.pp b/manifests/swanctl.pp
new file mode 100644
index 0000000..f85e7e3
--- /dev/null
+++ b/manifests/swanctl.pp
@@ -0,0 +1,22 @@
+# @param authorities authorities block in swanctl.conf.
+# @param connections connections block in swanctl.conf.
+# @param secrets secrets block in swanctl.conf.
+# @param pools pools block in swanctl.conf.
+
+class strongswan::swanctl (
+ Hash $authorities = {},
+ Hash $connections = {},
+ Hash $secrets = {},
+ Hash $pools = {},
+) {
+ file { '/etc/swanctl/swanctl.conf':
+ owner => 'root',
+ mode => '0600',
+ content => strongswan::hash_to_strongswan_config({
+ authorities => $authorities,
+ connections => $connections,
+ secrets => $secrets,
+ pools => $pools,
+ }),
+ }
+}
--
2.25.1
View Git Blame Copy Permalink