7u83-ipsec/manifests/strongswan.pp

##

class ipsec::strongswan  (
	$version = 'latest',
	$enable = $::ipsec::strongswan_params::service_enable
) inherits ipsec::strongswan_params {
	
	package { 'strongswan':
		name => $pkg_name,
		provider => $pkg_provider,
		ensure => $version
	}
	
	service { 'strongswan':
		ensure => running,
		require => Package['strongswan'],
		subscribe => Concat[ "$ipsec_conf" ],
		enable => $enable
	}

	concat { "$secrets_file": 
		owner => "$secrets_usr",
		group => "$secrets_grp",
		mode  => '0600'
	}
	concat::fragment { "pskfile_header":
		target => "$secrets_file",
		order => '00',
		content => "#strongswan psks\n",
	}

	concat { "$ipsec_conf": 
	}

	concat::fragment { "ipsec_conf_header":
		target => "$ipsec_conf",
		order => '00',
		content => template('ipsec/strongswan/ipsec.conf.header.erb'),
	}
}


define ipsec::strongswan::tunnel (

	$local_ip,
	$remote_ip,
	$encryption,
	$hash,
	$dh_group,
	$lifetime,
	$nets,
	$proto,
	$psk 

){

	concat::fragment { "$title":
		target => "$::ipsec::strongswan_params::ipsec_conf",
		content => template('ipsec/strongswan/ipsec.conf.tunnel.erb')
	}

	concat::fragment { "$title psk":
		target => "$::ipsec::strongswan_params::secrets_file",
		content => template('ipsec/strongswan/ipsec.secrets.erb')
	}

}
Initial commit 2018-02-21 15:31:53 +00:00			`##`

			`class ipsec::strongswan (`
			`$version = 'latest',`
			`$enable = $::ipsec::strongswan_params::service_enable`
			`) inherits ipsec::strongswan_params {`

			`package { 'strongswan':`
			`name => $pkg_name,`
			`provider => $pkg_provider,`
			`ensure => $version`
			`}`

			`service { 'strongswan':`
			`ensure => running,`
			`require => Package['strongswan'],`
			`subscribe => Concat[ "$ipsec_conf" ],`
			`enable => $enable`
			`}`

			`concat { "$secrets_file":`
			`owner => "$secrets_usr",`
			`group => "$secrets_grp",`
			`mode => '0600'`
			`}`
			`concat::fragment { "pskfile_header":`
			`target => "$secrets_file",`
			`order => '00',`
			`content => "#strongswan psks\n",`
			`}`

			`concat { "$ipsec_conf":`
			`}`

			`concat::fragment { "ipsec_conf_header":`
			`target => "$ipsec_conf",`
			`order => '00',`
			`content => template('ipsec/strongswan/ipsec.conf.header.erb'),`
			`}`
			`}`


			`define ipsec::strongswan::tunnel (`
Strongswan support 2018-02-23 16:02:21 +00:00
Initial commit 2018-02-21 15:31:53 +00:00			`$local_ip,`
			`$remote_ip,`
Strongswan support 2018-02-23 16:02:21 +00:00			`$encryption,`
			`$hash,`
			`$dh_group,`
			`$lifetime,`
Initial commit 2018-02-21 15:31:53 +00:00			`$nets,`
Strongswan support 2018-02-23 16:02:21 +00:00			`$proto,`
Initial commit 2018-02-21 15:31:53 +00:00			`$psk`

			`){`

			`concat::fragment { "$title":`
			`target => "$::ipsec::strongswan_params::ipsec_conf",`
			`content => template('ipsec/strongswan/ipsec.conf.tunnel.erb')`
			`}`

			`concat::fragment { "$title psk":`
			`target => "$::ipsec::strongswan_params::secrets_file",`
			`content => template('ipsec/strongswan/ipsec.secrets.erb')`
			`}`

			`}`