modules/entropykey/manifests/init.pp

   1 class entropykey::provider {
   2     package {
   3         "ekeyd": ensure => installed;
   4     }
   5
   6     file {
   7         "/etc/entropykey/ekeyd.conf":
   8             source => "puppet:///modules/entropykey/ekeyd.conf",
   9             notify  => Exec['restart_ekeyd'],
  10             require => [ Package['ekeyd'] ],
  11             ;
  12         # our CRL expires after a while (2 or 4 weeks?), so we have
  13         # to restart stunnel so it loads the new CRL.
  14         "/etc/cron.weekly/stunnel-ekey.conf":
  15             content =>  "# This file is under puppet control\nenv -i /etc/init.d/stunnel4 restart puppet-ekeyd\n",
  16             mode => "555",
  17             ;
  18         ;
  19     }
  20
  21     exec {
  22         "restart_ekeyd":
  23                 command => "true && cd / && env -i /etc/init.d/ekeyd restart",
  24                 require => [ File['/etc/entropykey/ekeyd.conf'] ],
  25                 refreshonly => true,
  26                 ;
  27     }
  28
  29     include "stunnel4"
  30     stunnel4::stunnel_server {
  31         "ekeyd":
  32             accept => 18888,
  33             connect => "127.0.0.1:8888",
  34             ;
  35     }
  36 }
  37
  38 class entropykey::local_consumer {
  39     package {
  40         "ekeyd-egd-linux": ensure => installed;
  41     }
  42
  43     file {
  44         "/etc/default/ekeyd-egd-linux":
  45             source => "puppet:///modules/entropykey/ekeyd-egd-linux",
  46             notify  => Exec['restart_ekeyd-egd-linux'],
  47             require => [ Package['ekeyd-egd-linux'] ],
  48         ;
  49     }
  50
  51     exec {
  52         "restart_ekeyd-egd-linux":
  53                 command => "true && cd / && env -i /etc/init.d/ekeyd-egd-linux restart",
  54                 require => [ File['/etc/default/ekeyd-egd-linux'] ],
  55                 refreshonly => true,
  56                 ;
  57     }
  58 }
  59
  60 class entropykey::remote_consumer inherits entropykey::local_consumer {
  61     include "stunnel4"
  62     stunnel4::stunnel_client {
  63         "ekeyd":
  64             accept => "127.0.0.1:8888",
  65             connecthost => "${entropy_provider}",
  66             connectport => 18888,
  67             ;
  68     }
  69 }
  70
  71 class entropykey {
  72     case getfromhash($nodeinfo, 'entropy_key') {
  73         true:  { include entropykey::provider }
  74     }
  75
  76     $entropy_provider  = entropy_provider($fqdn, $nodeinfo)
  77     case $entropy_provider {
  78         false: {}
  79         local: { include entropykey::local_consumer }
  80         default: { include entropykey::remote_consumer }
  81     }
  82
  83 }
  84
  85 # vim:set et:
  86 # vim:set sts=4 ts=4:
  87 # vim:set shiftwidth=4: