modules/entropykey/manifests/init.pp

   1 class entropykey::provider {
   2     package {
   3         "ekeyd": ensure => installed;
   4     }
   5
   6     file {
   7         "/etc/entropykey/ekeyd.conf":
   8             source => "puppet:///modules/entropykey/ekeyd.conf",
   9             notify  => Exec['restart_ekeyd'],
  10             require => [ Package['ekeyd'] ],
  11             ;
  12         # our CRL expires after a while (2 or 4 weeks?), so we have
  13         # to restart stunnel so it loads the new CRL.
  14         "/etc/cron.weekly/stunnel-ekey-restart":
  15             content =>  "# This file is under puppet control\nenv -i /etc/init.d/stunnel4 restart puppet-ekeyd\n",
  16             mode => "555",
  17             ;
  18     }
  19
  20     exec {
  21         "restart_ekeyd":
  22                 command => "true && cd / && env -i /etc/init.d/ekeyd restart",
  23                 require => [ File['/etc/entropykey/ekeyd.conf'] ],
  24                 refreshonly => true,
  25                 ;
  26     }
  27
  28     include "stunnel4"
  29     stunnel4::stunnel_server {
  30         "ekeyd":
  31             accept => 18888,
  32             connect => "127.0.0.1:8888",
  33             ;
  34     }
  35 }
  36
  37 class entropykey::local_consumer {
  38     package {
  39         "ekeyd-egd-linux": ensure => installed;
  40     }
  41
  42     file {
  43         "/etc/default/ekeyd-egd-linux":
  44             source => "puppet:///modules/entropykey/ekeyd-egd-linux",
  45             notify  => Exec['restart_ekeyd-egd-linux'],
  46             require => [ Package['ekeyd-egd-linux'] ],
  47         ;
  48     }
  49
  50     exec {
  51         "restart_ekeyd-egd-linux":
  52                 command => "true && cd / && env -i /etc/init.d/ekeyd-egd-linux restart",
  53                 require => [ File['/etc/default/ekeyd-egd-linux'] ],
  54                 refreshonly => true,
  55                 ;
  56     }
  57 }
  58
  59 class entropykey::remote_consumer inherits entropykey::local_consumer {
  60     include "stunnel4"
  61     stunnel4::stunnel_client {
  62         "ekeyd":
  63             accept => "127.0.0.1:8888",
  64             connecthost => "${entropy_provider}",
  65             connectport => 18888,
  66             ;
  67     }
  68 }
  69
  70 class entropykey {
  71     case getfromhash($nodeinfo, 'entropy_key') {
  72         true:  { include entropykey::provider }
  73     }
  74
  75     $entropy_provider  = entropy_provider($fqdn, $nodeinfo)
  76     case $entropy_provider {
  77         false: {}
  78         local: { include entropykey::local_consumer }
  79         default: { include entropykey::remote_consumer }
  80     }
  81
  82 }
  83
  84 # vim:set et:
  85 # vim:set sts=4 ts=4:
  86 # vim:set shiftwidth=4: