-class entropykey::provider {
- package {
- "ekeyd": ensure => installed;
- }
-
- file {
- "/etc/entropykey/ekeyd.conf":
- source => "puppet:///modules/entropykey/ekeyd.conf",
- notify => Exec['restart_ekeyd'],
- require => [ Package['ekeyd'] ],
- ;
- # our CRL expires after a while (2 or 4 weeks?), so we have
- # to restart stunnel so it loads the new CRL.
- "/etc/cron.weekly/stunnel-ekey-restart":
- content => "#!/bin/sh\n# This file is under puppet control\nenv -i /etc/init.d/stunnel4 restart puppet-ekeyd\n",
- mode => "555",
- ;
- }
-
- exec {
- "restart_ekeyd":
- command => "true && cd / && env -i /etc/init.d/ekeyd restart",
- require => [ File['/etc/entropykey/ekeyd.conf'] ],
- refreshonly => true,
- ;
- }
-
- include "stunnel4"
- stunnel4::stunnel_server {
- "ekeyd":
- accept => 18888,
- connect => "127.0.0.1:8888",
- ;
- }
-}
-
-class entropykey::local_consumer {
- package {
- "ekeyd-egd-linux": ensure => installed;
- }
-
- file {
- "/etc/default/ekeyd-egd-linux":
- source => "puppet:///modules/entropykey/ekeyd-egd-linux",
- notify => Exec['restart_ekeyd-egd-linux'],
- require => [ Package['ekeyd-egd-linux'] ],
- ;
- }
-
- exec {
- "restart_ekeyd-egd-linux":
- command => "true && cd / && env -i /etc/init.d/ekeyd-egd-linux restart",
- require => [ File['/etc/default/ekeyd-egd-linux'] ],
- refreshonly => true,
- ;
- }
-}
-
-class entropykey::remote_consumer inherits entropykey::local_consumer {
- include "stunnel4"
- stunnel4::stunnel_client {
- "ekeyd":
- accept => "127.0.0.1:8888",
- connecthost => "${entropy_provider}",
- connectport => 18888,
- ;
- }
-}
-