projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Try to get ipsec between storace and fasolo
[mirror/dsa-puppet.git] / modules / ipsec / templates / ipsec.secrets-10-puppet-peers.secrets.erb
diff --git a/modules/ipsec/templates/ipsec.secrets-10-puppet-peers.secrets.erb b/modules/ipsec/templates/ipsec.secrets-10-puppet-peers.secrets.erb
new file mode 100644 (file)
index 0000000..8bd790d
--- /dev/null
+++ b/modules/ipsec/templates/ipsec.secrets-10-puppet-peers.secrets.erb
@@ -0,0 +1,27 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+##
+
+<%=
+
+lines = []
+
+config = YAML.load(@ipsec_config)
+
+unless config.keys.include?(@fqdn) then
+       fail("Host #{@fqdn} not found in ipsec config.")
+end
+
+config.keys.each do |host|
+       next if @fqdn == host
+
+       pair = [@fqdn, host]
+       pair.sort!
+       connname = pair.join('-')
+       key = scope.function_hkdf(['/etc/puppet/secret', "puppet-key-ipsec:PSK:tor:#{connname}"])
+
+       lines << "#{config[pair[0]]['address']} #{config[pair[1]]['address']} : PSK \"#{key}\""
+end
+lines.join("\n")
+
+%>
Unnamed repository; edit this file 'description' to name the repository.