--- /dev/null
+[Unit]
+Description=SSL tunnel for network daemons
+After=network.target
+After=syslog.target
+
+[Install]
+WantedBy=multi-user.target
+Alias=stunnel.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
+ExecStop=/usr/bin/killall -9 stunnel
+
+# Give up if ping don't get an answer
+TimeoutSec=600
+
+Restart=always
+PrivateTmp=false
--- /dev/null
+# Copyright 2017 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# == Class: tripleo::stunnel
+#
+# Installs and starts stunnel
+#
+# [*manage_service*]
+# (Optional) Whether we'll be managing the stunnel service or not.
+# Defaults to true
+#
+# [*service_ensure*]
+# (Optional) Ensure the service be running or stopped
+# Defaults to 'running'
+#
+# [*foreground*]
+# (Optional) Sets the configuration for stunnel to run the process in
+# the foreground. This is useful when trying to run stunnel in a
+# container.
+# Defaults to 'no'
+#
+class tripleo::stunnel (
+ $manage_service = true,
+ $service_ensure = 'running',
+ $foreground = 'no',
+){
+ package { 'stunnel':
+ ensure => 'present'
+ }
+
+ concat { '/etc/stunnel/stunnel.conf':
+ ensure => present,
+ }
+ concat::fragment { 'stunnel-foreground':
+ target => '/etc/stunnel/stunnel.conf',
+ order => '10-foreground-config',
+ content => template('tripleo/stunnel/foreground.erb'),
+ }
+ if $manage_service {
+ Concat['/etc/stunnel/stunnel.conf'] ~> Service['stunnel']
+
+ include ::tripleo::stunnel::systemd_unit
+
+ service { 'stunnel':
+ ensure => $service_ensure
+ }
+ }
+}
--- /dev/null
+# Copyright 2017 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# == Class: tripleo::stunnel::service_proxy
+#
+# Configures a TLS proxy for a service.
+#
+# === Parameters
+#
+# [*accept_host*]
+# Host or IP where the tunnel will be accepting connections.
+#
+# [*accept_port*]
+# Port where the tunnel will be accepting connections.
+#
+# [*connect_port*]
+# Port where the tunnel will be proxying to.
+#
+# [*certificate*]
+# Cert that the TLS proxy will be using for the TLS connection.
+#
+# [*key*]
+# Key that the TLS proxy will be using for the TLS connection.
+#
+# [*client*]
+# Whether this proxy is meant for client connections.
+# Defaults to 'no'
+#
+# [*connect_host*]
+# Host where the tunnel will be proxying to.
+# Defaults to 'localhost'
+#
+define tripleo::stunnel::service_proxy (
+ $accept_host,
+ $accept_port,
+ $connect_port,
+ $certificate,
+ $key,
+ $client = 'no',
+ $connect_host = 'localhost',
+) {
+ concat::fragment { "stunnel-service-${name}":
+ target => '/etc/stunnel/stunnel.conf',
+ order => "20-${name}",
+ content => template('tripleo/stunnel/service.erb'),
+ }
+
+ Concat::Fragment["stunnel-service-${name}"] ~> Service<| title == 'stunnel' |>
+}
--- /dev/null
+# Copyright 2017 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# == Class: tripleo::stunnel::systemd_unit
+#
+# Configures the systemd unit for stunnel
+#
+class tripleo::stunnel::systemd_unit {
+ systemd::unit_file {'stunnel.service':
+ source => 'puppet:///modules/tripleo/stunnel.service'
+ }
+}
--- /dev/null
+foreground = <%= @foreground %>
--- /dev/null
+[<%= @name %>]
+client = <%= @client %>
+accept=<%= @accept_host %>:<%= @accept_port %>
+connect=<%= @connect_host %>:<%= @connect_port %>
+cert=<%= @certificate %>
+key=<%= @key %>
Code Review / apex-puppet-tripleo.git / commitdiff