diff options
8 files changed, 174 insertions, 3 deletions
diff --git a/files/stunnel.service b/files/stunnel.service
new file mode 100644
index 0000000..dce2366
--- /dev/null
+++ b/files/stunnel.service
@@ -0,0 +1,19 @@
+Description=SSL tunnel for network daemons
+ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
+ExecStop=/usr/bin/killall -9 stunnel
+# Give up if ping don't get an answer
diff --git a/manifests/host/sriov.pp b/manifests/host/sriov.pp
index c06796d..b94c472 100644
--- a/manifests/host/sriov.pp
+++ b/manifests/host/sriov.pp
@@ -16,7 +16,7 @@ class tripleo::host::sriov (
) {
if !empty($number_of_vfs) {
- sriov_vf_config { $number_of_vfs: }
+ sriov_vf_config { $number_of_vfs: ensure => present }
# the numvfs configuration needs to be persisted for every boot
tripleo::host::sriov::numvfs_persistence {'persistent_numvfs':
diff --git a/manifests/stunnel.pp b/manifests/stunnel.pp
new file mode 100644
index 0000000..25b2ff4
--- /dev/null
+++ b/manifests/stunnel.pp
@@ -0,0 +1,60 @@
+# Copyright 2017 Red Hat, Inc.
+# All Rights Reserved.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+# == Class: tripleo::stunnel
+# Installs and starts stunnel
+# [*manage_service*]
+# (Optional) Whether we'll be managing the stunnel service or not.
+# Defaults to true
+# [*service_ensure*]
+# (Optional) Ensure the service be running or stopped
+# Defaults to 'running'
+# [*foreground*]
+# (Optional) Sets the configuration for stunnel to run the process in
+# the foreground. This is useful when trying to run stunnel in a
+# container.
+# Defaults to 'no'
+class tripleo::stunnel (
+ $manage_service = true,
+ $service_ensure = 'running',
+ $foreground = 'no',
+ package { 'stunnel':
+ ensure => 'present'
+ }
+ concat { '/etc/stunnel/stunnel.conf':
+ ensure => present,
+ }
+ concat::fragment { 'stunnel-foreground':
+ target => '/etc/stunnel/stunnel.conf',
+ order => '10-foreground-config',
+ content => template('tripleo/stunnel/foreground.erb'),
+ }
+ if $manage_service {
+ Concat['/etc/stunnel/stunnel.conf'] ~> Service['stunnel']
+ include ::tripleo::stunnel::systemd_unit
+ service { 'stunnel':
+ ensure => $service_ensure
+ }
+ }
diff --git a/manifests/stunnel/service_proxy.pp b/manifests/stunnel/service_proxy.pp
new file mode 100644
index 0000000..2c9519a
--- /dev/null
+++ b/manifests/stunnel/service_proxy.pp
@@ -0,0 +1,61 @@
+# Copyright 2017 Red Hat, Inc.
+# All Rights Reserved.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+# == Class: tripleo::stunnel::service_proxy
+# Configures a TLS proxy for a service.
+# === Parameters
+# [*accept_host*]
+# Host or IP where the tunnel will be accepting connections.
+# [*accept_port*]
+# Port where the tunnel will be accepting connections.
+# [*connect_port*]
+# Port where the tunnel will be proxying to.
+# [*certificate*]
+# Cert that the TLS proxy will be using for the TLS connection.
+# [*key*]
+# Key that the TLS proxy will be using for the TLS connection.
+# [*client*]
+# Whether this proxy is meant for client connections.
+# Defaults to 'no'
+# [*connect_host*]
+# Host where the tunnel will be proxying to.
+# Defaults to 'localhost'
+define tripleo::stunnel::service_proxy (
+ $accept_host,
+ $accept_port,
+ $connect_port,
+ $certificate,
+ $key,
+ $client = 'no',
+ $connect_host = 'localhost',
+) {
+ concat::fragment { "stunnel-service-${name}":
+ target => '/etc/stunnel/stunnel.conf',
+ order => "20-${name}",
+ content => template('tripleo/stunnel/service.erb'),
+ }
+ Concat::Fragment["stunnel-service-${name}"] ~> Service<| title == 'stunnel' |>
diff --git a/manifests/stunnel/systemd_unit.pp b/manifests/stunnel/systemd_unit.pp
new file mode 100644
index 0000000..c82e825
--- /dev/null
+++ b/manifests/stunnel/systemd_unit.pp
@@ -0,0 +1,24 @@
+# Copyright 2017 Red Hat, Inc.
+# All Rights Reserved.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+# == Class: tripleo::stunnel::systemd_unit
+# Configures the systemd unit for stunnel
+class tripleo::stunnel::systemd_unit {
+ systemd::unit_file {'stunnel.service':
+ source => 'puppet:///modules/tripleo/stunnel.service'
+ }
diff --git a/spec/classes/tripleo_host_sriov_spec.rb b/spec/classes/tripleo_host_sriov_spec.rb
index eb2213a..4c81c72 100644
--- a/spec/classes/tripleo_host_sriov_spec.rb
+++ b/spec/classes/tripleo_host_sriov_spec.rb
@@ -17,8 +17,8 @@ describe 'tripleo::host::sriov' do
it 'configures numvfs' do
- contain_sriov_vf_config('eth0:4')
- contain_sriov_vf_config('eth1:5')
+ contain_sriov_vf_config('eth0:4').with( :ensure => 'present' )
+ contain_sriov_vf_config('eth1:5').with( :ensure => 'present' ) contain_tripleo__host__sriov__numvfs_persistence('persistent_numvfs').with(
:vf_defs => ['eth0:4','eth1:5'],
:content_string => "#!/bin/bash\n"
diff --git a/templates/stunnel/foreground.erb b/templates/stunnel/foreground.erb
new file mode 100644
index 0000000..2ceff96
--- /dev/null
+++ b/templates/stunnel/foreground.erb
@@ -0,0 +1 @@
+foreground = <%= @foreground %>
diff --git a/templates/stunnel/service.erb b/templates/stunnel/service.erb
new file mode 100644
index 0000000..b707444
--- /dev/null
+++ b/templates/stunnel/service.erb
@@ -0,0 +1,6 @@
+[<%= @name %>]
+client = <%= @client %>
+accept=<%= @accept_host %>:<%= @accept_port %>
+connect=<%= @connect_host %>:<%= @connect_port %>
+cert=<%= @certificate %>
+key=<%= @key %>