diff options
-rw-r--r-- | lib/leap_cli/config/object.rb | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/lib/leap_cli/config/object.rb b/lib/leap_cli/config/object.rb index 35637f1..c298882 100644 --- a/lib/leap_cli/config/object.rb +++ b/lib/leap_cli/config/object.rb @@ -334,6 +334,66 @@ module LeapCli entries.join("\n") end + # + # stunnel configuration for the client side. + # + # +node_list+ is a ObjectList of nodes running stunnel servers. + # + # +port+ is the real port of the ultimate service running on the servers + # that the client wants to connect to. + # + # About ths stunnel puppet names: + # + # * accept_port is the port on localhost to which local clients + # can connect. it is auto generated serially. + # * connect_port is the port on the stunnel server to connect to. + # it is auto generated from the +port+ argument. + # + # The network looks like this: + # + # |------ stunnel client ---------------| |--------- stunnel server -----------------------| + # consumer app -> localhost:accept_port -> server:connect_port -> server:port -> service app + # + # generates an entry appropriate to be passed directly to + # create_resources(stunnel::service, hiera('..'), defaults) + # + def stunnel_client(node_list, port, options={}) + @next_stunnel_port ||= 4000 + node_list.values.inject(Config::ObjectList.new) do |hsh, node| + if node.name != self.name || options[:include_self] + hsh["#{node.name}#{port}"] = Config::Object[ + 'accept_port', @next_stunnel_port, + 'connect', node.domain.internal, + 'connect_port', stunnel_port(port) + ] + @next_stunnel_port += 1 + end + hsh + end + end + + # + # generates a stunnel server entry. + # + # +port+ is the real port targeted service. + # + def stunnel_server(port) + {"accept" => stunnel_port(port), "connect" => "127.0.0.1:#{port}"} + end + + # + # maps a real port to a stunnel port (used as the connect_port in the client config + # and the accept_port in the server config) + # + def stunnel_port(port) + port = port.to_i + if port < 50000 + return port + 10000 + else + return port - 10000 + end + end + protected # |