Merge branch 'master' of git://git.puppet.immerda.ch/module-ekeyd

author: Silvio Rhatto <rhatto@riseup.net> 2011-06-30 01:48:11 -0300
committer: Silvio Rhatto <rhatto@riseup.net> 2011-06-30 01:48:11 -0300
commit: 2b377786f8bf2133019c43df9376e0363093e50d (patch)
tree: 1e8e0709f78adff0d9b87fa0de79ca50ddd3e97b /manifests
parent: 87418479b280ccbbaca808711516dce989cdf36d (diff)
parent: 1f2a5d682485ea0cbdc9e13d865485face539012 (diff)
download: puppet-ekeyd-2b377786f8bf2133019c43df9376e0363093e50d.tar.gz
puppet-ekeyd-2b377786f8bf2133019c43df9376e0363093e50d.tar.bz2
9 files changed, 108 insertions, 7 deletions
diff --git a/manifests/base.pp b/manifests/base.pp
index e4d572d..34c1cb8 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -4,15 +4,20 @@ class ekeyd::base {
     ensure => installed,
   }
 
+  file{'/etc/entropykey/ekeyd.conf':
+    source => 'puppet:///modules/ekeyd/ekeyd.conf',
+    require => Package['ekeyd'],
+    notify => Service['ekeyd'],
+    owner => root, group => 0, mode => 0644;
+  }
   service{'ekeyd':
     ensure => running,
     enable => true,
-    require => Package['ekeyd'],
   }
 
-  exec{'configure_ekey_key':
-      command => "ekey-rekey `ekeydctl list | grep \"/dev/entropykey\" | awk -F, '{ print \$5}'` ${ekey_masterkey}",
-      unless => "ekeydctl list | grep -q 'Running OK'",
-      require => Service['ekeyd'],
+  exec{'configure_ekeyd_key':
+    command => "ekey-rekey `ekeydctl list | grep \"/dev/entropykey\" | awk -F, '{ print \$5}'` ${ekeyd::ekeyd_masterkey}",
+    unless => "ekeydctl list | grep -q 'Running OK'",
+    require => Service['ekeyd'],
   } 
 }
diff --git a/manifests/client.pp b/manifests/client.pp
new file mode 100644
index 0000000..b965015
--- /dev/null
+++ b/manifests/client.pp
@@ -0,0 +1,15 @@
+class ekeyd::client(
+  $ekeyd_host,
+  $shorewall_zones = ['net']
+) {
+  case $operatingsystem {
+    centos: { include ekeyd::client::centos }
+    default: { include ekeyd::client::base }
+  }
+
+  if $use_shorewall {
+    shorewall::rules::out::ekeyd{$shorewall_zones:
+      ekeyd_host => $ekeyd_host,
+    }
+  }
+}
diff --git a/manifests/client/base.pp b/manifests/client/base.pp
new file mode 100644
index 0000000..411b7ee
--- /dev/null
+++ b/manifests/client/base.pp
@@ -0,0 +1,3 @@
+class ekeyd::client::base {
+  include ekeyd::egd
+}
diff --git a/manifests/client/centos.pp b/manifests/client/centos.pp
new file mode 100644
index 0000000..4be46d8
--- /dev/null
+++ b/manifests/client/centos.pp
@@ -0,0 +1,7 @@
+class ekeyd::client::centos inherits ekeyd::client::base {
+  file{'/etc/sysconfig/egd-linux':
+    content => "DAEMON_HOST=${ekeyd::client::ekeyd_host}\n",
+    notify => Service['egd-linux'],
+    owner => root, group => 0, mode => 0644;
+  }
+}
diff --git a/manifests/egd.pp b/manifests/egd.pp
new file mode 100644
index 0000000..8a7da6f
--- /dev/null
+++ b/manifests/egd.pp
@@ -0,0 +1,17 @@
+class ekeyd::egd {
+  package{'ekeyd-egd-linux':
+    ensure => present,
+    before => Service['egd-linux'],
+  }
+
+  service{'egd-linux':
+    enable => true,
+    ensure => running,
+  }
+
+  if $use_shorewall {
+    Service['egd-linux']{
+      require => Service['shorewall'],
+    }
+  }
+}
diff --git a/manifests/host/base.pp b/manifests/host/base.pp
new file mode 100644
index 0000000..ec8525b
--- /dev/null
+++ b/manifests/host/base.pp
@@ -0,0 +1,15 @@
+class ekeyd::host::base inherits ekeyd::base {
+  sysctl::value{'kernel.random.write_wakeup_threshold':
+    value => 1024
+  }
+
+  File['/etc/entropykey/ekeyd.conf']{
+    source => 'puppet:///modules/ekeyd/ekeyd.conf.daemon',
+  }
+
+  Service['ekeyd']{
+    before => Service['egd-linux'],
+  }
+
+  include ekeyd::egd
+}
diff --git a/manifests/host/centos.pp b/manifests/host/centos.pp
new file mode 100644
index 0000000..d989d55
--- /dev/null
+++ b/manifests/host/centos.pp
@@ -0,0 +1,6 @@
+class ekeyd::host::centos inherits ekeyd::host::base {
+  file{'/etc/sysconfig/egd-linux':
+    ensure => 'absent',
+    notify => Service['egd-linux'],
+  }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index bf0fef7..b3b780d 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,9 +1,26 @@
-class ekeyd {
+class ekeyd(
+  $ekeyd_host = false,
+  $ekeyd_masterkey
+){
 
   package { "usbutils": ensure => installed }
  
   if $ekeyd_key_present != 'true' { fail("Can't find an ekey key plugged into usb on ${fqdn}") }
-  if !$ekey_masterkey { fail("You need to define \$ekey_masterkey for ${fqdn}") }
 
   include ekeyd::base
+
+  if $ekeyd_host {
+    case $operatingsystem {
+      centos: { include ekeyd::host::centos }
+      default: { include ekeyd::host::base }
+    }
+
+    if $use_shorewall {
+      include shorewall::rules::ekeyd
+    }
+  }
+
+  if $use_munin {
+    include ekeyd::munin
+  }
 }
diff --git a/manifests/munin.pp b/manifests/munin.pp
new file mode 100644
index 0000000..1ef1d2b
--- /dev/null
+++ b/manifests/munin.pp
@@ -0,0 +1,16 @@
+class ekeyd::munin {
+  munin::plugin::deploy{'ekeyd_stat_':
+    source => "ekeyd/munin/ekeyd_stat_" ,
+    ensure => "absent",
+  }
+  munin::plugin{
+    [ 'ekeyd_stat_total_EntropyRate',
+      'ekeyd_stat_total_TotalEntropy',
+      'ekeyd_stat_total_KeyVoltage',
+      'ekeyd_stat_total_FipsFrameRate',
+      'ekeyd_stat_KeyTemperatureC' ]:
+      require => Munin::Plugin::Deploy['ekeyd_stat_'],
+      ensure => 'ekeyd_stat_',
+      config => "user root\nenv.controlsocket /var/run/ekeyd.sock",
+  }
+}
author	Silvio Rhatto <rhatto@riseup.net>	2011-06-30 01:48:11 -0300
committer	Silvio Rhatto <rhatto@riseup.net>	2011-06-30 01:48:11 -0300
commit	2b377786f8bf2133019c43df9376e0363093e50d (patch)
tree	1e8e0709f78adff0d9b87fa0de79ca50ddd3e97b /manifests
parent	87418479b280ccbbaca808711516dce989cdf36d (diff)
parent	1f2a5d682485ea0cbdc9e13d865485face539012 (diff)
download	puppet-ekeyd-2b377786f8bf2133019c43df9376e0363093e50d.tar.gz puppet-ekeyd-2b377786f8bf2133019c43df9376e0363093e50d.tar.bz2