summaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'manifests')
-rw-r--r--manifests/base.pp15
-rw-r--r--manifests/client.pp15
-rw-r--r--manifests/client/base.pp3
-rw-r--r--manifests/client/centos.pp7
-rw-r--r--manifests/egd.pp17
-rw-r--r--manifests/host/base.pp15
-rw-r--r--manifests/host/centos.pp6
-rw-r--r--manifests/init.pp21
-rw-r--r--manifests/munin.pp16
9 files changed, 108 insertions, 7 deletions
diff --git a/manifests/base.pp b/manifests/base.pp
index e4d572d..34c1cb8 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -4,15 +4,20 @@ class ekeyd::base {
ensure => installed,
}
+ file{'/etc/entropykey/ekeyd.conf':
+ source => 'puppet:///modules/ekeyd/ekeyd.conf',
+ require => Package['ekeyd'],
+ notify => Service['ekeyd'],
+ owner => root, group => 0, mode => 0644;
+ }
service{'ekeyd':
ensure => running,
enable => true,
- require => Package['ekeyd'],
}
- exec{'configure_ekey_key':
- command => "ekey-rekey `ekeydctl list | grep \"/dev/entropykey\" | awk -F, '{ print \$5}'` ${ekey_masterkey}",
- unless => "ekeydctl list | grep -q 'Running OK'",
- require => Service['ekeyd'],
+ exec{'configure_ekeyd_key':
+ command => "ekey-rekey `ekeydctl list | grep \"/dev/entropykey\" | awk -F, '{ print \$5}'` ${ekeyd::ekeyd_masterkey}",
+ unless => "ekeydctl list | grep -q 'Running OK'",
+ require => Service['ekeyd'],
}
}
diff --git a/manifests/client.pp b/manifests/client.pp
new file mode 100644
index 0000000..b965015
--- /dev/null
+++ b/manifests/client.pp
@@ -0,0 +1,15 @@
+class ekeyd::client(
+ $ekeyd_host,
+ $shorewall_zones = ['net']
+) {
+ case $operatingsystem {
+ centos: { include ekeyd::client::centos }
+ default: { include ekeyd::client::base }
+ }
+
+ if $use_shorewall {
+ shorewall::rules::out::ekeyd{$shorewall_zones:
+ ekeyd_host => $ekeyd_host,
+ }
+ }
+}
diff --git a/manifests/client/base.pp b/manifests/client/base.pp
new file mode 100644
index 0000000..411b7ee
--- /dev/null
+++ b/manifests/client/base.pp
@@ -0,0 +1,3 @@
+class ekeyd::client::base {
+ include ekeyd::egd
+}
diff --git a/manifests/client/centos.pp b/manifests/client/centos.pp
new file mode 100644
index 0000000..4be46d8
--- /dev/null
+++ b/manifests/client/centos.pp
@@ -0,0 +1,7 @@
+class ekeyd::client::centos inherits ekeyd::client::base {
+ file{'/etc/sysconfig/egd-linux':
+ content => "DAEMON_HOST=${ekeyd::client::ekeyd_host}\n",
+ notify => Service['egd-linux'],
+ owner => root, group => 0, mode => 0644;
+ }
+}
diff --git a/manifests/egd.pp b/manifests/egd.pp
new file mode 100644
index 0000000..8a7da6f
--- /dev/null
+++ b/manifests/egd.pp
@@ -0,0 +1,17 @@
+class ekeyd::egd {
+ package{'ekeyd-egd-linux':
+ ensure => present,
+ before => Service['egd-linux'],
+ }
+
+ service{'egd-linux':
+ enable => true,
+ ensure => running,
+ }
+
+ if $use_shorewall {
+ Service['egd-linux']{
+ require => Service['shorewall'],
+ }
+ }
+}
diff --git a/manifests/host/base.pp b/manifests/host/base.pp
new file mode 100644
index 0000000..ec8525b
--- /dev/null
+++ b/manifests/host/base.pp
@@ -0,0 +1,15 @@
+class ekeyd::host::base inherits ekeyd::base {
+ sysctl::value{'kernel.random.write_wakeup_threshold':
+ value => 1024
+ }
+
+ File['/etc/entropykey/ekeyd.conf']{
+ source => 'puppet:///modules/ekeyd/ekeyd.conf.daemon',
+ }
+
+ Service['ekeyd']{
+ before => Service['egd-linux'],
+ }
+
+ include ekeyd::egd
+}
diff --git a/manifests/host/centos.pp b/manifests/host/centos.pp
new file mode 100644
index 0000000..d989d55
--- /dev/null
+++ b/manifests/host/centos.pp
@@ -0,0 +1,6 @@
+class ekeyd::host::centos inherits ekeyd::host::base {
+ file{'/etc/sysconfig/egd-linux':
+ ensure => 'absent',
+ notify => Service['egd-linux'],
+ }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index bf0fef7..b3b780d 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,9 +1,26 @@
-class ekeyd {
+class ekeyd(
+ $ekeyd_host = false,
+ $ekeyd_masterkey
+){
package { "usbutils": ensure => installed }
if $ekeyd_key_present != 'true' { fail("Can't find an ekey key plugged into usb on ${fqdn}") }
- if !$ekey_masterkey { fail("You need to define \$ekey_masterkey for ${fqdn}") }
include ekeyd::base
+
+ if $ekeyd_host {
+ case $operatingsystem {
+ centos: { include ekeyd::host::centos }
+ default: { include ekeyd::host::base }
+ }
+
+ if $use_shorewall {
+ include shorewall::rules::ekeyd
+ }
+ }
+
+ if $use_munin {
+ include ekeyd::munin
+ }
}
diff --git a/manifests/munin.pp b/manifests/munin.pp
new file mode 100644
index 0000000..1ef1d2b
--- /dev/null
+++ b/manifests/munin.pp
@@ -0,0 +1,16 @@
+class ekeyd::munin {
+ munin::plugin::deploy{'ekeyd_stat_':
+ source => "ekeyd/munin/ekeyd_stat_" ,
+ ensure => "absent",
+ }
+ munin::plugin{
+ [ 'ekeyd_stat_total_EntropyRate',
+ 'ekeyd_stat_total_TotalEntropy',
+ 'ekeyd_stat_total_KeyVoltage',
+ 'ekeyd_stat_total_FipsFrameRate',
+ 'ekeyd_stat_KeyTemperatureC' ]:
+ require => Munin::Plugin::Deploy['ekeyd_stat_'],
+ ensure => 'ekeyd_stat_',
+ config => "user root\nenv.controlsocket /var/run/ekeyd.sock",
+ }
+}