From e7a1d738c9c95ff059fbaeff107d91a2e1742f8e Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Tue, 1 Mar 2011 21:56:22 +0100
Subject: add egd-management

We can now run hosts with a key in the host mode, so it will
provide entropy to other hosts. Furthermore we can define clients
that will collect entropy from such a host.
---
 manifests/client.pp | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 manifests/client.pp

(limited to 'manifests/client.pp')

diff --git a/manifests/client.pp b/manifests/client.pp
new file mode 100644
index 0000000..89fd253
--- /dev/null
+++ b/manifests/client.pp
@@ -0,0 +1,13 @@
+class ekeyd::client {
+  if !$ekeyd_host { fail("\$ekeyd_host is not set for $fqdn") }
+  case $operatingsystem {
+    centos: { include ekeyd::client::centos }
+    default: { include ekeyd::client::base }
+  }
+
+  if $use_shorewall {
+    class{'shorewall::rules::out::ekeyd':
+      ekeyd_host => $ekeyd_host,
+    }
+  }
+}
-- 
cgit v1.2.3


From 56a1d47b3e72c2acf83894ea12a944c604b1c094 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Tue, 1 Mar 2011 22:40:43 +0100
Subject: also do the client with a parametrized class and cleanup/finish the
 host part

---
 manifests/base.pp          | 4 ++--
 manifests/client.pp        | 5 +++--
 manifests/client/centos.pp | 2 +-
 manifests/init.pp          | 6 +++---
 4 files changed, 9 insertions(+), 8 deletions(-)

(limited to 'manifests/client.pp')

diff --git a/manifests/base.pp b/manifests/base.pp
index 94907ba..34c1cb8 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -15,8 +15,8 @@ class ekeyd::base {
     enable => true,
   }
 
-  exec{'configure_ekey_key':
-    command => "ekey-rekey `ekeydctl list | grep \"/dev/entropykey\" | awk -F, '{ print \$5}'` ${ekeyd::ekey_masterkey}",
+  exec{'configure_ekeyd_key':
+    command => "ekey-rekey `ekeydctl list | grep \"/dev/entropykey\" | awk -F, '{ print \$5}'` ${ekeyd::ekeyd_masterkey}",
     unless => "ekeydctl list | grep -q 'Running OK'",
     require => Service['ekeyd'],
   } 
diff --git a/manifests/client.pp b/manifests/client.pp
index 89fd253..e7df4c4 100644
--- a/manifests/client.pp
+++ b/manifests/client.pp
@@ -1,5 +1,6 @@
-class ekeyd::client {
-  if !$ekeyd_host { fail("\$ekeyd_host is not set for $fqdn") }
+class ekeyd::client(
+  $ekeyd_host
+) {
   case $operatingsystem {
     centos: { include ekeyd::client::centos }
     default: { include ekeyd::client::base }
diff --git a/manifests/client/centos.pp b/manifests/client/centos.pp
index b9328bb..2a9315a 100644
--- a/manifests/client/centos.pp
+++ b/manifests/client/centos.pp
@@ -1,6 +1,6 @@
 class ekeyd::client::centos inherits ekeyd::client::base {
   file{'/etc/sysconfig/egd-linux':
-    content => "DAEMON_HOST=${ekeyd_host}\n",
+    content => "DAEMON_HOST=${ekeyd::ekeyd_host}\n",
     notify => Service['egd-linux'],
     owner => root, group => 0, mode => 0644;
   }
diff --git a/manifests/init.pp b/manifests/init.pp
index 83ee949..036ff82 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,13 +1,13 @@
 class ekeyd(
-  $ekey_host = false,
-  $ekey_masterkey
+  $ekeyd_host = false,
+  $ekeyd_masterkey
 ){
 
   if $ekeyd_key_present != 'true' { fail("Can't find an ekey key plugged into usb on ${fqdn}") }
 
   include ekeyd::base
 
-  if $ekey_host {
+  if $ekeyd_host {
     case $operatingsystem {
       centos: { include ekeyd::host::centos }
       default: { include ekeyd::host::base }
-- 
cgit v1.2.3


From 1f2a5d682485ea0cbdc9e13d865485face539012 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Wed, 2 Mar 2011 00:57:49 +0100
Subject: migrate to define usage

---
 manifests/client.pp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'manifests/client.pp')

diff --git a/manifests/client.pp b/manifests/client.pp
index e7df4c4..b965015 100644
--- a/manifests/client.pp
+++ b/manifests/client.pp
@@ -1,5 +1,6 @@
 class ekeyd::client(
-  $ekeyd_host
+  $ekeyd_host,
+  $shorewall_zones = ['net']
 ) {
   case $operatingsystem {
     centos: { include ekeyd::client::centos }
@@ -7,7 +8,7 @@ class ekeyd::client(
   }
 
   if $use_shorewall {
-    class{'shorewall::rules::out::ekeyd':
+    shorewall::rules::out::ekeyd{$shorewall_zones:
       ekeyd_host => $ekeyd_host,
     }
   }
-- 
cgit v1.2.3