From 09aa9b1d4caeaa090e4a303e101e982ed04123ca Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 29 May 2010 13:52:30 -0300 Subject: Adding initial tunnel support --- manifests/init.pp | 2 ++ manifests/mail.pp | 2 +- manifests/nodo.pp | 12 +++++-- manifests/subsystems/tunnel.pp | 76 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 89 insertions(+), 3 deletions(-) create mode 100644 manifests/subsystems/tunnel.pp diff --git a/manifests/init.pp b/manifests/init.pp index 1373091..c9e5329 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -37,6 +37,7 @@ import "tor" import "postfix" import "reprepro" import "ssl" +import "autossh" # Import subsystems import "subsystems/firewall.pp" @@ -56,6 +57,7 @@ import "subsystems/xorg.pp" import "subsystems/modprobe.pp" import "subsystems/hosts.pp" import "subsystems/locales.pp" +import "subsystems/tunnel.pp" # Import nodo classes import "nodo.pp" diff --git a/manifests/mail.pp b/manifests/mail.pp index d1f2b42..47b8159 100644 --- a/manifests/mail.pp +++ b/manifests/mail.pp @@ -1,6 +1,6 @@ class nodo::mail { # Class for mail nodes - $mail_host = true + $mail_delivery = "postfix" $postfix_relayhost = "$domain" $postfix_smtp_listen = "$ipaddress" $postfix_mydestination = "\$myorigin" diff --git a/manifests/nodo.pp b/manifests/nodo.pp index e634ce9..c6d66c2 100644 --- a/manifests/nodo.pp +++ b/manifests/nodo.pp @@ -9,6 +9,7 @@ class nodo { include cron include hosts include locales + include tunnel # Set timezone and ntp config # @@ -29,8 +30,15 @@ class nodo { include monkeysphere # Email delivery configuration - if $mail_host != true { - include exim + case $mail_delivery { + 'tunnel' { + include exim::disabled + tunnel::mail { "$mail_hostname": + sshport => '$mail_ssh_port', + } + } + 'postfix': { } + '','exim',default: { include exim } } # Apt configuration diff --git a/manifests/subsystems/tunnel.pp b/manifests/subsystems/tunnel.pp new file mode 100644 index 0000000..f034c61 --- /dev/null +++ b/manifests/subsystems/tunnel.pp @@ -0,0 +1,76 @@ +class tunnel { + + User <<| tag == "autossh-$fqdn" |>> + File <<| tag == "autossh-$fqdn" |>> + Ssh_authorized_key <<| tag == "autossh-$real_backupserver_tag" |>> + + define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'dsa') { + $dir = "/var/backups/remote/$user" + $tag = "autossh-$hostname" + $ssh_dir = "$dir/.ssh" + + autossh::tunnel { $name: + ensure => $ensure, + user => $user, + port => $localport, + hostport => $hostport, + remote_host => $host, + sshport => $sshport, + } + + if !defined(File["$dir"]) { + @@file { "$dir": + ensure => directory, + mode => 0750, + owner => $user, + group => 0, + tag => "$tag", + } + } + + if !defined(File["$sshdir"]) { + @@file { "$sshdir": + ensure => directory, + mode => 0700, + owner => $user, + group => 0, + require => [User[$user], File["$dir"]], + tag => "$tag", + } + } + + if !defined(File["${ssh_dir}/authorized_keys"]) { + @@file { "${ssh_dir}/authorized_keys": + ensure => present, + mode => 0644, + owner => 0, + group => 0, + source => "puppet://$server/files/keys/${user}_id_${keytype}.pub", + require => File["${ssh_dir}"], + tag => "$tag", + } + } + + if !defined(User["$user"]) { + @@user { "$user": + ensure => "present", + comment => "$name backup sandbox", + home => "$dir", + managehome => true, + shell => "/bin/sh", + password => '*', + require => Group['backupninjas'], + tag => "$tag" + } + } + } + + define mail ($sshport = '22') { + tunnel::setup { "smtp": + host => "$name.$domain", + sshport => "$sshport", + localport => '25', + hostport => '25', + } + } +} -- cgit v1.2.3