Merge "Add puppet package zitrlp-strongswan"

2023-11-01 15:51:04 +00:00 · 2023-11-01 15:51:04 +00:00 · 67052ac974
commit 67052ac974
parent e35b25e6c0 f56d5f6a73
13 changed files with 259 additions and 0 deletions
--- a/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/changelog
+++ b/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/changelog
@ -0,0 +1,5 @@
+puppet-zitrlp-strongswan (0.1.0) UNRELEASED; urgency=medium
+
+  * Initial release.
+
+ -- Leonardo Mendes <leonardo.mendessantana@windriver.com>  Sun, 15 Oct 2023 12:33:51 -0300
--- a/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/control
+++ b/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/control
@ -0,0 +1,15 @@
+Source: puppet-zitrlp-strongswan
+Section: admin
+Priority: optional
+Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13)
+Standards-Version: 4.4.1
+Homepage: https://www.starlingx.io
+
+Package: puppet-zitrlp-strongswan
+Architecture: any
+Depends:  puppet (>= 5.2.22),
+          puppet-module-puppetlabs-stdlib,
+          ${misc:depends}
+Description: Puppet module named puppet-zitrlp-strongswan
+  This module allows management of strongswan on Debian via swanctl / VICI, route-based or otherwise.
--- a/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/copyright
+++ b/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/copyright
@ -0,0 +1,29 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+
+Upstream-Name: puppet-zitrlp-strongswan
+Upstream-Contact: Jan-Martin Rämer (https://software.service.zit-rlp.de/jra)
+Source: https://software.service.zit-rlp.de/puppet/strongswan
+Files: *
+Copyright: (C) 2023 Jan-Martin Rämer (https://software.service.zit-rlp.de/jra)
+License: GPL-3.0
+
+Upstream-Name: puppet-zitrlp-strongswan
+Upstream-Contact: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Source: https://opendev.org/starlingx/integ/src/branch/master/config/puppet-modules/puppet-zitrlp-strongswan
+Files: debian/*
+Copyright: (c) 2023 Wind River Systems, Inc.
+License: GPL-3.0
+
+License:   GPL-3.0
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <https://www.gnu.org/licenses/>.
--- a/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/patches/0001-Add-classes-to-update-config-files.patch
+++ b/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/patches/0001-Add-classes-to-update-config-files.patch
@ -0,0 +1,146 @@
+From c02bf3a61dafb0dee6362c0bb63e782abe3090f2 Mon Sep 17 00:00:00 2001
+From: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>
+Date: Tue, 17 Oct 2023 14:18:54 -0300
+Subject: [PATCH] Add classes to update config files
+
+---
+ manifests/charon.pp         | 12 ++++++++++++
+ manifests/charon_logging.pp | 12 ++++++++++++
+ manifests/init.pp           | 37 ++-----------------------------------
+ manifests/swanctl.pp        | 22 ++++++++++++++++++++++
+ 4 files changed, 48 insertions(+), 35 deletions(-)
+ create mode 100644 manifests/charon.pp
+ create mode 100644 manifests/charon_logging.pp
+ create mode 100644 manifests/swanctl.pp
+
+diff --git a/manifests/charon.pp b/manifests/charon.pp
+new file mode 100644
+index 0000000..d1f6dcc
+--- /dev/null
+++ b/manifests/charon.pp
+@@ -0,0 +1,12 @@
+# @param charon_options configure other attributes in charon.conf.
+class strongswan::charon (
+  Hash $charon_options = {},
+) {
+  file { '/etc/strongswan.d/charon.conf':
+    owner   => 'root',
+    mode    => '0600',
+    content => strongswan::hash_to_strongswan_config({
+        charon => $charon_options,
+    }),
+  }
+}
+diff --git a/manifests/charon_logging.pp b/manifests/charon_logging.pp
+new file mode 100644
+index 0000000..b454f2b
+--- /dev/null
+++ b/manifests/charon_logging.pp
+@@ -0,0 +1,12 @@
+# @param charon_logging configure file charon-logging.conf.
+class strongswan::charon_logging (
+  Hash $charon_logging = {},
+) {
+  file { '/etc/strongswan.d/charon-logging.conf':
+    owner   => 'root',
+    mode    => '0600',
+    content => strongswan::hash_to_strongswan_config({
+        charon => $charon_logging,
+    }),
+  }
+}
+diff --git a/manifests/init.pp b/manifests/init.pp
+index 08002a3..27904e4 100644
+--- a/manifests/init.pp
+++ b/manifests/init.pp
+@@ -23,12 +23,6 @@
+ # @param sw_collector sw-collector block in strongswan.conf.
+ # @param starter starter block in strongswan.conf.
+ # @param swanctl swanctl block in strongswan.conf.
+-# @param authorities authorities block in swanctl.conf.
+-# @param connections connections block in swanctl.conf. Besides keys allowed in swanctl, these ones are added:
+-#      * base_interface: base interface for xfrm device.
+-#      * if_id: interface ID for xfrm device used for in and out. In swanctl.conf, this value is used for id_id_in and if_id_out.
+-# @param secrets secrets block in swanctl.conf.
+-# @param pools pools block in swanctl.conf.
+ # @param route_based Whether route based VPN is configured.
+ # @param xfrm_default_base_interface XRFM base interface used if none is specified in connection.
+ #
+@@ -58,25 +52,9 @@ class strongswan (
+   Hash $connections = {},
+   Hash $secrets = {},
+   Hash $pools = {},
+-  Boolean $route_based = false,
+   String $xfrm_default_base_interface = 'lo',
+  String $strongswan_include = 'strongswan.d/*.conf',
+ ) {
+-  ensure_packages(['strongswan-swanctl', 'charon-systemd'])
+-  service { ['ipsec,', 'strongswan-starter']:
+-    ensure => stopped,
+-    enable => false,
+-  }
+-  service { 'strongswan':
+-    ensure => running,
+-    enable => true,
+-  }
+-  if ($route_based) {
+-    $d = strongswan::extract_xfrm_devices_from_connections($connections, $xfrm_default_base_interface)
+-    $_connections = $d['connections']
+-    ensure_resources('strongswan::xfrm', $d['xfrm'])
+-  } else {
+-    $_connections = $connections
+-  }
+   file { '/etc/strongswan.conf':
+     owner   => 'root',
+     mode    => '0600',
+@@ -100,18 +78,7 @@ class strongswan (
+         sw-collector       => $sw_collector,
+         starter            => $starter,
+         swanctl            => $swanctl,
+        strongswan_include => $strongswan_include,
+     }),
+-    notify  => Service['strongswan'],
+-  }
+-  file { '/etc/swanctl/swanctl.conf':
+-    owner   => 'root',
+-    mode    => '0600',
+-    content => strongswan::hash_to_strongswan_config({
+-        authorities => $authorities,
+-        connections => $_connections,
+-        secrets     => $secrets,
+-        pools       => $pools,
+-    }),
+-    notify  => Service['strongswan'],
+   }
+ }
+diff --git a/manifests/swanctl.pp b/manifests/swanctl.pp
+new file mode 100644
+index 0000000..f85e7e3
+--- /dev/null
+++ b/manifests/swanctl.pp
+@@ -0,0 +1,22 @@
+# @param authorities authorities block in swanctl.conf.
+# @param connections connections block in swanctl.conf.
+# @param secrets secrets block in swanctl.conf.
+# @param pools pools block in swanctl.conf.
+
+class strongswan::swanctl (
+  Hash $authorities = {},
+  Hash $connections = {},
+  Hash $secrets = {},
+  Hash $pools = {},
+) {
+  file { '/etc/swanctl/swanctl.conf':
+    owner   => 'root',
+    mode    => '0600',
+    content => strongswan::hash_to_strongswan_config({
+        authorities => $authorities,
+        connections => $connections,
+        secrets     => $secrets,
+        pools       => $pools,
+    }),
+  }
+}
+-- 
+2.25.1
+
--- a/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/patches/series
+++ b/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/patches/series
@ -0,0 +1 @@
+0001-Add-classes-to-update-config-files.patch
--- a/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/puppet-zitrlp-strongswan.install
+++ b/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/puppet-zitrlp-strongswan.install
@ -0,0 +1,3 @@
+metadata.json usr/share/puppet/modules.available/puppet-zitrlp-strongswan
+lib usr/share/puppet/modules.available/puppet-zitrlp-strongswan
+manifests usr/share/puppet/modules.available/puppet-zitrlp-strongswan
--- a/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/puppet-zitrlp-strongswan.postinst
+++ b/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/puppet-zitrlp-strongswan.postinst
@ -0,0 +1,13 @@
+#!/bin/sh
+# see: dh_installdeb(1)
+
+set -e
+
+if [ "${1}" = "configure" ] ; then
+    update-alternatives --install /usr/share/puppet/modules/strongswan puppet-module-zitrlp-strongswan \
+        /usr/share/puppet/modules.available/puppet-zitrlp-strongswan 500
+fi
+
+#DEBHELPER#
+
+exit 0
--- a/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/puppet-zitrlp-strongswan.postrm
+++ b/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/puppet-zitrlp-strongswan.postrm
@ -0,0 +1,13 @@
+#!/bin/sh
+# see: dh_installdeb(1)
+
+set -e
+
+if [ "${1}" = "remove" ] || [ "${1}" = "disappear" ]; then
+    update-alternatives --remove puppet-module-zitrlp-strongswan \
+        /usr/share/puppet/modules.available/puppet-zitrlp-strongswan
+fi
+
+#DEBHELPER#
+
+exit 0
--- a/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/puppet-zitrlp-strongswan.prerm
+++ b/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/puppet-zitrlp-strongswan.prerm
@ -0,0 +1,13 @@
+#!/bin/sh
+# see: dh_installdeb(1)
+
+set -e
+
+if [ "${1}" = "remove" ] || [ "${1}" = "upgrade" || [ "${1}" = "deconfigure" ]; then
+    update-alternatives --remove puppet-module-zitrlp-strongswan \
+        /usr/share/puppet/modules.available/puppet-zitrlp-strongswan
+fi
+
+#DEBHELPER#
+
+exit 0
--- a/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/rules
+++ b/config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/rules
@ -0,0 +1,7 @@
+#!/usr/bin/make -f
+# See debhelper(7) (uncomment to enable)
+# output every command that modifies files on the build system.
+#export DH_VERBOSE = 1
+
+%:
+	dh $@
--- a/config/puppet-modules/puppet-zitrlp-strongswan/debian/meta_data.yaml
+++ b/config/puppet-modules/puppet-zitrlp-strongswan/debian/meta_data.yaml
@ -0,0 +1,10 @@
+---
+debname: puppet-zitrlp-strongswan
+debver: 0.1.0
+dl_path:
+    name: zitrlp-strongswan-0.1.0.tar.gz
+    url: https://forge.puppet.com/v3/files/zitrlp-strongswan-0.1.0.tar.gz
+    sha256sum: bf145ac0f974cd2f0fa3a1f8da2d5cb86fcd2d9c116d737839c3ea5decd298d5
+revision:
+    dist: $STX_DIST
+    BASE_SRCREV: 9ddd3705b5dcb2b13741fb5698809c101267ef26
--- a/debian_iso_image.inc
+++ b/debian_iso_image.inc
@ -350,6 +350,9 @@ puppet-module-puppetlabs-postgresql
 #puppetlabs-stdlib-5.0.0
 puppet-module-puppetlabs-stdlib

+#puppet-zitrlp-strongswan
+puppet-zitrlp-strongswan
+
 #python-docker
 python3-docker

--- a/1
+++ b/1
@ -38,6 +38,7 @@ config/puppet-modules/puppet-network
 config/puppet-modules/puppet-puppi
 config/puppet-modules/puppet-rabbitmq-8.5.0
 config/puppet-modules/puppet-staging
+config/puppet-modules/puppet-zitrlp-strongswan
 docker/python-docker
 filesystem/drbd/drbd-tools
 filesystem/luks
				`@ -0,0 +1 @@`
				`0001-Add-classes-to-update-config-files.patch`