v0.2.0 Updates

.gitignore

@@ -16,3 +16,4 @@ tags
 
 # Ruby
 Gemfile.lock
+pkg

.puppet-lint.rc

@@ -0,0 +1,3 @@
+--no-autoloader_layout-check
+--no-class_inherits_from_params_class-check
+--no-80chars-check

README.md

@@ -1,5 +1,5 @@
 ## Summary
-Provides a defined resource type for managing stunnel on Debian and Red Hat systems.
+Provides a defined resource type for managing stunnel on AIX, Debian and Red Hat systems.
 
 ## Usage
 ```
@@ -8,20 +8,30 @@ Provides a defined resource type for managing stunnel on Debian and Red Hat syst
      private_key => "/etc/puppet/ssl/private_keys/${::clientcert}.pem",
      ca_file     => '/etc/puppet/ssl/certs/ca.pem',
      crl_file    => '/etc/puppet/ssl/crl.pem',
-    chroot      => '/var/lib/stunnel4/rsyncd',
+     chroot      => '/var/lib/stunnel4/rsyncd',
      user        => 'pe-puppet',
      group       => 'pe-puppet',
      client      => false,
      accept      => '1873',
      connect     => '873',
    }
+
+   stunnel::tun { 'ldap':
+     ca_file     => '/etc/puppet/ssl/certs/ca.pem',
+     crl_file    => '/etc/puppet/ssl/crl.pem',
+     client      => true,
+     accept      => 'localhost:1389',
+     connect     => 'ldap.server.local:636',
+   }
+
 ```
 
 ## Notes
-* There is no sysvinit script installed as part of the `stunnel` package on Red Hat systems.
+* This includes an sysvinit script because the `stunnel` package on Red Hat systems does not provide one.
 * Use of SSLv2 is highly discouraged because it's known to be vulnerable.
-* The chroot defined in `stunnel::tun` needs to be manually created.
+* AIX support does not include package installation
 
 ## Authors
 * Cody Herriages <[email protected]>
 * Sam Kottler <[email protected]>
+* Josh Preston

manifests/init.pp

@@ -7,17 +7,17 @@
 #
 # [*package*]
 #   The package name that represents the stunnel application on your
-#   distribution.  By default we look this value up in a stunnel::data class,
+#   distribution.  By default we look this value up in a stunnel::params class,
 #   which has a list of common answers.
 #
 # [*service*]
 #   The service name that represents the stunnel application on your
-#   distribution.  By default we look this value up in a stunnel::data class,
+#   distribution.  By default we look this value up in a stunnel::params class,
 #   which has a list of common answers.
 #
 # [*conf_dir*]
 #   The default base configuration directory for your version on stunnel.
-#   By default we look this value up in a stunnel::data class, which has a
+#   By default we look this value up in a stunnel::params class, which has a
 #   list of common answers.
 #
 # === Examples
@@ -27,44 +27,101 @@
 # === Authors
 #
 # Cody Herriges <[email protected]>
+# Josh Preston
 #
 # === Copyright
 #
 # Copyright 2012 Puppet Labs, LLC
 #
 class stunnel(
-  $package  = $stunnel::params::package,
-  $service  = $stunnel::params::service,
-  $conf_dir = $stunnel::params::conf_dir
+  # These are OS dependent...
+  $package      = $stunnel::params::package,
+  $service      = $stunnel::params::service,
+  $conf_dir     = $stunnel::params::conf_dir,
+  $log_dir      = $stunnel::params::log_dir,
+  $pid_dir      = $stunnel::params::pid_dir,
+  $chroot_dir   = $stunnel::params::chroot_dir,
+
+  # These are stunnel global options
+  $chroot       = $stunnel::params::chroot,
+  $compression  = $stunnel::params::compression,
+  $debug_level  = $stunnel::params::debug_level,
+  $fips         = $stunnel::params::fips,
+  $foreground   = $stunnel::params::foreground,
+  $group        = $stunnel::params::group,
+  $output       = $stunnel::params::output,
+  $pid_file     = $stunnel::params::pid_file,
+  $sockets      = $stunnel::params::sockets,
+  $syslog       = $stunnel::params::syslog,
+  $user         = $stunnel::params::user,
 ) inherits stunnel::params {
 
-  package { $package:
-    ensure => present,
+  if $package {
+    # Make sure the package is installed
+    package { $package:
+      ensure => present,
+      before => File[$conf_dir],
+    }
   }
 
+  # Make sure our config directory exists
   file { $conf_dir:
     ensure  => directory,
-    require => Package[$package],
     purge   => true,
     recurse => true,
   }
 
-  if $osfamily == "Debian" {
-    exec { 'enable stunnel':
-      command => 'sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/stunnel4',
-      path    => [ '/bin', '/usr/bin' ],
-      unless  => 'grep "ENABLED=1" /etc/default/stunnel4',
-      require => Package[$package],
-      before  => Service[$service],
+  # Make sure the pid directory exists if needed
+  if ($pid_dir and !$chroot and !$chroot_dir) {
+    file { $pid_dir:
+      ensure  => directory,
+    }
+  } else {
+    notify { 'Specifying chroot and pid_dir is not recommended': }
+  }
+
+  # Make sure the log directory exists if needed
+  if $log_dir {
+    file { $log_dir:
+      ensure  => directory,
+    }
+  }
+
+  # Make sure the chroot directory exists if needed
+  if $chroot_dir {
+    file { $chroot_dir:
+      ensure  => directory,
     }
+  }
 
-    # There isn't a sysvinit script installed by the "stunnel" package on
-    # Red Hat systems.
-    service { $service:
-      ensure     => running,
-      enable     => true,
-      hasrestart => true,
-      hasstatus  => false,
+  # Debian must handle stunnel differently and AIX needs telinit -q
+  case $::osfamily {
+
+    'AIX': {
+      exec { 'telinit -q':
+        command     => 'telinit -q',
+        path        => '/usr/bin:/usr/sbin:/bin:/sbin',
+        refreshonly => true,
+      }
     }
+
+    'Debian': {
+      exec { 'enable stunnel':
+        command => 'sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/stunnel4',
+        path    => [ '/bin', '/usr/bin' ],
+        unless  => 'grep "ENABLED=1" /etc/default/stunnel4',
+        require => Package[$package],
+        before  => Service[$service],
+      }
+      service { $service:
+        ensure     => running,
+        enable     => true,
+        hasrestart => true,
+        hasstatus  => false,
+      }
+    }
+
+    default: { }
   }
+
 }

manifests/params.pp

@@ -1,10 +1,11 @@
-# == Class: stunnel::data
+# == Class: stunnel::params
 #
-# This module sets up SSL encrypted and authenticated tunnels using the
-# common application stunnel.
+# This class sets up the default values for the OS and global options.
 #
 # === Variables
 #
+# ==== OS Variables
+#
 # [*package*]
 #   The package name that represents the stunnel application on your
 #   distribution.
@@ -16,26 +17,89 @@
 # [*conf_dir*]
 #   The default base configuration directory for your version on stunnel.
 #
+# [*pid_dir*]
+#   The default base pid file directory for stunnel services.
+#
+# [*log_dir*]
+#   The default base log file directory for stunnel services.
+#
+# [*lock_dir*]
+#   The default base lock file directory for stunnel services.
+#
+# ==== Global Variables
+#
+# [*compression*]
+#   The default compression for stunnel services.
+#
+# [*debug_level*]
+#   The default debug level for stunnel services.
+#
+# [*fips*]
+#   The default fips flag for stunnel services.
+#
+# [*foreground*]
+#   The default foreground flag for stunnel services.
+#
+# [*log*]
+#   The default logging type for stunnel services.
+#
+# [*output*]
+#   The default log file for stunnel services.
+#
+# [*sockets*]
+#   The default socket options for stunnel services.
+#
+# [*syslog*]
+#   The default syslog flag for stunnel services.
+#
 # === Authors
 #
 # Cody Herriges <[email protected]>
 # Sam Kottler <[email protected]>
+# Josh Preston
 #
 # === Copyright
 #
 # Copyright 2012 Puppet Labs, LLC
 #
 class stunnel::params {
-  case $osfamily {
+
+  case $::osfamily {
+
+    AIX: {
+      $conf_dir = '/etc/stunnel'
+      $pid_dir  = '/var/run'
+      $log_dir  = '/var/log/stunnel'
+    }
+
     Debian: {
       $conf_dir = '/etc/stunnel'
+      $log_dir  = '/var/log/stunnel'
       $package  = 'stunnel4'
+      $pid_file = '/var/run/stunnel.pid'
       $service  = 'stunnel4'
     }
+
     RedHat: {
       $conf_dir = '/etc/stunnel'
-      $package = 'stunnel'
-      $service = 'stunnel'
+      $lock_dir = '/var/lock/subsys'
+      $log_dir  = '/var/log/stunnel'
+      $package  = 'stunnel'
+      $pid_dir  = '/var/run'
+    }
+
+    default: {
+      notify { "${::osfamily} is not supported.": }
     }
+
   }
+
+  $compression = 'zlib'
+  $debug_level = '4'
+  $fips        = 'no'
+  $foreground  = 'no'
+  $service     = 'stunnel'
+  $log         = 'append'
+  $output      = '/var/log/stunnel.log'
+  $syslog      = 'yes'
 }