Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

erp3207: fix requirement

  • Loading branch information...
quanta
quanta committed Jul 16, 2015
1 parent c36e5fd commit b6c8a0930661bf97d955547831a16b3f545208bd
Showing with 25 additions and 3 deletions.
  1. +10 −0 openssl/init.sls
  2. +4 −0 openssl/nrpe.sls
  3. +2 −2 openvpn/server/init.sls
  4. +1 −1 openvpn/server/nrpe/init.sls
  5. +2 −0 ssl/init.sls
  6. +1 −0 ssl/nrpe.sls
  7. +5 −0 strongswan/server/init.sls
@@ -0,0 +1,10 @@
{#- Usage of this is governed by a license that can be found in doc/license.rst -#}

include:
- apt

openssl:
pkg:
- installed
- require:
- cmd: apt_sources
@@ -0,0 +1,4 @@
{#- Usage of this is governed by a license that can be found in doc/license.rst -#}

include:
- apt.nrpe
@@ -7,7 +7,7 @@ include:
- openvpn
- rsyslog
- salt.minion.deps
- ssl
- openssl
/etc/default/openvpn:
file:
@@ -45,7 +45,7 @@ openvpn_dh:
- name: openssl dhparam -out /etc/openvpn/dh.pem {{ salt['pillar.get']('openvpn:dhparam:key_size', 2048) }}
- unless: test -f /etc/openvpn/dh.pem
- require:
- pkg: ssl-cert
- pkg: openssl
- pkg: openvpn
openvpn_ca:
@@ -5,6 +5,6 @@ include:
- apt.nrpe
- nrpe
- rsyslog.nrpe
- ssl.nrpe
- openssl.nrpe
{{ passive_check('openvpn.server') }}
@@ -2,12 +2,14 @@

include:
- apt
- openssl

ssl-cert:
pkg:
- latest
- require:
- cmd: apt_sources
- pkg: openssl

{#-
package ca-certificates can't be removed because salt-minion require it,
@@ -2,4 +2,5 @@

include:
- apt.nrpe
- openssl.nrpe
- sslyze
@@ -5,6 +5,7 @@
include:
- apt
- firewall
- openssl
- strongswan
- sysctl
@@ -49,6 +50,8 @@ strongswan_ca_cert:
- cwd: /etc/ipsec.d/cacerts
- cmd: openssl x509 -in {{ ca_name }}_cert.pem -inform pem -out {{ ca_name }}_cert.der -outform der
- unless: test -f /etc/ipsec.d/cacerts/{{ ca_name }}_cert.der
- require:
- pkg: openssl
- watch:
- cmd: strongswan_ca_cert
@@ -119,6 +122,8 @@ strongswan_client_{{ client }}_cert:
- cwd: /etc/ipsec.d/certs
- cmd: openssl pkcs12 -export -inkey /etc/ipsec.d/private/{{ client }}_key.pem -in {{ client }}_cert.pem -name "{{ client }}" -certfile /etc/ipsec.d/cacerts/{{ ca_name }}_cert.pem -caname "{{ ca_name }} CA" -out {{ client }}_cert.p12 -password pass:{{ password }}
- unless: test -f /etc/ipsec.d/certs/{{ client }}_cert.p12
- require:
- pkg: openssl
- watch:
- cmd: strongswan_client_{{ client }}_cert
{%- endfor %}

0 comments on commit b6c8a09

Please sign in to comment.
You can’t perform that action at this time.