Table of Contents
-
Setup - The basics of getting started with pupmod-simp-stunnel
-
Reference - An under-the-hood peek at what the module is doing and how
This is a SIMP module
This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, they can be submitted to our JIRA.
Please read our Contribution Guide and visit our developer wiki.
This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:
-
When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
-
All SIMP-managed security subsystems are disabled by default and must be explicitly opted into by administrators. Please review simp/simp_options for details.
Module Description
This module sets up stunnel and allows the creation of stunnel connections for services.
IMPORTANT
| Please use the stunnel::connection
define instead of
including the | stunnel
class directly. | | The main
stunnel
class is deprecated and will be removed in a future
release. | | The main stunnel
class manages the
global stunnel configuration and | this was deemed to be
too risky for use across services that are not related.
Setup
What simp stunnel affects
simp::stunnel will manage:
-
The latest version of stunnel
-
Ensure the service is running
-
Stunnel configuration files and daemons for each of your services
-
A stunnel chroot directory for each of your services
-
If
$firewall
is set totrue
, will manage the simp/iptables firewall settings required for stunnel.
Setup Requirements
There are no special requirements for using this module.
Beginning with stunnel
You can set up stunnel for a particular service using the following code:
stunnel::instance { 'service_name':
accept => 873,
connect => ['1.2.3.4:8730']
}
This will create /etc/stunnel/stunnel_service_name.conf
and
spawn a system service stunnel_service_name
.
Usage
I want to add a connection to the stunnel server
stunnel::instance { 'my_service':
connect => ['stunnel.server.int:8730'],
accept => '127.0.0.1:873'
}
I want to build a connection on the stunnel server
stunnel::connection { 'my_service':
client => false,
connect => [873],
accept => 8730
}
Reference
Please see the puppet strings
generated
documentation for a full reference.
Limitations
This module is only designed to work in RHEL or CentOS 6 and 7. Any other operating systems have not been tested and results cannot be guaranteed.
Development
Please see the SIMP Contribution Guidelines.
General developer documentation can be found on Confluence. Visit the project homepage on GitHub, chat with us on our HipChat, and look at our issues on JIRA.