Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

strongswanaws (5) Versions 0.1.5

Installs/Configures StrongSwan

Policyfile
Berkshelf
Knife
cookbook 'strongswanaws', '= 0.1.5', :supermarket
cookbook 'strongswanaws', '= 0.1.5'
knife supermarket install strongswanaws
knife supermarket download strongswanaws
README
Dependencies
Changelog
Quality 100%

StrongSwan AWS Cookbook

Contents

Summary

The StrongSwan AWS Cookbook creates an AWS-compatible IPSec tunnel on a node.

Requirements

This cookbook works with StrongSwan, an open-source IPSec-based VPN solution.

It has been tested with StrongSwan 5.1.2, as packaged for Ubuntu.

Supported Platforms

.------------------------.
| Distribution | Version |
|------------------------|
| Ubuntu       | 14.04   |
'------------------------'

Cookbook Dependencies

This cookbook does not depend on any other cookbooks.

Attributes

This cookbook uses the following attributes.

.-------------------------------------------------------------------------------------------.
| Key                          | Type    | Description                           | Default  |
|-------------------------------------------------------------------------------------------|
| ['awsstrongswan']['debug']   | Boolean | Cause charon to log debug information | true     |
| ['awsstrongswan']['tunnels'] | Array   | Tunnels to which to connect           | empty [] |
'-------------------------------------------------------------------------------------------'

These attributes can be set as below.

['awsstrongswan']['debug']:

"default_attributes": {
  "strongswanaws": {
    "debug": true
  }
}

['awsstrongswan']['tunnels']:

"default_attributes": {
  "strongswanaws": {
    "tunnels": [
      {
        "name": "tunnel-to-other-vpc",
        "local_network": "10.10.0.0/16",
        "remote_network": "10.11.0.0/16",
        "tunnel_ip": "1.2.3.4"
      }
    ]
  }
}

Data Bags

This cookbook makes use of a data bag named strongswanaws.

The data bag should contain a single item named tunnel_keys.

The item tunnel_keys should look as shown below.

{
  "id": "tunnel_keys",
  "key_configs": [
    {
      "name": "tunnel-to-other-vpc",
      "psk": "Ep53A1ZqY6f.KWO90LABLzfRZyf62GyM",
      "source_ips": [
        "1.2.3.4"
      ]
    }
  ]
}

There may be zero or more tunnels in the tunnel_keys list.

Recipes

This cookbook contains the following recipes.

  • strongswanaws::default - This recipe is empty. It allows the cookbook to be included without running an action.

  • strongswanaws::server - This recipe does the following.

    • Installs StrongSwan
    • Sets system-wide limits with sysctl
    • Runs Charon
    • Sets StrongSwan start on boot
  • strongswanaws::tunnels - This recipe does the following.

    • Writes PSK's to the secrets file
    • Configures tunnels to which StrongSwan will connect

Usage

Include the server recipe to only install StrongSwan and set system limits.

"run_list": [
  "recipe[strongswanaws::server]"
]

Include both server and tunnels recipes to configure StrongSwan to establish one or more IPSec sessions.

"run_list": [
  "recipe[strongswanaws::server]",
  "recipe[strongswanaws::tunnels]",
]

Resources

strongswanaws::connection - Add an IPSec session for StrongSwan to establish

Parameters:

  • connection_name - A string to label an IPSec session (name attribute)
  • local_network - A CIDR-formatted network address (required)
  • remote_network - A CIDR-formatted network address (required)
  • remote_gateway - An IPv4 address (required)
  • startup_operation - A string to indicate the desired initial state of the tunnel (one of 'add', 'route', 'start')

Example:

strongswanaws_connection 'remote_tunnel' do
  connection_name   'remote_tunnel'
  local_network     '10.10.0.0/16'
  remote_network    '10.11.0.0/16'
  remote_gateway    '1.2.3.4'
  startup_operation 'start'
end

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

0.1.0

Initial release of strongswanaws

Foodcritic Metric
            

0.1.5 passed this metric