Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

stunnel (25) Versions 3.0.0

Provides resources to help install and configure stunnel

Policyfile
Berkshelf
Knife
cookbook 'stunnel', '= 3.0.0', :supermarket
cookbook 'stunnel', '= 3.0.0'
knife supermarket install stunnel
knife supermarket download stunnel
README
Dependencies
Changelog
Quality 100%

stunnel

Build Status

Chef cookbook to install and configure stunnel

Requirements

  • Chef 12.6+

Platform Support

  • Ubuntu 14.04+
  • CentOS 6.9+

Resources

An stunnel_connection resource is provided for defining stunnel connections. As a client:
```ruby
include_recipe 'stunnel'

stunnel_connection 'random_service' do
connect "#{rnd_srv_node['ipaddress']}:#{rnd_srv_node['random_service']['port']}"
accept node['random_service']['local_accept_port']
notifies :restart, 'service[stunnel]'
end
```

As a server:
```ruby
include_recipe 'stunnel::server'

stunnel_connection 'random_service' do
accept node['random_service']['tunnel_port']
connect node['random_service']['port']
notifies :restart, 'service[stunnel]'
end
```

Attributes

Lots of configurable attributes:

default['stunnel']['install_method'] = 'package'  # the other valid option is 'source'

default['stunnel']['packages'] = %w(stunnel4)
default['stunnel']['service_name'] = 'stunnel4'

default['stunnel']['ssl_dir'] = '/etc/ssl'
default['stunnel']['server_ssl_req']  = "/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=#{node['fqdn']}/emailAddress=root@#{node['fqdn']}"
default['stunnel']['cert_fqdn'] = node['fqdn']

default['stunnel']['use_chroot'] = false
default['stunnel']['chroot_path'] = "/usr/var/lib/stunnel"
default['stunnel']['pidfile'] = "/tmp/stunnel.pid"
default['stunnel']['user'] = "root"
default['stunnel']['group'] = "root"
default['stunnel']['ulimit'] = nil # set to a number to add ulimit setting to init script

default['stunnel']['https']['enabled'] = false
default['stunnel']['https']['accept_port'] = "443"
default['stunnel']['https']['connect_port'] = "81"

default['stunnel']['client_mode'] = true

default['stunnel']['fips'] = nil
default['stunnel']['ssl_version'] = 'all'
default['stunnel']['ssl_options'] = 'NO_SSLv2'
default['stunnel']['socket_tunings'] = %w(l:TCP_NODELAY=1 r:TCP_NODELAY=1)
default['stunnel']['compression'] = nil # zlib
default['stunnel']['debug'] = nil # 3
default['stunnel']['output'] = '/var/log/stunnel.log'

# key value pair mapping for default var file
default['stunnel']['default']['enabled'] = 1
default['stunnel']['default']['files'] = '/etc/stunnel/*.conf'
default['stunnel']['default']['options'] = ''

FIPS

FIPS mode can be enabled or disabled with the attribute ['stunnel']['fips']. A value of nil will omit the
"fips" setting from the config file altogether, falling back to the default behavior for that version of stunnel:

  • For 4.x releases FIPS defaults to on if stunnel was compiled with FIPS support.
  • For 5.x releases FIPS defaults to off.

ChefSpec Matchers

A set of ChefSpec matchers is included for unit testing with ChefSpec. These
are automatically available when you make this cookbook a dependency in your
cookbook's metadata. To illustrate:

Recipe code:

stunnel_connection 'haproxy_ssl' do
  accept    '443'
  connect   '8443'
end

And the matching spec:

it 'should create stunnel_connection haproxy_ssl' do
  expect(chef_run).to create_stunnel_connection('haproxy_ssl').with(
    accept:  '443',
    connect: '8443'
  )
end

You can also make assertions for notifying other resources:

it 'should notify stunnel to restart on changes to stunnel_connection[haproxy_ssl]' do
  resource = chef_run.stunnel_connection('haproxy_ssl')
  expect(resource).to notify('service[stunnel]').to(:restart)
end

A matcher for the delete action is also available:

it 'should delete stunnel_connection haproxy_ssl' do
  expect(chef_run).to delete_stunnel_connection('haproxy_ssl')
end

Testing Locally

To run the tests, make sure you've got the latest ChefDK along with
Vagrant then you can run chef exec kitchen test which will run the
entire test suite on all platforms.

License and Authors

Copyright:: 2016-2017 Aetrion, LLC dba DNSimple

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Change Log

v3.0.0 (2017-09-06)

Full Changelog

Implemented enhancements:

Merged pull requests:

v2.3.0 (2016-11-23)

Full Changelog

Merged pull requests:

v2.2.0 (2016-11-15)

Full Changelog

Implemented enhancements:

Closed issues:

  • Latest version 0.2.5 should be version 2.0.5 #16

Merged pull requests:

v2.1.0 (2014-04-11)

Full Changelog

Merged pull requests:

  • Added CAfile, cert, verify (eg. 1, 2, 3) to stunnel_connection resource #18 (portertech)
  • Add override for client_mode option per connection #12 (autrejacoupa)

v2.0.4 (2013-06-19)

Full Changelog

Merged pull requests:

v2.0.2 (2013-03-27)

Full Changelog

v2.0.0 (2012-12-29)

Merged pull requests:

* This Change Log was automatically generated by github_changelog_generator

Collaborator Number Metric
            

3.0.0 passed this metric

Contributing File Metric
            

3.0.0 passed this metric

Foodcritic Metric
            

3.0.0 passed this metric

License Metric
            

3.0.0 passed this metric

No Binaries Metric
            

3.0.0 passed this metric

Testing File Metric
            

3.0.0 passed this metric

Version Tag Metric
            

3.0.0 passed this metric