cookbook 'stunnel', '= 3.0.0'
stunnel
(25) Versions
3.0.0
-
Follow15
Provides resources to help install and configure stunnel
cookbook 'stunnel', '= 3.0.0', :supermarket
knife supermarket install stunnel
knife supermarket download stunnel
stunnel
Chef cookbook to install and configure stunnel
Requirements
- Chef 12.6+
Platform Support
- Ubuntu 14.04+
- CentOS 6.9+
Resources
An stunnel_connection
resource is provided for defining stunnel connections. As a client:
```ruby
include_recipe 'stunnel'
stunnel_connection 'random_service' do
connect "#{rnd_srv_node['ipaddress']}:#{rnd_srv_node['random_service']['port']}"
accept node['random_service']['local_accept_port']
notifies :restart, 'service[stunnel]'
end
```
As a server:
```ruby
include_recipe 'stunnel::server'
stunnel_connection 'random_service' do
accept node['random_service']['tunnel_port']
connect node['random_service']['port']
notifies :restart, 'service[stunnel]'
end
```
Attributes
Lots of configurable attributes:
default['stunnel']['install_method'] = 'package' # the other valid option is 'source' default['stunnel']['packages'] = %w(stunnel4) default['stunnel']['service_name'] = 'stunnel4' default['stunnel']['ssl_dir'] = '/etc/ssl' default['stunnel']['server_ssl_req'] = "/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=#{node['fqdn']}/emailAddress=root@#{node['fqdn']}" default['stunnel']['cert_fqdn'] = node['fqdn'] default['stunnel']['use_chroot'] = false default['stunnel']['chroot_path'] = "/usr/var/lib/stunnel" default['stunnel']['pidfile'] = "/tmp/stunnel.pid" default['stunnel']['user'] = "root" default['stunnel']['group'] = "root" default['stunnel']['ulimit'] = nil # set to a number to add ulimit setting to init script default['stunnel']['https']['enabled'] = false default['stunnel']['https']['accept_port'] = "443" default['stunnel']['https']['connect_port'] = "81" default['stunnel']['client_mode'] = true default['stunnel']['fips'] = nil default['stunnel']['ssl_version'] = 'all' default['stunnel']['ssl_options'] = 'NO_SSLv2' default['stunnel']['socket_tunings'] = %w(l:TCP_NODELAY=1 r:TCP_NODELAY=1) default['stunnel']['compression'] = nil # zlib default['stunnel']['debug'] = nil # 3 default['stunnel']['output'] = '/var/log/stunnel.log' # key value pair mapping for default var file default['stunnel']['default']['enabled'] = 1 default['stunnel']['default']['files'] = '/etc/stunnel/*.conf' default['stunnel']['default']['options'] = ''
FIPS
FIPS mode can be enabled or disabled with the attribute ['stunnel']['fips']
. A value of nil will omit the
"fips" setting from the config file altogether, falling back to the default behavior for that version of stunnel:
- For 4.x releases FIPS defaults to on if stunnel was compiled with FIPS support.
- For 5.x releases FIPS defaults to off.
ChefSpec Matchers
A set of ChefSpec matchers is included for unit testing with ChefSpec. These
are automatically available when you make this cookbook a dependency in your
cookbook's metadata. To illustrate:
Recipe code:
stunnel_connection 'haproxy_ssl' do accept '443' connect '8443' end
And the matching spec:
it 'should create stunnel_connection haproxy_ssl' do expect(chef_run).to create_stunnel_connection('haproxy_ssl').with( accept: '443', connect: '8443' ) end
You can also make assertions for notifying other resources:
it 'should notify stunnel to restart on changes to stunnel_connection[haproxy_ssl]' do resource = chef_run.stunnel_connection('haproxy_ssl') expect(resource).to notify('service[stunnel]').to(:restart) end
A matcher for the delete action is also available:
it 'should delete stunnel_connection haproxy_ssl' do expect(chef_run).to delete_stunnel_connection('haproxy_ssl') end
Testing Locally
To run the tests, make sure you've got the latest ChefDK along with
Vagrant then you can run chef exec kitchen test
which will run the
entire test suite on all platforms.
License and Authors
- Author:: Aaron Kalin
Copyright:: 2016-2017 Aetrion, LLC dba DNSimple
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Change Log
v3.0.0 (2017-09-06)
Implemented enhancements:
- Convert to Chef 12.6+ Custom Resource #41 (martinisoft)
Merged pull requests:
- Remove 'supports { manage_home: true }' #39 (RavWar)
- Add FIPS configuration option #37 (mitch-roblox)
v2.3.0 (2016-11-23)
Merged pull requests:
- Add a ulimit setting, added to init script if not nil #36 (onlyhavecans)
v2.2.0 (2016-11-15)
Implemented enhancements:
- Lower the precedence of services node attributes #31 (martinisoft)
- Expose SSL ciphers option #23 (thoutenbos)
- Source install #22 (thoutenbos)
Closed issues:
- Latest version 0.2.5 should be version 2.0.5 #16
Merged pull requests:
- Replacing restart on the configuration for reload #35 (therobot)
- Modernize cookbook #30 (martinisoft)
- Add basic ChefSpec matchers #20 (jeffbyrnes)
- Feature/log warnings #9 (dje)
v2.1.0 (2014-04-11)
Merged pull requests:
- Added CAfile, cert, verify (eg. 1, 2, 3) to stunnel_connection resource #18 (portertech)
- Add override for client_mode option per connection #12 (autrejacoupa)
v2.0.4 (2013-06-19)
Merged pull requests:
v2.0.2 (2013-03-27)
v2.0.0 (2012-12-29)
Merged pull requests:
* This Change Log was automatically generated by github_changelog_generator
Collaborator Number Metric
3.0.0 passed this metric
Contributing File Metric
3.0.0 passed this metric
Foodcritic Metric
3.0.0 passed this metric
License Metric
3.0.0 passed this metric
No Binaries Metric
3.0.0 passed this metric
Testing File Metric
3.0.0 passed this metric
Version Tag Metric
3.0.0 passed this metric
3.0.0 passed this metric
3.0.0 passed this metric
Foodcritic Metric
3.0.0 passed this metric
License Metric
3.0.0 passed this metric
No Binaries Metric
3.0.0 passed this metric
Testing File Metric
3.0.0 passed this metric
Version Tag Metric
3.0.0 passed this metric
3.0.0 passed this metric
3.0.0 passed this metric
No Binaries Metric
3.0.0 passed this metric
Testing File Metric
3.0.0 passed this metric
Version Tag Metric
3.0.0 passed this metric
3.0.0 passed this metric
3.0.0 passed this metric
Version Tag Metric
3.0.0 passed this metric
3.0.0 passed this metric