GithubHelp home page GithubHelp logo

sous-chefs / stunnel Goto Github PK

View Code? Open in Web Editor NEW
15.0 24.0 46.0 226 KB

Development repository for the stunnel cookbook

Home Page: https://supermarket.chef.io/cookbooks/stunnel

License: Apache License 2.0

Ruby 67.44% Shell 16.33% HTML 16.22%
chef-cookbook chef-resource chef hacktoberfest stunnel managed-by-terraform

stunnel's Introduction

stunnel

Cookbook Version Build Status OpenCollective OpenCollective License

Chef cookbook to install and configure stunnel

Maintainers

This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If youโ€™d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.

Requirements

  • Chef 13

Platform Support

  • Ubuntu 14.04+
  • CentOS 6.9+

Resources

An stunnel_connection resource is provided for defining stunnel connections. As a client:

include_recipe 'stunnel'

stunnel_connection 'random_service' do
  connect "#{rnd_srv_node['ipaddress']}:#{rnd_srv_node['random_service']['port']}"
  accept node['random_service']['local_accept_port']
  notifies :restart, 'service[stunnel]'
end

As a server:

include_recipe 'stunnel::server'

stunnel_connection 'random_service' do
  accept node['random_service']['tunnel_port']
  connect node['random_service']['port']
  notifies :restart, 'service[stunnel]'
end

Attributes

Lots of configurable attributes:

default['stunnel']['install_method'] = 'package'  # the other valid option is 'source'

default['stunnel']['packages'] = %w(stunnel4)
default['stunnel']['service_name'] = 'stunnel4'

default['stunnel']['ssl_dir'] = '/etc/ssl'
default['stunnel']['server_ssl_req']  = "/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=#{node['fqdn']}/emailAddress=root@#{node['fqdn']}"
default['stunnel']['cert_fqdn'] = node['fqdn']

default['stunnel']['use_chroot'] = false
default['stunnel']['chroot_path'] = "/usr/var/lib/stunnel"
default['stunnel']['pidfile'] = "/tmp/stunnel.pid"
default['stunnel']['user'] = "root"
default['stunnel']['group'] = "root"
default['stunnel']['ulimit'] = nil # set to a number to add ulimit setting to init script

default['stunnel']['https']['enabled'] = false
default['stunnel']['https']['accept_port'] = "443"
default['stunnel']['https']['connect_port'] = "81"

default['stunnel']['client_mode'] = true

default['stunnel']['fips'] = nil
default['stunnel']['ssl_version'] = 'all'
default['stunnel']['ssl_options'] = 'NO_SSLv2'
default['stunnel']['socket_tunings'] = %w(l:TCP_NODELAY=1 r:TCP_NODELAY=1)
default['stunnel']['compression'] = nil # zlib
default['stunnel']['debug'] = nil # 3
default['stunnel']['output'] = '/var/log/stunnel.log'

# key value pair mapping for default var file
default['stunnel']['default']['enabled'] = 1
default['stunnel']['default']['files'] = '/etc/stunnel/-.conf'
default['stunnel']['default']['options'] = ''

# certificate/key is needed in server mode and optional in client mode
default['stunnel']['certificate_path'] = nil # /etc/pki/stunnel/cert.pem
default['stunnel']['key_path'] = nil # /etc/pki/stunnel/key.pem

FIPS

FIPS mode can be enabled or disabled with the attribute ['stunnel']['fips']. A value of nil will omit the "fips" setting from the config file altogether, falling back to the default behavior for that version of stunnel:

  • For 4.x releases FIPS defaults to on if stunnel was compiled with FIPS support.
  • For 5.x releases FIPS defaults to off.

ChefSpec Matchers

A set of ChefSpec matchers is included for unit testing with ChefSpec. These are automatically available when you make this cookbook a dependency in your cookbook's metadata. To illustrate:

Recipe code:

stunnel_connection 'haproxy_ssl' do
  accept    '443'
  connect   '8443'
end

And the matching spec:

it 'should create stunnel_connection haproxy_ssl' do
  expect(chef_run).to create_stunnel_connection('haproxy_ssl').with(
    accept:  '443',
    connect: '8443'
  )
end

You can also make assertions for notifying other resources:

it 'should notify stunnel to restart on changes to stunnel_connection[haproxy_ssl]' do
  resource = chef_run.stunnel_connection('haproxy_ssl')
  expect(resource).to notify('service[stunnel]').to(:restart)
end

A matcher for the delete action is also available:

it 'should delete stunnel_connection haproxy_ssl' do
  expect(chef_run).to delete_stunnel_connection('haproxy_ssl')
end

Testing Locally

To run the tests, make sure you've got the latest ChefDK along with Vagrant then you can run chef exec kitchen test which will run the entire test suite on all platforms.

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers!

https://opencollective.com/sous-chefs#backers

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website.

https://opencollective.com/sous-chefs/sponsor/0/website https://opencollective.com/sous-chefs/sponsor/1/website https://opencollective.com/sous-chefs/sponsor/2/website https://opencollective.com/sous-chefs/sponsor/3/website https://opencollective.com/sous-chefs/sponsor/4/website https://opencollective.com/sous-chefs/sponsor/5/website https://opencollective.com/sous-chefs/sponsor/6/website https://opencollective.com/sous-chefs/sponsor/7/website https://opencollective.com/sous-chefs/sponsor/8/website https://opencollective.com/sous-chefs/sponsor/9/website

stunnel's People

Contributors

autrejacoupa avatar axelrtgs avatar bryanwb avatar chrisroberts avatar damacus avatar dje avatar freerobby avatar jeffbyrnes avatar josephholsten avatar kitchen-porter avatar logicsys avatar martinisoft avatar martj686 avatar mitch-roblox avatar mzsanford avatar onlyhavecans avatar portertech avatar powerschill avatar ramereth avatar ravwar avatar renovate[bot] avatar ssevertson avatar tas50 avatar therobot avatar thoutenbos avatar webframp avatar xorima avatar xorimabot avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

freerobby nevans cloudcontrol kwarter-cookbooks josephreynolds skamithi mzsanford everythingme bryanwb abrooke-forks altiscale alex-chef evertrue higanworks-cookbooks yusukemori97 independentip schubergphilis ssevertson maraca thalweg-cookbooks paulrossman amplify-education jhmartin yifangd sjaq dylancanfield onlyhavecans symondsandson mitch-roblox ravwar visioncritical meringu jackwarner nixworks majormoses mdeonarain1 zetas tomwganem ascot21 cotap isabella232 logicsys seanpm2001 nursenaydin28

stunnel's Issues

Unable to restart Stunnel

I am trying to restart my stunnel service on Ubuntu 18.04. But whenever I do restart using systemctl restart stunnel4.service, it fails. But when I do /etc/init.d/stunnel4 restart, it works.

๐Ÿฅž 4.1.0

๐Ÿ‘ฉโ€๐Ÿณ 16.8.14

๐ŸŽฉ Ubuntu 18.04. AWS Cloud

Steps To Reproduce

Steps to reproduce the behavior:

  1. systemctl restart stunnel4.service -> Fails

๐Ÿš“ Expected behavior

Stunnel restarting successfully.

๐Ÿš“ Actual behavior

stunnel4[19673]: [ ] Compression disabled stunnel4[19673]: [ ] Snagged 64 random bytes from /dev/urandom stunnel4[19673]: [!] PRNG seeded with 128 bytes total stunnel4[19673]: [!] PRNG was not seeded with enough random bytes stunnel4[19673]: [!] /etc/stunnel/stunnel.conf:49: "[redis]": Failed to initialize TLS sytemd[1]: stunnel4.service: Control process exited, code=exited status=1 stunnel4[19673]: [Failed: /etc/stunnel/stunnel.conf] stunnel4[19673]: You should check that you have specified the pid= in you configuration file systemd[1]: stunnel4.service: Failed with result 'exit-code'. systemd[1]: Failed to start LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons).

โž• Additional context

As mentioned above, the restart is failing when used with systemctl, but works when I restart with /etc/init.d/stunnel4 restart

Update Changelog

๐Ÿ—ฃ๏ธ Foreword

Thank for taking the time to fill this bug report fully. Without it we may not be able to fix the bug, and the issue may be closed without resolution.

๐Ÿ‘ป Brief Description

Update all CHANGELOGs to follow standard defined at https://keepachangelog.com/

Issue sprouted from sous-chefs/meta/issues/101. If not applicable then issue should be closed.

Fix ChefSpec matchers to use new method

Consumers of this cookbook in ChefSpec are getting the following deprecation warning:

[DEPRECATION] `ChefSpec::Runner.define_runner_method' is deprecated. It is being used in the stunnel_connection resource matcher. Please use `ChefSpec.define_matcher' instead. (called from spec/unit/recipes/default_spec.rb:15:in `block (3 levels) in <top (required)>')

Update builds to be parallel

๐Ÿ—ฃ๏ธ Foreword

Thank for taking the time to fill this bug report fully. Without it we may not be able to fix the bug, and the issue may be closed without resolution.

๐Ÿ‘ป Brief Description

As part of our build process we should build each possible operating system separately

  1. Ensure you have dokken setup and working:
  2. dokken: aliased to KITCHEN_LOCAL_YAML=kitchen.dokken.yml kitchen
  3. run dokken list, you should see a list of builds with dokken as the provider
  4. download: https://github.com/sous-chefs/repo-management/blob/master/scripts/circleci_maker.rb and make this executable
  5. run: dokken list -j | ./circleci_maker.rb > .circleci/config.yml

Issue sprouted from sous-chefs/meta/issues/112. If not applicable then issue should be closed.

Poor default location for stunnel.pid

The default location for the stunnel pidfile is /tmp which gets removed by most distributions /tmp cleanup, causing chef to fail after several days when this file gets removed.

Chef fails with:

STDOUT: Starting SSL tunnels: [Failed: /etc/stunnel/stunnel.conf] You should check that you have specified the pid= in you configuration file

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

github-actions
.github/workflows/ci.yml
  • sous-chefs/.github 3.0.0
  • actions/checkout v4
  • actionshub/chef-install 2.0.4
  • actionshub/test-kitchen 2.1.0
.github/workflows/stale.yml
  • actions/stale v8
  • Check this box to trigger a request for Renovate to run again on this repository

Remove .rubocop.yml with Dangerfile

๐Ÿ—ฃ๏ธ Foreword

Thank for taking the time to fill this bug report fully. Without it we may not be able to fix the bug, and the issue may be closed without resolution.

๐Ÿ‘ป Brief Description

If the only thing in the .rubocop/yml is Dangerfile
Run the latest cookstyle
Remove .rubpopo.yml

Issue sprouted from sous-chefs/meta/issues/108. If not applicable then issue should be closed.

Run latest cookstyle

๐Ÿ—ฃ๏ธ Foreword

Thank for taking the time to fill this bug report fully. Without it we may not be able to fix the bug, and the issue may be closed without resolution.

๐Ÿ‘ป Brief Description

Chef have released updated cookstyle rules, we should therefore run the auto fix against the cookbook

  1. Ensure you are on the latest stable chef-workstation
  2. Run cookstyle -a

Issue sprouted from sous-chefs/meta/issues/111. If not applicable then issue should be closed.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.