diff options
Diffstat (limited to 'puppet/modules/openvpn')
35 files changed, 0 insertions, 1661 deletions
diff --git a/puppet/modules/openvpn/.fixtures.yml b/puppet/modules/openvpn/.fixtures.yml deleted file mode 100644 index 1125ecca..00000000 --- a/puppet/modules/openvpn/.fixtures.yml +++ /dev/null @@ -1,6 +0,0 @@ -fixtures: - repositories: - concat: git://github.com/ripienaar/puppet-concat.git - symlinks: - openvpn: "#{source_dir}" - diff --git a/puppet/modules/openvpn/.gitignore b/puppet/modules/openvpn/.gitignore deleted file mode 100644 index 6fd248b3..00000000 --- a/puppet/modules/openvpn/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -pkg -spec/fixtures -.vagrant diff --git a/puppet/modules/openvpn/.gitrepo b/puppet/modules/openvpn/.gitrepo deleted file mode 100644 index 0c191cd8..00000000 --- a/puppet/modules/openvpn/.gitrepo +++ /dev/null @@ -1,11 +0,0 @@ -; DO NOT EDIT (unless you know what you are doing) -; -; This subdirectory is a git "subrepo", and this file is maintained by the -; git-subrepo command. See https://github.com/git-commands/git-subrepo#readme -; -[subrepo] - remote = https://leap.se/git/puppet_openvpn - branch = master - commit = 26d4edc669853a268a65d2cbbfb42c19f1333de7 - parent = 7ce3190986cf8e5fe037a7ccd4c1076505b117f4 - cmdver = 0.3.0 diff --git a/puppet/modules/openvpn/.rvmrc b/puppet/modules/openvpn/.rvmrc deleted file mode 100644 index 6fbfb7f1..00000000 --- a/puppet/modules/openvpn/.rvmrc +++ /dev/null @@ -1,38 +0,0 @@ -#!/usr/bin/env bash - -# This is an RVM Project .rvmrc file, used to automatically load the ruby -# development environment upon cd'ing into the directory - -# First we specify our desired <ruby>[@<gemset>], the @gemset name is optional, -# Only full ruby name is supported here, for short names use: -# echo "rvm use 1.9.3" > .rvmrc -environment_id="ruby-1.9.3-p194@puppet" - -# Uncomment the following lines if you want to verify rvm version per project -# rvmrc_rvm_version="1.15.8 (stable)" # 1.10.1 seams as a safe start -# eval "$(echo ${rvm_version}.${rvmrc_rvm_version} | awk -F. '{print "[[ "$1*65536+$2*256+$3" -ge "$4*65536+$5*256+$6" ]]"}' )" || { -# echo "This .rvmrc file requires at least RVM ${rvmrc_rvm_version}, aborting loading." -# return 1 -# } - -# First we attempt to load the desired environment directly from the environment -# file. This is very fast and efficient compared to running through the entire -# CLI and selector. If you want feedback on which environment was used then -# insert the word 'use' after --create as this triggers verbose mode. -if [[ -d "${rvm_path:-$HOME/.rvm}/environments" - && -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]] -then - \. "${rvm_path:-$HOME/.rvm}/environments/$environment_id" - [[ -s "${rvm_path:-$HOME/.rvm}/hooks/after_use" ]] && - \. "${rvm_path:-$HOME/.rvm}/hooks/after_use" || true - if [[ $- == *i* ]] # check for interactive shells - then echo "Using: $(tput setaf 2)$GEM_HOME$(tput sgr0)" # show the user the ruby and gemset they are using in green - else echo "Using: $GEM_HOME" # don't use colors in non-interactive shells - fi -else - # If the environment file has not yet been created, use the RVM CLI to select. - rvm --create use "$environment_id" || { - echo "Failed to create RVM environment '${environment_id}'." - return 1 - } -fi diff --git a/puppet/modules/openvpn/.travis.yml b/puppet/modules/openvpn/.travis.yml deleted file mode 100644 index da5c389d..00000000 --- a/puppet/modules/openvpn/.travis.yml +++ /dev/null @@ -1,29 +0,0 @@ -language: ruby -bundler_args: --without development -script: "bundle exec rake spec SPEC_OPTS='--format documentation'" -rvm: - - 1.8.7 - - 1.9.3 - - 2.0.0 -script: - - "rake lint" - - "rake spec SPEC_OPTS='--format documentation'" -env: - - PUPPET_VERSION="~> 2.7.0" - - PUPPET_VERSION="~> 3.0.0" - - PUPPET_VERSION="~> 3.1.0" - - PUPPET_VERSION="~> 3.2.0" -matrix: - exclude: - - rvm: 1.9.3 - env: PUPPET_VERSION="~> 2.7.0" - - rvm: 2.0.0 - env: PUPPET_VERSION="~> 2.7.0" - - rvm: 2.0.0 - env: PUPPET_VERSION="~> 3.0.0" - - rvm: 2.0.0 - env: PUPPET_VERSION="~> 3.1.0" -notifications: - email: false - on_success: always - on_failure: always diff --git a/puppet/modules/openvpn/Gemfile b/puppet/modules/openvpn/Gemfile deleted file mode 100644 index 68e10e7d..00000000 --- a/puppet/modules/openvpn/Gemfile +++ /dev/null @@ -1,7 +0,0 @@ -source :rubygems - -puppetversion = ENV['PUPPET_VERSION'] -gem 'puppet', puppetversion, :require => false -gem 'puppet-lint' -gem 'rspec-puppet' -gem 'puppetlabs_spec_helper' diff --git a/puppet/modules/openvpn/Gemfile.lock b/puppet/modules/openvpn/Gemfile.lock deleted file mode 100644 index 9fce3f98..00000000 --- a/puppet/modules/openvpn/Gemfile.lock +++ /dev/null @@ -1,36 +0,0 @@ -GEM - remote: http://rubygems.org/ - specs: - diff-lcs (1.1.3) - facter (1.6.17) - hiera (1.0.0) - metaclass (0.0.1) - mocha (0.13.1) - metaclass (~> 0.0.1) - puppet (3.0.2) - facter (~> 1.6.11) - hiera (~> 1.0.0) - puppetlabs_spec_helper (0.4.0) - mocha (>= 0.10.5) - rake - rspec (>= 2.9.0) - rspec-puppet (>= 0.1.1) - rake (10.0.3) - rspec (2.12.0) - rspec-core (~> 2.12.0) - rspec-expectations (~> 2.12.0) - rspec-mocks (~> 2.12.0) - rspec-core (2.12.2) - rspec-expectations (2.12.1) - diff-lcs (~> 1.1.3) - rspec-mocks (2.12.1) - rspec-puppet (0.1.5) - rspec - -PLATFORMS - ruby - -DEPENDENCIES - puppet - puppetlabs_spec_helper - rspec-puppet diff --git a/puppet/modules/openvpn/LICENSE b/puppet/modules/openvpn/LICENSE deleted file mode 100644 index f433b1a5..00000000 --- a/puppet/modules/openvpn/LICENSE +++ /dev/null @@ -1,177 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS diff --git a/puppet/modules/openvpn/Modulefile b/puppet/modules/openvpn/Modulefile deleted file mode 100644 index 679e7e64..00000000 --- a/puppet/modules/openvpn/Modulefile +++ /dev/null @@ -1,11 +0,0 @@ -name 'luxflux-openvpn' -version '2.1.0' -source 'https://github.com/luxflux/puppet-openvpn' -author 'luxflux' -license 'Apache 2.0' -summary 'OpenVPN server puppet module' -description 'Puppet module to manage OpenVPN servers' -project_page 'https://github.com/luxflux/puppet-openvpn' - -## Add dependencies, if any: -dependency 'ripienaar/concat', '0.2.0' diff --git a/puppet/modules/openvpn/Rakefile b/puppet/modules/openvpn/Rakefile deleted file mode 100644 index 14f1c246..00000000 --- a/puppet/modules/openvpn/Rakefile +++ /dev/null @@ -1,2 +0,0 @@ -require 'rubygems' -require 'puppetlabs_spec_helper/rake_tasks' diff --git a/puppet/modules/openvpn/Readme.markdown b/puppet/modules/openvpn/Readme.markdown deleted file mode 100644 index 6bcf49ea..00000000 --- a/puppet/modules/openvpn/Readme.markdown +++ /dev/null @@ -1,54 +0,0 @@ -# OpenVPN Puppet module - -Puppet module to manage OpenVPN servers - -## Features: - -* Client-specific rules and access policies -* Generated client configurations and SSL-Certificates -* Downloadable client configurations and SSL-Certificates for easy client configuration -* Support for multiple server instances - -Tested on Ubuntu Precise Pangolin, CentOS 6, RedHat 6. - - -## Dependencies - - [puppet-concat](https://github.com/ripienaar/puppet-concat) - - -## Example - -```puppet - # add a server instance - openvpn::server { 'winterthur': - country => 'CH', - province => 'ZH', - city => 'Winterthur', - organization => 'example.org', - email => 'root@example.org', - server => '10.200.200.0 255.255.255.0' - } - - # define clients - openvpn::client { 'client1': - server => 'winterthur' - } - openvpn::client { 'client2': - server => 'winterthur' - } - - openvpn::client_specific_config { 'client1': - server => 'winterthur', - ifconfig => '10.200.200.50 255.255.255.0' - } -``` - -Don't forget the [sysctl](https://github.com/luxflux/puppet-sysctl) directive ```net.ipv4.ip_forward```! - - -# Contributors - -These fine folks helped to get this far with this module: -* [@jlambert121](https://github.com/jlambert121) -* [@jlk](https://github.com/jlk) -* [@elisiano](https://github.com/elisiano) diff --git a/puppet/modules/openvpn/Vagrantfile b/puppet/modules/openvpn/Vagrantfile deleted file mode 100644 index 88875ff8..00000000 --- a/puppet/modules/openvpn/Vagrantfile +++ /dev/null @@ -1,42 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -def server_config(config) - config.vm.provision :puppet, :module_path => '..' do |puppet| - puppet.manifests_path = "vagrant" - puppet.manifest_file = "server.pp" - end -end - -def client_config(config) - config.vm.provision :puppet, :module_path => '..' do |puppet| - puppet.manifests_path = "vagrant" - puppet.manifest_file = "client.pp" - end -end - -Vagrant::Config.run do |config| - - config.vm.define :server_ubuntu do |c| - c.vm.box = 'precise64' - server_config c - c.vm.network :hostonly, '10.255.255.10' - end - - config.vm.define :server_centos do |c| - c.vm.box = 'centos63' - - c.vm.provision :shell, :inline => 'if [ ! -f rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm ]; then wget -q http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm; fi' - c.vm.provision :shell, :inline => 'yum install -y rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm || exit 0' - - server_config c - c.vm.network :hostonly, '10.255.255.11' - end - - config.vm.define :client_ubuntu do |c| - c.vm.box = 'precise64' - client_config c - c.vm.network :hostonly, '10.255.255.20' - end - -end diff --git a/puppet/modules/openvpn/manifests/client.pp b/puppet/modules/openvpn/manifests/client.pp deleted file mode 100644 index 92c6aa4e..00000000 --- a/puppet/modules/openvpn/manifests/client.pp +++ /dev/null @@ -1,187 +0,0 @@ -# == Define: openvpn::client -# -# This define creates the client certs for a specified openvpn server as well -# as creating a tarball that can be directly imported into openvpn clients -# -# -# === Parameters -# -# [*server*] -# String. Name of the corresponding openvpn endpoint -# Required -# -# [*compression*] -# String. Which compression algorithim to use -# Default: comp-lzo -# Options: comp-lzo or '' (disable compression) -# -# [*dev*] -# String. Device method -# Default: tun -# Options: tun (routed connections), tap (bridged connections) -# -# [*mute*] -# Integer. Set log mute level -# Default: 20 -# -# [*mute_replay_warnings*] -# Boolean. Silence duplicate packet warnings (common on wireless networks) -# Default: true -# -# [*nobind*] -# Boolean. Whether or not to bind to a specific port number -# Default: true -# -# [*persist_key*] -# Boolean. Try to retain access to resources that may be unavailable -# because of privilege downgrades -# Default: true -# -# [*persist_tun*] -# Boolean. Try to retain access to resources that may be unavailable -# because of privilege downgrades -# Default: true -# -# [*port*] -# Integer. The port the openvpn server service is running on -# Default: 1194 -# -# [*proto*] -# String. What IP protocol is being used. -# Default: tcp -# Options: tcp or udp -# -# [*remote_host*] -# String. The IP or hostname of the openvpn server service -# Default: FQDN -# -# [*resolv_retry*] -# Integer/String. How many seconds should the openvpn client try to resolve -# the server's hostname -# Default: infinite -# Options: Integer or infinite -# -# [*verb*] -# Integer. Level of logging verbosity -# Default: 3 -# -# -# === Examples -# -# openvpn::client { -# 'my_user': -# server => 'contractors', -# remote_host => 'vpn.mycompany.com' -# } -# -# * Removal: -# Manual process right now, todo for the future -# -# -# === Authors -# -# * Raffael Schmid <mailto:raffael@yux.ch> -# * John Kinsella <mailto:jlkinsel@gmail.com> -# * Justin Lambert <mailto:jlambert@letsevenup.com> -# -# === License -# -# Copyright 2013 Raffael Schmid, <raffael@yux.ch> -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -define openvpn::client( - $server, - $compression = 'comp-lzo', - $dev = 'tun', - $mute = '20', - $mute_replay_warnings = true, - $nobind = true, - $persist_key = true, - $persist_tun = true, - $port = '1194', - $proto = 'tcp', - $remote_host = $::fqdn, - $resolv_retry = 'infinite', - $verb = '3', -) { - - Openvpn::Server[$server] -> - Openvpn::Client[$name] - - exec { - "generate certificate for ${name} in context of ${server}": - command => ". ./vars && ./pkitool ${name}", - cwd => "/etc/openvpn/${server}/easy-rsa", - creates => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt", - provider => 'shell'; - } - - file { - [ "/etc/openvpn/${server}/download-configs/${name}", - "/etc/openvpn/${server}/download-configs/${name}/keys"]: - ensure => directory; - - "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt": - ensure => link, - target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt", - require => Exec["generate certificate for ${name} in context of ${server}"]; - - "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key": - ensure => link, - target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.key", - require => Exec["generate certificate for ${name} in context of ${server}"]; - - "/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt": - ensure => link, - target => "/etc/openvpn/${server}/easy-rsa/keys/ca.crt", - require => Exec["generate certificate for ${name} in context of ${server}"]; - - "/etc/openvpn/${server}/download-configs/${name}/${name}.conf": - owner => root, - group => root, - mode => '0444', - content => template('openvpn/client.erb'), - notify => Exec["tar the thing ${server} with ${name}"]; - } - - exec { - "tar the thing ${server} with ${name}": - cwd => "/etc/openvpn/${server}/download-configs/", - command => "/bin/rm ${name}.tar.gz; tar --exclude=\\*.conf.d -chzvf ${name}.tar.gz ${name}", - refreshonly => true, - require => [ File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"], - File["/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt"], - File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"], - File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] - ], - notify => Exec["generate ${name}.ovpn in ${server}"]; - } - - exec { - "generate ${name}.ovpn in ${server}": - cwd => "/etc/openvpn/${server}/download-configs/", - command => "/bin/rm ${name}.ovpn; cat ${name}/${name}.conf|perl -lne 'if(m|^ca keys/ca.crt|){ chomp(\$ca=`cat ${name}/keys/ca.crt`); print \"<ca>\n\$ca\n</ca>\"} elsif(m|^cert keys/${name}.crt|) { chomp(\$crt=`cat ${name}/keys/${name}.crt`); print \"<cert>\n\$crt\n</cert>\"} elsif(m|^key keys/${name}.key|){ chomp(\$key=`cat ${name}/keys/${name}.key`); print \"<key>\n\$key\n</key>\"} else { print} ' > ${name}.ovpn", - refreshonly => true, - require => [ File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"], - File["/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt"], - File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"], - File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"], - ], - } - - file { "/etc/openvpn/${server}/download-configs/${name}.ovpn": - mode => '0400', - require => Exec["generate ${name}.ovpn in ${server}"], - } -} diff --git a/puppet/modules/openvpn/manifests/client_specific_config.pp b/puppet/modules/openvpn/manifests/client_specific_config.pp deleted file mode 100644 index 4287421a..00000000 --- a/puppet/modules/openvpn/manifests/client_specific_config.pp +++ /dev/null @@ -1,79 +0,0 @@ -# == Define: openvpn::client_specific_config -# -# This define configures options which will be pushed by the server to a -# specific client only. This feature is explained here: -# http://openvpn.net/index.php/open-source/documentation/howto.html#policy -# -# === Parameters -# -# All the parameters are explained in the openvpn documentation: -# http://openvpn.net/index.php/open-source/documentation/howto.html#policy -# -# [*server*] -# String. Name of the corresponding openvpn endpoint -# Required -# -# [*iroute*] -# Array. Array of iroute combinations. -# Default: [] -# -# [*ifconfig*] -# String. IP configuration to push to the client. -# Default: false -# -# [*dhcp_options] -# Array. DHCP options to push to the client. -# Default: [] -# -# -# === Examples -# -# openvpn::client_specific_config { -# 'vpn_client': -# server => 'contractors', -# iroute => ['10.0.1.0 255.255.255.0'], -# ifconfig => '10.10.10.1 10.10.10.2', -# dhcp_options => ['DNS 8.8.8.8'] -# } -# -# * Removal: -# Manual process right now, todo for the future -# -# -# === Authors -# -# * Raffael Schmid <mailto:raffael@yux.ch> -# -# === License -# -# Copyright 2013 Raffael Schmid, <raffael@yux.ch> -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -define openvpn::client_specific_config( - $server, - $iroute = [], - $ifconfig = false, - $dhcp_options = [] -) { - - Openvpn::Server[$server] -> - Openvpn::Client[$name] -> - Openvpn::Client_specific_config[$name] - - file { "/etc/openvpn/${server}/client-configs/${name}": - ensure => present, - content => template('openvpn/client_specific_config.erb') - } - -} diff --git a/puppet/modules/openvpn/manifests/config.pp b/puppet/modules/openvpn/manifests/config.pp deleted file mode 100644 index 32b32094..00000000 --- a/puppet/modules/openvpn/manifests/config.pp +++ /dev/null @@ -1,52 +0,0 @@ -# == Class: openvpn::config -# -# This class sets up the openvpn enviornment as well as the default config file -# -# -# === Examples -# -# This class should not be directly invoked -# -# === Authors -# -# * Raffael Schmid <mailto:raffael@yux.ch> -# * John Kinsella <mailto:jlkinsel@gmail.com> -# * Justin Lambert <mailto:jlambert@letsevenup.com> -# -# === License -# -# Copyright 2013 Raffael Schmid, <raffael@yux.ch> -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -class openvpn::config { - - if $::osfamily == 'Debian' { - include concat::setup - - concat { - '/etc/default/openvpn': - owner => root, - group => root, - mode => 644, - warn => true; - } - - concat::fragment { - 'openvpn.default.header': - content => template('openvpn/etc-default-openvpn.erb'), - target => '/etc/default/openvpn', - order => 01; - } - } -} diff --git a/puppet/modules/openvpn/manifests/init.pp b/puppet/modules/openvpn/manifests/init.pp deleted file mode 100644 index 7e07f025..00000000 --- a/puppet/modules/openvpn/manifests/init.pp +++ /dev/null @@ -1,43 +0,0 @@ -# == Class: openvpn -# -# This module installs the openvpn service, configures vpn endpoints, generates -# client certificates, and generates client config files -# -# -# === Examples -# -# * Installation: -# class { 'openvpn': } -# -# -# === Authors -# -# * Raffael Schmid <mailto:raffael@yux.ch> -# * John Kinsella <mailto:jlkinsel@gmail.com> -# * Justin Lambert <mailto:jlambert@letsevenup.com> -# -# === License -# -# Copyright 2013 Raffael Schmid, <raffael@yux.ch> -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -class openvpn { - - class {'openvpn::params': } -> - class {'openvpn::install': } -> - class {'openvpn::config': } ~> - class {'openvpn::service': } -> - Class['openvpn'] - -} diff --git a/puppet/modules/openvpn/manifests/install.pp b/puppet/modules/openvpn/manifests/install.pp deleted file mode 100644 index a230373a..00000000 --- a/puppet/modules/openvpn/manifests/install.pp +++ /dev/null @@ -1,46 +0,0 @@ -# == Class: openvpn -# -# This module installs the openvpn service, configures vpn endpoints, generates -# client certificates, and generates client config files -# -# -# === Examples -# -# This class should not be directly invoked -# -# -# === Authors -# -# * Raffael Schmid <mailto:raffael@yux.ch> -# * John Kinsella <mailto:jlkinsel@gmail.com> -# * Justin Lambert <mailto:jlambert@letsevenup.com> -# -# === License -# -# Copyright 2013 Raffael Schmid, <raffael@yux.ch> -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -class openvpn::install { - - package { - 'openvpn': - ensure => installed; - } - - file { - [ '/etc/openvpn', '/etc/openvpn/keys' ]: - ensure => directory, - require => Package['openvpn']; - } -} diff --git a/puppet/modules/openvpn/manifests/params.pp b/puppet/modules/openvpn/manifests/params.pp deleted file mode 100644 index 33495270..00000000 --- a/puppet/modules/openvpn/manifests/params.pp +++ /dev/null @@ -1,37 +0,0 @@ -# === License -# -# Copyright 2013 Raffael Schmid, <raffael@yux.ch> -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -class openvpn::params { - - $group = $::osfamily ? { - 'RedHat' => 'nobody', - default => 'nogroup' - } - - $easyrsa_source = $::osfamily ? { - 'RedHat' => $::operatingsystemmajrelease ? { - 6 => '/usr/share/openvpn/easy-rsa/2.0', - default => '/usr/share/doc/openvpn-2.2.2/easy-rsa/2.0' - }, - default => '/usr/share/doc/openvpn/examples/easy-rsa/2.0' - } - - $link_openssl_cnf = $::osfamily ? { - /(Debian|RedHat)/ => true, - default => false - } - -} diff --git a/puppet/modules/openvpn/manifests/server.pp b/puppet/modules/openvpn/manifests/server.pp deleted file mode 100644 index 649048c4..00000000 --- a/puppet/modules/openvpn/manifests/server.pp +++ /dev/null @@ -1,233 +0,0 @@ -# == Define: openvpn::server -# -# This define creates the openvpn server instance and ssl certificates -# -# -# === Parameters -# -# [*country*] -# String. Country to be used for the SSL certificate -# -# [*province*] -# String. Province to be used for the SSL certificate -# -# [*city*] -# String. City to be used for the SSL certificate -# -# [*organization*] -# String. Organization to be used for the SSL certificate -# -# [*email*] -# String. Email address to be used for the SSL certificate -# -# [*compression*] -# String. Which compression algorithim to use -# Default: comp-lzo -# Options: comp-lzo or '' (disable compression) -# -# [*dev*] -# String. Device method -# Default: tun -# Options: tun (routed connections), tap (bridged connections) -# -# [*user*] -# String. Group to drop privileges to after startup -# Default: nobody -# -# [*group*] -# String. User to drop privileges to after startup -# Default: depends on your $::osfamily -# -# [*ipp*] -# Boolean. Persist ifconfig information to a file to retain client IP -# addresses between sessions -# Default: false -# -# [*local*] -# String. Interface for openvpn to bind to. -# Default: $::ipaddress_eth0 -# Options: An IP address or '' to bind to all ip addresses -# -# [*logfile*] -# String. Logfile for this openvpn server -# Default: false -# Options: false (syslog) or log file name -# -# [*port*] -# Integer. The port the openvpn server service is running on -# Default: 1194 -# -# [*proto*] -# String. What IP protocol is being used. -# Default: tcp -# Options: tcp or udp -# -# [*status_log*] -# String. Logfile for periodic dumps of the vpn service status -# Default: "${name}/openvpn-status.log" -# -# [*server*] -# String. Network to assign client addresses out of -# Default: None. Required in tun mode, not in tap mode -# -# [*push*] -# Array. Options to push out to the client. This can include routes, DNS -# servers, DNS search domains, and many other options. -# Default: [] -# -# -# === Examples -# -# openvpn::client { -# 'my_user': -# server => 'contractors', -# remote_host => 'vpn.mycompany.com' -# } -# -# * Removal: -# Manual process right now, todo for the future -# -# -# === Authors -# -# * Raffael Schmid <mailto:raffael@yux.ch> -# * John Kinsella <mailto:jlkinsel@gmail.com> -# * Justin Lambert <mailto:jlambert@letsevenup.com> -# -# === License -# -# Copyright 2013 Raffael Schmid, <raffael@yux.ch> -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -define openvpn::server( - $country, - $province, - $city, - $organization, - $email, - $compression = 'comp-lzo', - $dev = 'tun0', - $user = 'nobody', - $group = false, - $ipp = false, - $ip_pool = [], - $local = $::ipaddress_eth0, - $logfile = false, - $port = '1194', - $proto = 'tcp', - $status_log = "${name}/openvpn-status.log", - $server = '', - $push = [] -) { - - include openvpn - Class['openvpn::install'] -> - Openvpn::Server[$name] ~> - Class['openvpn::service'] - - $tls_server = $proto ? { - /tcp/ => true, - default => false - } - - $group_to_set = $group ? { - false => $openvpn::params::group, - default => $group - } - - file { - ["/etc/openvpn/${name}", "/etc/openvpn/${name}/client-configs", "/etc/openvpn/${name}/download-configs" ]: - ensure => directory; - } - - exec { - "copy easy-rsa to openvpn config folder ${name}": - command => "/bin/cp -r ${openvpn::params::easyrsa_source} /etc/openvpn/${name}/easy-rsa", - creates => "/etc/openvpn/${name}/easy-rsa", - notify => Exec["fix_easyrsa_file_permissions_${name}"], - require => File["/etc/openvpn/${name}"]; - } - - exec { - "fix_easyrsa_file_permissions_${name}": - refreshonly => true, - command => "/bin/chmod 755 /etc/openvpn/${name}/easy-rsa/*"; - } - - file { - "/etc/openvpn/${name}/easy-rsa/vars": - ensure => present, - content => template('openvpn/vars.erb'), - require => Exec["copy easy-rsa to openvpn config folder ${name}"]; - } - - file { - "/etc/openvpn/${name}/easy-rsa/openssl.cnf": - require => Exec["copy easy-rsa to openvpn config folder ${name}"]; - } - - if $openvpn::params::link_openssl_cnf == true { - File["/etc/openvpn/${name}/easy-rsa/openssl.cnf"] { - ensure => link, - target => "/etc/openvpn/${name}/easy-rsa/openssl-1.0.0.cnf" - } - } - - exec { - "generate dh param ${name}": - command => '. ./vars && ./clean-all && ./build-dh', - cwd => "/etc/openvpn/${name}/easy-rsa", - creates => "/etc/openvpn/${name}/easy-rsa/keys/dh1024.pem", - provider => 'shell', - require => File["/etc/openvpn/${name}/easy-rsa/vars"]; - - "initca ${name}": - command => '. ./vars && ./pkitool --initca', - cwd => "/etc/openvpn/${name}/easy-rsa", - creates => "/etc/openvpn/${name}/easy-rsa/keys/ca.key", - provider => 'shell', - require => [ Exec["generate dh param ${name}"], File["/etc/openvpn/${name}/easy-rsa/openssl.cnf"] ]; - - "generate server cert ${name}": - command => '. ./vars && ./pkitool --server server', - cwd => "/etc/openvpn/${name}/easy-rsa", - creates => "/etc/openvpn/${name}/easy-rsa/keys/server.key", - provider => 'shell', - require => Exec["initca ${name}"]; - } - - file { - "/etc/openvpn/${name}/keys": - ensure => link, - target => "/etc/openvpn/${name}/easy-rsa/keys", - require => Exec["copy easy-rsa to openvpn config folder ${name}"]; - } - - if $::osfamily == 'Debian' { - concat::fragment { - "openvpn.default.autostart.${name}": - content => "AUTOSTART=\"\$AUTOSTART ${name}\"\n", - target => '/etc/default/openvpn', - order => 10; - } - } - - file { - "/etc/openvpn/${name}.conf": - owner => root, - group => root, - mode => '0444', - content => template('openvpn/server.erb'); - } -} diff --git a/puppet/modules/openvpn/manifests/service.pp b/puppet/modules/openvpn/manifests/service.pp deleted file mode 100644 index 54e8db7d..00000000 --- a/puppet/modules/openvpn/manifests/service.pp +++ /dev/null @@ -1,36 +0,0 @@ -# == Class: openvpn::config -# -# This class maintains the openvpn service -# -# -# === Examples -# -# This class should not be directly invoked -# -# === Authors -# -# * Raffael Schmid <mailto:raffael@yux.ch> -# * John Kinsella <mailto:jlkinsel@gmail.com> -# * Justin Lambert <mailto:jlambert@letsevenup.com> -# -# === License -# -# Copyright 2013 Raffael Schmid, <raffael@yux.ch> -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# lied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -class openvpn::service { - service { - 'openvpn': - ensure => running, - enable => true, - hasrestart => true, - hasstatus => true; - } -} diff --git a/puppet/modules/openvpn/spec/classes/openvpn_config_spec.rb b/puppet/modules/openvpn/spec/classes/openvpn_config_spec.rb deleted file mode 100644 index bbb63a77..00000000 --- a/puppet/modules/openvpn/spec/classes/openvpn_config_spec.rb +++ /dev/null @@ -1,15 +0,0 @@ -require 'spec_helper' - -describe 'openvpn::config', :type => :class do - - it { should create_class('openvpn::config') } - - context "on Debian based machines" do - let (:facts) { { :osfamily => 'Debian', :concat_basedir => '/var/lib/puppet/concat' } } - - it { should contain_class('concat::setup') } - it { should contain_concat('/etc/default/openvpn') } - it { should contain_concat__fragment('openvpn.default.header') } - end - -end diff --git a/puppet/modules/openvpn/spec/classes/openvpn_init_spec.rb b/puppet/modules/openvpn/spec/classes/openvpn_init_spec.rb deleted file mode 100644 index 45dcc9bf..00000000 --- a/puppet/modules/openvpn/spec/classes/openvpn_init_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -require 'spec_helper' - -describe 'openvpn', :type => :class do - - let (:facts) { { :concat_basedir => '/var/lib/puppet/concat' } } - - it { should create_class('openvpn') } - -end diff --git a/puppet/modules/openvpn/spec/classes/openvpn_install_spec.rb b/puppet/modules/openvpn/spec/classes/openvpn_install_spec.rb deleted file mode 100644 index cdb31358..00000000 --- a/puppet/modules/openvpn/spec/classes/openvpn_install_spec.rb +++ /dev/null @@ -1,11 +0,0 @@ -require 'spec_helper' - -describe 'openvpn::install', :type => :class do - - it { should create_class('openvpn::install') } - it { should contain_package('openvpn') } - - it { should contain_file('/etc/openvpn').with('ensure' => 'directory') } - it { should contain_file('/etc/openvpn/keys').with('ensure' => 'directory') } - -end diff --git a/puppet/modules/openvpn/spec/classes/openvpn_service_spec.rb b/puppet/modules/openvpn/spec/classes/openvpn_service_spec.rb deleted file mode 100644 index f427e7f1..00000000 --- a/puppet/modules/openvpn/spec/classes/openvpn_service_spec.rb +++ /dev/null @@ -1,13 +0,0 @@ -require 'spec_helper' - -describe 'openvpn::service', :type => :class do - - let (:facts) { { :concat_basedir => '/var/lib/puppet/concat' } } - - it { should create_class('openvpn::service') } - it { should contain_service('openvpn').with( - 'ensure' => 'running', - 'enable' => true - ) } - -end diff --git a/puppet/modules/openvpn/spec/defines/openvpn_client_spec.rb b/puppet/modules/openvpn/spec/defines/openvpn_client_spec.rb deleted file mode 100644 index a4b580e8..00000000 --- a/puppet/modules/openvpn/spec/defines/openvpn_client_spec.rb +++ /dev/null @@ -1,88 +0,0 @@ -require 'spec_helper' - -describe 'openvpn::client', :type => :define do - let(:title) { 'test_client' } - let(:params) { { 'server' => 'test_server' } } - let(:facts) { { :fqdn => 'somehost', :concat_basedir => '/var/lib/puppet/concat' } } - let(:pre_condition) do - 'openvpn::server { "test_server": - country => "CO", - province => "ST", - city => "Some City", - organization => "example.org", - email => "testemail@example.org" - }' - end - - it { should contain_exec('generate certificate for test_client in context of test_server') } - - [ 'test_client', 'test_client/keys'].each do |directory| - it { should contain_file("/etc/openvpn/test_server/download-configs/#{directory}") } - end - - [ 'test_client.crt', 'test_client.key', 'ca.crt' ].each do |file| - it { should contain_file("/etc/openvpn/test_server/download-configs/test_client/keys/#{file}").with( - 'ensure' => 'link', - 'target' => "/etc/openvpn/test_server/easy-rsa/keys/#{file}" - )} - end - - it { should contain_exec('tar the thing test_server with test_client').with( - 'cwd' => '/etc/openvpn/test_server/download-configs/', - 'command' => '/bin/rm test_client.tar.gz; tar --exclude=\*.conf.d -chzvf test_client.tar.gz test_client' - ) } - - context "setting the minimum parameters" do - let(:params) { { 'server' => 'test_server' } } - let(:facts) { { :fqdn => 'somehost', :concat_basedir => '/var/lib/puppet/concat' } } - - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^client$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^ca\s+keys\/ca\.crt$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^cert\s+keys\/test_client.crt$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^key\s+keys\/test_client\.key$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^dev\s+tun$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^proto\s+tcp$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^remote\s+somehost\s+1194$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^comp-lzo$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^resolv-retry\s+infinite$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^nobind$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^persist-key$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^persist-tun$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^mute-replay-warnings$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^ns\-cert\-type\s+server$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^verb\s+3$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^mute\s+20$/)} - end - - context "setting all of the parameters" do - let(:params) { { - 'server' => 'test_server', - 'compression' => 'comp-something', - 'dev' => 'tap', - 'mute' => 10, - 'mute_replay_warnings' => false, - 'nobind' => false, - 'persist_key' => false, - 'persist_tun' => false, - 'port' => '123', - 'proto' => 'udp', - 'remote_host' => 'somewhere', - 'resolv_retry' => '2m', - 'verb' => '1' - } } - let(:facts) { { :fqdn => 'somehost', :concat_basedir => '/var/lib/puppet/concat' } } - - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^client$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^ca\s+keys\/ca\.crt$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^cert\s+keys\/test_client.crt$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^key\s+keys\/test_client\.key$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^dev\s+tap$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^proto\s+udp$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^remote\s+somewhere\s+123$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^comp-something$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^resolv-retry\s+2m$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^verb\s+1$/)} - it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^mute\s+10$/)} - end - -end diff --git a/puppet/modules/openvpn/spec/defines/openvpn_client_specific_config_spec.rb b/puppet/modules/openvpn/spec/defines/openvpn_client_specific_config_spec.rb deleted file mode 100644 index cfdab389..00000000 --- a/puppet/modules/openvpn/spec/defines/openvpn_client_specific_config_spec.rb +++ /dev/null @@ -1,40 +0,0 @@ -require 'spec_helper' - -describe 'openvpn::client_specific_config', :type => :define do - let(:title) { 'test_client' } - let(:params) { { 'server' => 'test_server' } } - let(:facts) { { :fqdn => 'somehost', :concat_basedir => '/var/lib/puppet/concat' } } - let(:pre_condition) do - [ - 'openvpn::server { "test_server": - country => "CO", - province => "ST", - city => "Some City", - organization => "example.org", - email => "testemail@example.org" - }', - 'openvpn::client { "test_client": - server => "test_server" - }' - ].join - end - - it { should contain_file('/etc/openvpn/test_server/client-configs/test_client') } - - describe "setting no paramter at all" do - it { should contain_file('/etc/openvpn/test_server/client-configs/test_client').with_content(/\A\n\z/) } - end - - describe "setting all parameters" do - let(:params) do - {:server => 'test_server', - :iroute => ['10.0.1.0 255.255.255.0'], - :ifconfig => '10.10.10.2 255.255.255.0', - :dhcp_options => ['DNS 8.8.8.8']} - end - - it { should contain_file('/etc/openvpn/test_server/client-configs/test_client').with_content(/^iroute 10.0.1.0 255.255.255.0$/) } - it { should contain_file('/etc/openvpn/test_server/client-configs/test_client').with_content(/^ifconfig-push 10.10.10.2 255.255.255.0$/) } - it { should contain_file('/etc/openvpn/test_server/client-configs/test_client').with_content(/^push dhcp-option DNS 8.8.8.8$/) } - end -end diff --git a/puppet/modules/openvpn/spec/defines/openvpn_server_spec.rb b/puppet/modules/openvpn/spec/defines/openvpn_server_spec.rb deleted file mode 100644 index 467be6aa..00000000 --- a/puppet/modules/openvpn/spec/defines/openvpn_server_spec.rb +++ /dev/null @@ -1,165 +0,0 @@ -require 'spec_helper' - -describe 'openvpn::server', :type => :define do - - let(:title) { 'test_server' } - - context "creating a server with the minimum parameters" do - let(:params) { { - 'country' => 'CO', - 'province' => 'ST', - 'city' => 'Some City', - 'organization' => 'example.org', - 'email' => 'testemail@example.org' - } } - - let (:facts) { { - :ipaddress_eth0 => '1.2.3.4', - :network_eth0 => '1.2.3.0', - :netmask_eth0 => '255.255.255.0', - :concat_basedir => '/var/lib/puppet/concat', - :osfamily => 'anything_else' - } } - - # Files associated with a server config - it { should contain_file('/etc/openvpn/test_server').with('ensure' => 'directory')} - it { should contain_file('/etc/openvpn/test_server/client-configs').with('ensure' => 'directory')} - it { should contain_file('/etc/openvpn/test_server/download-configs').with('ensure' => 'directory')} - it { should contain_file('/etc/openvpn/test_server/easy-rsa/vars')} - it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf')} - it { should contain_file('/etc/openvpn/test_server/keys').with( - 'ensure' => 'link', - 'target' => '/etc/openvpn/test_server/easy-rsa/keys' - )} - - # Execs to working with certificates - it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with( - 'command' => '/bin/cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa' - )} - it { should contain_exec('generate dh param test_server') } - it { should contain_exec('initca test_server') } - it { should contain_exec('generate server cert test_server') } - - # VPN server config file itself - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^mode\s+server$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^client\-config\-dir\s+\/etc\/openvpn\/test_server\/client\-configs$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^ca\s+\/etc\/openvpn\/test_server\/keys\/ca.crt$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^cert\s+\/etc\/openvpn\/test_server\/keys\/server.crt$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^key\s+\/etc\/openvpn\/test_server\/keys\/server.key$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^dh\s+\/etc\/openvpn\/test_server\/keys\/dh1024.pem$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^proto\s+tcp-server$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^tls-server$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^port\s+1194$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^comp-lzo$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^group\s+nogroup$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^user\s+nobody$/) } - it { should_not contain_file('/etc/openvpn/test_server.conf').with_content(/^log\-append\s+test_server\/openvpn\.log$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^status\s+test_server\/openvpn\-status\.log$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^dev\s+tun0$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^local\s+1\.2\.3\.4$/) } - it { should_not contain_file('/etc/openvpn/test_server.conf').with_content(/^ifconfig-pool-persist/) } - end - - context "creating a server setting all parameters" do - let(:params) { { - 'country' => 'CO', - 'province' => 'ST', - 'city' => 'Some City', - 'organization' => 'example.org', - 'email' => 'testemail@example.org', - 'compression' => 'fake_compression', - 'port' => '123', - 'proto' => 'udp', - 'group' => 'someone', - 'user' => 'someone', - 'logfile' => '/var/log/openvpn/test_server.log', - 'status_log' => '/var/log/openvpn/test_server_status.log', - 'dev' => 'tun1', - 'local' => '2.3.4.5', - 'ipp' => true, - 'server' => '2.3.4.0 255.255.0.0', - 'push' => [ 'dhcp-option DNS 172.31.0.30', 'route 172.31.0.0 255.255.0.0' ] - } } - - let (:facts) { { - :ipaddress_eth0 => '1.2.3.4', - :network_eth0 => '1.2.3.0', - :netmask_eth0 => '255.255.255.0', - :concat_basedir => '/var/lib/puppet/concat' - } } - - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^mode\s+server$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^client\-config\-dir\s+\/etc\/openvpn\/test_server\/client\-configs$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^ca\s+\/etc\/openvpn\/test_server\/keys\/ca.crt$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^cert\s+\/etc\/openvpn\/test_server\/keys\/server.crt$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^key\s+\/etc\/openvpn\/test_server\/keys\/server.key$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^dh\s+\/etc\/openvpn\/test_server\/keys\/dh1024.pem$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^proto\s+udp$/) } - it { should_not contain_file('/etc/openvpn/test_server.conf').with_content(/^proto\s+tls-server$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^port\s+123$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^fake_compression$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^group\s+someone$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^user\s+someone$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^log\-append\s+\/var\/log\/openvpn\/test_server\.log$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^status\s+\/var\/log\/openvpn\/test_server_status\.log$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^dev\s+tun1$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^local\s+2\.3\.4\.5$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^server\s+2\.3\.4\.0\s+255\.255\.0\.0$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^push\s+dhcp-option\s+DNS\s+172\.31\.0\.30$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^push\s+route\s+172\.31\.0\.0\s+255\.255\.0\.0$/) } - end - - context "when RedHat based machine" do - let(:params) { { - 'country' => 'CO', - 'province' => 'ST', - 'city' => 'Some City', - 'organization' => 'example.org', - 'email' => 'testemail@example.org' - } } - - let(:facts) { { :osfamily => 'RedHat', :concat_basedir => '/var/lib/puppet/concat' } } - - it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf').with( - 'ensure' => 'link', - 'target' => '/etc/openvpn/test_server/easy-rsa/openssl-1.0.0.cnf' - )} - - it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with( - 'command' => '/bin/cp -r /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa' - )} - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^group\s+nobody$/) } - - end - - context "when Debian based machine" do - let(:params) { { - 'country' => 'CO', - 'province' => 'ST', - 'city' => 'Some City', - 'organization' => 'example.org', - 'email' => 'testemail@example.org' - } } - - let(:facts) { { :osfamily => 'Debian', :concat_basedir => '/var/lib/puppet/concat' } } - - it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf').with( - 'ensure' => 'link', - 'target' => '/etc/openvpn/test_server/easy-rsa/openssl-1.0.0.cnf' - )} - - it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with( - 'command' => '/bin/cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa' - )} - - # Configure to start vpn session - it { should contain_concat__fragment('openvpn.default.autostart.test_server').with( - 'content' => "AUTOSTART=\"$AUTOSTART test_server\"\n", - 'target' => '/etc/default/openvpn' - )} - - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^group\s+nogroup$/) } - - end - -end diff --git a/puppet/modules/openvpn/spec/spec_helper.rb b/puppet/modules/openvpn/spec/spec_helper.rb deleted file mode 100644 index dc7e9f4a..00000000 --- a/puppet/modules/openvpn/spec/spec_helper.rb +++ /dev/null @@ -1,2 +0,0 @@ -require 'rubygems' -require 'puppetlabs_spec_helper/module_spec_helper' diff --git a/puppet/modules/openvpn/templates/client.erb b/puppet/modules/openvpn/templates/client.erb deleted file mode 100644 index 021ed617..00000000 --- a/puppet/modules/openvpn/templates/client.erb +++ /dev/null @@ -1,26 +0,0 @@ -client -ca keys/ca.crt -cert keys/<%= scope.lookupvar('name') %>.crt -key keys/<%= scope.lookupvar('name') %>.key -dev <%= scope.lookupvar('dev') %> -proto <%= scope.lookupvar('proto') %> -remote <%= scope.lookupvar('remote_host') %> <%= scope.lookupvar('port') %> -<% if scope.lookupvar('compression') != '' -%> -<%= scope.lookupvar('compression') %> -<% end -%> -resolv-retry <%= scope.lookupvar('resolv_retry') %> -<% if scope.lookupvar('nobind') -%> -nobind -<% end -%> -<% if scope.lookupvar('persist_key') -%> -persist-key -<% end -%> -<% if scope.lookupvar('persist_tun') -%> -persist-tun -<% end -%> -<% if scope.lookupvar('mute_replay_warnings') -%> -mute-replay-warnings -<% end -%> -ns-cert-type server -verb <%= scope.lookupvar('verb') %> -mute <%= scope.lookupvar('mute') %> diff --git a/puppet/modules/openvpn/templates/client_specific_config.erb b/puppet/modules/openvpn/templates/client_specific_config.erb deleted file mode 100644 index 62cc0e7a..00000000 --- a/puppet/modules/openvpn/templates/client_specific_config.erb +++ /dev/null @@ -1,10 +0,0 @@ -<% scope.lookupvar('iroute').each do |route| -%> -iroute <%= route %> -<% end -%> -<% if ifconfig = scope.lookupvar('ifconfig') -%> -ifconfig-push <%= ifconfig %> -<% end -%> -<% scope.lookupvar('dhcp_options').each do |option| -%> -push dhcp-option <%= option %> -<% end -%> - diff --git a/puppet/modules/openvpn/templates/etc-default-openvpn.erb b/puppet/modules/openvpn/templates/etc-default-openvpn.erb deleted file mode 100644 index 310e462e..00000000 --- a/puppet/modules/openvpn/templates/etc-default-openvpn.erb +++ /dev/null @@ -1,20 +0,0 @@ -# This is the configuration file for /etc/init.d/openvpn - -# -# Start only these VPNs automatically via init script. -# Allowed values are "all", "none" or space separated list of -# names of the VPNs. If empty, "all" is assumed. -# -#AUTOSTART="all" -#AUTOSTART="none" -#AUTOSTART="home office" -# -# Refresh interval (in seconds) of default status files -# located in /var/run/openvpn.$NAME.status -# Defaults to 10, 0 disables status file generation -# -#STATUSREFRESH=10 -#STATUSREFRESH=0 -# Optional arguments to openvpn's command line -OPTARGS="" -AUTOSTART="" diff --git a/puppet/modules/openvpn/templates/server.erb b/puppet/modules/openvpn/templates/server.erb deleted file mode 100644 index 6ef13263..00000000 --- a/puppet/modules/openvpn/templates/server.erb +++ /dev/null @@ -1,37 +0,0 @@ -mode server -client-config-dir /etc/openvpn/<%= scope.lookupvar('name') %>/client-configs -ca /etc/openvpn/<%= scope.lookupvar('name') %>/keys/ca.crt -cert /etc/openvpn/<%= scope.lookupvar('name') %>/keys/server.crt -key /etc/openvpn/<%= scope.lookupvar('name') %>/keys/server.key -dh /etc/openvpn/<%= scope.lookupvar('name') %>/keys/dh1024.pem -<% if scope.lookupvar('proto') == 'tcp' -%> -proto <%= scope.lookupvar('proto') %>-server -<% else -%> -proto <%= scope.lookupvar('proto') %> -<% end -%> -port <%= scope.lookupvar('port') %> -<% if scope.lookupvar('tls_server') -%> -tls-server -<% end -%> -<% if scope.lookupvar('compression') != '' -%> -<%= scope.lookupvar('compression') %> -<% end -%> -group <%= scope.lookupvar('group_to_set') %> -user <%= scope.lookupvar('user') %> -<% if scope.lookupvar('logfile') -%> -log-append <%= scope.lookupvar('logfile') %> -<% end -%> -status <%= scope.lookupvar('status_log') %> -dev <%= scope.lookupvar('dev') %> -<% if scope.lookupvar('local') != '' -%> -local <%= scope.lookupvar('local') %> -<% end -%> -<% if scope.lookupvar('ipp') -%> -ifconfig-pool-persist <%= scope.lookupvar('name') %>/vpn-ipp.txt -<% end -%> -<% if scope.lookupvar('server') != '' -%> -server <%= scope.lookupvar('server') %> -<% end -%> -<% scope.lookupvar('push').each do |item| -%> -push <%= item %> -<% end -%> diff --git a/puppet/modules/openvpn/templates/vars.erb b/puppet/modules/openvpn/templates/vars.erb deleted file mode 100644 index 20448b8b..00000000 --- a/puppet/modules/openvpn/templates/vars.erb +++ /dev/null @@ -1,68 +0,0 @@ -# easy-rsa parameter settings - -# NOTE: If you installed from an RPM, -# don't edit this file in place in -# /usr/share/openvpn/easy-rsa -- -# instead, you should copy the whole -# easy-rsa directory to another location -# (such as /etc/openvpn) so that your -# edits will not be wiped out by a future -# OpenVPN package upgrade. - -# This variable should point to -# the top level of the easy-rsa -# tree. -export EASY_RSA="/etc/openvpn/<%= @name %>/easy-rsa" - -# -# This variable should point to -# the requested executables -# -export OPENSSL="openssl" -export PKCS11TOOL="pkcs11-tool" -export GREP="grep" - - -# This variable should point to -# the openssl.cnf file included -# with easy-rsa. -export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` - -# Edit this variable to point to -# your soon-to-be-created key -# directory. -# -# WARNING: clean-all will do -# a rm -rf on this directory -# so make sure you define -# it correctly! -export KEY_DIR="$EASY_RSA/keys" - -# Issue rm -rf warning -echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR - -# PKCS11 fixes -export PKCS11_MODULE_PATH="dummy" -export PKCS11_PIN="dummy" - -# Increase this to 2048 if you -# are paranoid. This will slow -# down TLS negotiation performance -# as well as the one-time DH parms -# generation process. -export KEY_SIZE=1024 - -# In how many days should the root CA key expire? -export CA_EXPIRE=3650 - -# In how many days should certificates expire? -export KEY_EXPIRE=3650 - -# These are the default values for fields -# which will be placed in the certificate. -# Don't leave any of these fields blank. -export KEY_COUNTRY="<%= @country %>" -export KEY_PROVINCE="<%= @province %>" -export KEY_CITY="<%= @city %>" -export KEY_ORG="<%= @organization %>" -export KEY_EMAIL="<%= @email %>" diff --git a/puppet/modules/openvpn/vagrant/client.pp b/puppet/modules/openvpn/vagrant/client.pp deleted file mode 100644 index 7ebeb1d7..00000000 --- a/puppet/modules/openvpn/vagrant/client.pp +++ /dev/null @@ -1,5 +0,0 @@ -node default { - - package { 'openvpn': ensure => installed; } - -} diff --git a/puppet/modules/openvpn/vagrant/server.pp b/puppet/modules/openvpn/vagrant/server.pp deleted file mode 100644 index a95def06..00000000 --- a/puppet/modules/openvpn/vagrant/server.pp +++ /dev/null @@ -1,23 +0,0 @@ -node default { - openvpn::server { 'winterthur': - country => 'CH', - province => 'ZH', - city => 'Winterthur', - organization => 'example.org', - email => 'root@example.org', - server => '10.200.200.0 255.255.255.0' - } - - openvpn::client { 'client1': - server => 'winterthur'; - } - - openvpn::client_specific_config { 'client1': - server => 'winterthur', - ifconfig => '10.200.200.100 255.255.255.0' - } - - openvpn::client { 'client2': - server => 'winterthur'; - } -} |