summaryrefslogtreecommitdiff
path: root/puppet/modules/site_openvpn
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_openvpn')
-rw-r--r--puppet/modules/site_openvpn/manifests/init.pp41
-rw-r--r--puppet/modules/site_openvpn/manifests/server_config.pp100
2 files changed, 105 insertions, 36 deletions
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
index 7d63d569..c83b98c7 100644
--- a/puppet/modules/site_openvpn/manifests/init.pp
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -1,2 +1,43 @@
class site_openvpn {
+ package {
+ "openvpn":
+ ensure => installed;
+ }
+ service {
+ "openvpn":
+ ensure => running,
+ hasrestart => true,
+ hasstatus => true,
+ require => Exec["concat_/etc/default/openvpn"];
+ }
+ file {
+ "/etc/openvpn":
+ ensure => directory,
+ require => Package["openvpn"];
+ }
+
+ include concat::setup
+
+ concat {
+ "/etc/default/openvpn":
+ owner => root,
+ group => root,
+ mode => 644,
+ warn => true,
+ notify => Service["openvpn"];
+ }
+
+ concat::fragment {
+ "openvpn.default.header":
+ content => template("openvpn/etc-default-openvpn.erb"),
+ target => "/etc/default/openvpn",
+ order => 01;
+ }
+
+ concat::fragment {
+ "openvpn.default.autostart.${name}":
+ content => "AUTOSTART=all",
+ target => "/etc/default/openvpn",
+ order => 10;
+ }
}
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index e0e8db4f..4a130d13 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -1,84 +1,112 @@
-define site_openvpn::server_config($port, $protocol) {
+define site_openvpn::server_config($port, $proto) {
$openvpn_configname=$name
notice("Creating OpenVPN $openvpn_configname:
- Port: $port, Protocol: $protocol")
+ Port: $port, Protocol: $proto")
+
+ file {
+ "/etc/openvpn/${name}":
+ ensure => directory,
+ require => Package["openvpn"];
+ }
+
+ concat {
+ "/etc/openvpn/${openvpn_configname}.conf":
+ owner => root,
+ group => root,
+ mode => 644,
+ warn => true,
+ require => File["/etc/openvpn"],
+ notify => Service["openvpn"];
+ }
- $openvpn_server=$::fqdn
- # we don't need a ca generated
- #openvpn::server {
- # $openvpn_configname:
- # country => hiera("country"),
- # province => hiera("province"),
- # city => hiera("city"),
- # organization => hiera("organization"),
- # email => hiera("email");
- #}
- # configure server
- # all config options need to be "hieraized"
openvpn::option {
+ "ca ${openvpn_configname}":
+ key => "ca",
+ value => "/etc/openvpn/ca.crt",
+ #require => Exec["initca ${openvpn_configname}"],
+ server => "${openvpn_configname}";
+ "cert ${openvpn_configname}":
+ key => "cert",
+ value => "/etc/openvpn/${openvpn_configname}/server.crt",
+ #require => Exec["generate server cert ${openvpn_configname}"],
+ server => "${openvpn_configname}";
+ "key ${openvpn_configname}":
+ key => "key",
+ value => "/etc/openvpn/${openvpn_configname}/server.key",
+ #require => Exec["generate server cert ${openvpn_configname}"],
+ server => "${openvpn_configname}";
+ "dh ${openvpn_configname}":
+ key => "dh",
+ value => "/etc/openvpn/dh1024.pem",
+ #require => Exec["generate dh param ${openvpn_configname}"],
+ server => "${openvpn_configname}";
"dev $openvpn_configname":
key => "dev",
value => "tun",
- server => "$openvpn_server";
+ server => "$openvpn_configname";
+ "mode ${openvpn_configname}":
+ key => 'mode',
+ value => 'server',
+ server => $openvpn_configname;
"script-security $openvpn_configname":
key => "script-security",
value => "3",
- server => "$openvpn_server";
+ server => "$openvpn_configname";
"daemon $openvpn_configname":
key => "daemon",
- server => "$openvpn_server";
+ server => "$openvpn_configname";
"keepalive $openvpn_configname":
key => "keepalive",
value => "10 60",
- server => "$openvpn_server";
+ server => "$openvpn_configname";
"ping-timer-rem $openvpn_configname":
key => "ping-timer-rem",
- server => "$openvpn_server";
+ server => "$openvpn_configname";
"persist-tun $openvpn_configname":
key => "persist-tun",
- server => "$openvpn_server";
+ server => "$openvpn_configname";
"persist-key $openvpn_configname":
key => "persist-key",
- server => "$openvpn_server";
+ server => "$openvpn_configname";
"proto $openvpn_configname":
key => "proto",
value => "$proto",
- server => "$openvpn_server";
+ server => "$openvpn_configname";
"cipher $openvpn_configname":
key => "cipher",
value => "BF-CBC",
- server => "$openvpn_server";
+ server => "$openvpn_configname";
"local $openvpn_configname":
key => "local",
value => $ipaddress,
- server => "$openvpn_server";
+ server => "$openvpn_configname";
"tls-server $openvpn_configname":
key => "tls-server",
- server => "$openvpn_server";
- "server $openvpn_configname":
- key => "server",
- value => "$server",
- server => "$openvpn_server";
+ server => "$openvpn_configname";
+ #"server $openvpn_configname":
+ # key => "server",
+ # value => "$server",
+ # server => "$openvpn_configname";
"lport $openvpn_configname":
key => "lport",
value => "$port",
- server => "$openvpn_server";
+ server => "$openvpn_configname";
"management $openvpn_configname":
key => "management",
value => "/var/run/openvpn-$openvpn_configname.sock unix",
- server => "$openvpn_server";
+ server => "$openvpn_configname";
"comp-lzo $openvpn_configname":
key => "comp-lzo",
- server => "$openvpn_server";
+ server => "$openvpn_configname";
"topology $openvpn_configname":
key => "topology",
value => "subnet",
- server => "$openvpn_server";
- "client-to-client $openvpn_configname":
- key => "client-to-client",
- server => "$openvpn_server";
+ server => "$openvpn_configname";
+ #"client-to-client $openvpn_configname":
+ # key => "client-to-client",
+ # server => "$openvpn_configname";
}
}