From 58bb91f094611e95ccda0b2a2ed5756225c41617 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 10:57:26 +0200 Subject: initial site.pp --- puppet/manifests/site.pp | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 puppet/manifests/site.pp (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp new file mode 100644 index 00000000..3a136015 --- /dev/null +++ b/puppet/manifests/site.pp @@ -0,0 +1,3 @@ +node "default" { + notify {'Hello World':} +} -- cgit v1.2.3 From 59635ff7904645075bf3ddd30a70a05a58102bed Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 11:21:23 +0200 Subject: added submodule openvpn --- puppet/modules/openvpn | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/openvpn (limited to 'puppet') diff --git a/puppet/modules/openvpn b/puppet/modules/openvpn new file mode 160000 index 00000000..25f1fe8d --- /dev/null +++ b/puppet/modules/openvpn @@ -0,0 +1 @@ +Subproject commit 25f1fe8d813f6128068d890a40f5e24be78fb47c -- cgit v1.2.3 From 2c2e3608a251bdb8210767484e05c896f6803d6c Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 11:29:17 +0200 Subject: beginning of openvpn server config --- puppet/manifests/site.pp | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 3a136015..39173f95 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,3 +1,15 @@ -node "default" { - notify {'Hello World':} +node 'cougar.leap.se' { + openvpn::server { + 'cougar.leap.se': + country => 'TR', + province => 'Ankara', + city => 'Ankara', + organization => 'leap.se', + email => 'sysdev@leap.se'; +} + +} + +node 'default' { + notify {'Please specify a host in site.pp!':} } -- cgit v1.2.3 From 670819cbaa3cf78e2fce45aeb030ece78a920a57 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 11:55:35 +0200 Subject: added submodule concat --- puppet/modules/concat | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/concat (limited to 'puppet') diff --git a/puppet/modules/concat b/puppet/modules/concat new file mode 160000 index 00000000..abce1280 --- /dev/null +++ b/puppet/modules/concat @@ -0,0 +1 @@ +Subproject commit abce1280e07b544d8455f1572dd870bbd2f14892 -- cgit v1.2.3 From caeac390b217849e8e57ac3afeb4061099e3fec5 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 12:10:21 +0200 Subject: use node default again, more openvpn config --- puppet/manifests/site.pp | 75 ++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 70 insertions(+), 5 deletions(-) (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 39173f95..890d2623 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,4 +1,6 @@ -node 'cougar.leap.se' { +node 'default' { + notify {'Please specify a host in site.pp!':} + openvpn::server { 'cougar.leap.se': country => 'TR', @@ -6,10 +8,73 @@ node 'cougar.leap.se' { city => 'Ankara', organization => 'leap.se', email => 'sysdev@leap.se'; -} + } -} +# configure server + + + openvpn::option { + "dev server1": + key => "dev", + value => "tun0", + server => "server1"; + "script-security server1": + key => "script-security", + value => "3", + server => "server1"; + "daemon server1": + key => "daemon", + server => "server1"; + "keepalive server1": + key => "keepalive", + value => "10 60", + server => "server1"; + "ping-timer-rem server1": + key => "ping-timer-rem", + server => "server1"; + "persist-tun server1": + key => "persist-tun", + server => "server1"; + "persist-key server1": + key => "persist-key", + server => "server1"; + "proto server1": + key => "proto", + value => "tcp-server", + server => "server1"; + "cipher server1": + key => "cipher", + value => "BF-CBC", + server => "server1"; + "local server1": + key => "local", + value => $ipaddress, + server => "server1"; + "tls-server server1": + key => "tls-server", + server => "server1"; + "server server1": + key => "server", + value => "10.10.10.0 255.255.255.0", + server => "server1"; + "lport server1": + key => "lport", + value => "1194", + server => "server1"; + "management server1": + key => "management", + value => "/var/run/openvpn-server1.sock unix", + server => "server1"; + "comp-lzo server1": + key => "comp-lzo", + server => "server1"; + "topology server1": + key => "topology", + value => "subnet", + server => "server1"; + "client-to-client server1": + key => "client-to-client", + server => "server1"; + } -node 'default' { - notify {'Please specify a host in site.pp!':} } -- cgit v1.2.3 From 72987f7f86bd322e8ea68ff2633c76a29c6c2f95 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 12:14:06 +0200 Subject: more openvpn config testing --- puppet/manifests/site.pp | 74 +++++++++++++++++++++++++----------------------- 1 file changed, 38 insertions(+), 36 deletions(-) (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 890d2623..de551aed 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,8 +1,10 @@ node 'default' { notify {'Please specify a host in site.pp!':} + $openvpn_server='cougar.leap.se' + openvpn::server { - 'cougar.leap.se': + "$openvpn_server": country => 'TR', province => 'Ankara', city => 'Ankara', @@ -14,67 +16,67 @@ node 'default' { openvpn::option { - "dev server1": + "dev $openvpn_server": key => "dev", value => "tun0", - server => "server1"; - "script-security server1": + server => "$openvpn_server"; + "script-security $openvpn_server": key => "script-security", value => "3", - server => "server1"; - "daemon server1": + server => "$openvpn_server"; + "daemon $openvpn_server": key => "daemon", - server => "server1"; - "keepalive server1": + server => "$openvpn_server"; + "keepalive $openvpn_server": key => "keepalive", value => "10 60", - server => "server1"; - "ping-timer-rem server1": + server => "$openvpn_server"; + "ping-timer-rem $openvpn_server": key => "ping-timer-rem", - server => "server1"; - "persist-tun server1": + server => "$openvpn_server"; + "persist-tun $openvpn_server": key => "persist-tun", - server => "server1"; - "persist-key server1": + server => "$openvpn_server"; + "persist-key $openvpn_server": key => "persist-key", - server => "server1"; - "proto server1": + server => "$openvpn_server"; + "proto $openvpn_server": key => "proto", value => "tcp-server", - server => "server1"; - "cipher server1": + server => "$openvpn_server"; + "cipher $openvpn_server": key => "cipher", value => "BF-CBC", - server => "server1"; - "local server1": + server => "$openvpn_server"; + "local $openvpn_server": key => "local", value => $ipaddress, - server => "server1"; - "tls-server server1": + server => "$openvpn_server"; + "tls-server $openvpn_server": key => "tls-server", - server => "server1"; - "server server1": + server => "$openvpn_server"; + "server $openvpn_server": key => "server", value => "10.10.10.0 255.255.255.0", - server => "server1"; - "lport server1": + server => "$openvpn_server"; + "lport $openvpn_server": key => "lport", value => "1194", - server => "server1"; - "management server1": + server => "$openvpn_server"; + "management $openvpn_server": key => "management", - value => "/var/run/openvpn-server1.sock unix", - server => "server1"; - "comp-lzo server1": + value => "/var/run/openvpn-$openvpn_server.sock unix", + server => "$openvpn_server"; + "comp-lzo $openvpn_server": key => "comp-lzo", - server => "server1"; - "topology server1": + server => "$openvpn_server"; + "topology $openvpn_server": key => "topology", value => "subnet", - server => "server1"; - "client-to-client server1": + server => "$openvpn_server"; + "client-to-client $openvpn_server": key => "client-to-client", - server => "server1"; + server => "$openvpn_server"; } } -- cgit v1.2.3 From 852e036263a2473acc4c07e859aca1a2c7860b6e Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 7 Sep 2012 12:49:38 +0200 Subject: main hiera config --- puppet/hiera.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 puppet/hiera.yaml (limited to 'puppet') diff --git a/puppet/hiera.yaml b/puppet/hiera.yaml new file mode 100644 index 00000000..01b0d3b8 --- /dev/null +++ b/puppet/hiera.yaml @@ -0,0 +1,16 @@ +--- +:backends: + - yaml + - puppet + +:logger: console + +:hierarchy: + - "%{location}" + - common + +:yaml: + :datadir: /etc/leap/hieradata + +:puppet: + :datasource: data -- cgit v1.2.3 From bdfcfbb8702748ab013190b0116735fe56f7531e Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 7 Sep 2012 13:06:00 +0200 Subject: use hiere for openvpn CA --- puppet/manifests/site.pp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index de551aed..0d1f426d 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,15 +1,15 @@ node 'default' { notify {'Please specify a host in site.pp!':} - $openvpn_server='cougar.leap.se' + $openvpn_server=$::fqdn openvpn::server { "$openvpn_server": - country => 'TR', - province => 'Ankara', - city => 'Ankara', - organization => 'leap.se', - email => 'sysdev@leap.se'; + country => hiera("country"), + province => hiera("province"), + city => hiera("city"), + organization => hiera("organization"), + email => hiera("email"); } # configure server -- cgit v1.2.3 From c255a6a8772684397f545a560119428ac44993ca Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 11:49:00 +0200 Subject: use relative path, hieradata outline --- puppet/hiera.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'puppet') diff --git a/puppet/hiera.yaml b/puppet/hiera.yaml index 01b0d3b8..76584ad1 100644 --- a/puppet/hiera.yaml +++ b/puppet/hiera.yaml @@ -6,11 +6,14 @@ :logger: console :hierarchy: - - "%{location}" - - common + - hosts/%{fqdn} + - services/%{service} + - defaults +# relative from where puppet is run, so we need to run puppet +# from the root dir of the leap_platform repo :yaml: - :datadir: /etc/leap/hieradata + :datadir: config :puppet: :datasource: data -- cgit v1.2.3 From 429944efaac25766a5999966d8f52f74a0e0292b Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 11:49:52 +0200 Subject: using class site_openvpn --- puppet/manifests/site.pp | 86 ++++-------------------------------------------- 1 file changed, 7 insertions(+), 79 deletions(-) (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 0d1f426d..1bfc730e 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,82 +1,10 @@ node 'default' { - notify {'Please specify a host in site.pp!':} - - $openvpn_server=$::fqdn - - openvpn::server { - "$openvpn_server": - country => hiera("country"), - province => hiera("province"), - city => hiera("city"), - organization => hiera("organization"), - email => hiera("email"); - } - -# configure server - - - openvpn::option { - "dev $openvpn_server": - key => "dev", - value => "tun0", - server => "$openvpn_server"; - "script-security $openvpn_server": - key => "script-security", - value => "3", - server => "$openvpn_server"; - "daemon $openvpn_server": - key => "daemon", - server => "$openvpn_server"; - "keepalive $openvpn_server": - key => "keepalive", - value => "10 60", - server => "$openvpn_server"; - "ping-timer-rem $openvpn_server": - key => "ping-timer-rem", - server => "$openvpn_server"; - "persist-tun $openvpn_server": - key => "persist-tun", - server => "$openvpn_server"; - "persist-key $openvpn_server": - key => "persist-key", - server => "$openvpn_server"; - "proto $openvpn_server": - key => "proto", - value => "tcp-server", - server => "$openvpn_server"; - "cipher $openvpn_server": - key => "cipher", - value => "BF-CBC", - server => "$openvpn_server"; - "local $openvpn_server": - key => "local", - value => $ipaddress, - server => "$openvpn_server"; - "tls-server $openvpn_server": - key => "tls-server", - server => "$openvpn_server"; - "server $openvpn_server": - key => "server", - value => "10.10.10.0 255.255.255.0", - server => "$openvpn_server"; - "lport $openvpn_server": - key => "lport", - value => "1194", - server => "$openvpn_server"; - "management $openvpn_server": - key => "management", - value => "/var/run/openvpn-$openvpn_server.sock unix", - server => "$openvpn_server"; - "comp-lzo $openvpn_server": - key => "comp-lzo", - server => "$openvpn_server"; - "topology $openvpn_server": - key => "topology", - value => "subnet", - server => "$openvpn_server"; - "client-to-client $openvpn_server": - key => "client-to-client", - server => "$openvpn_server"; - } + $service='eip' + $password=hiera('testpw') + $openvpn_ports=hiera_array('openvpn_ports') + $tor=hiera('tor') + notify {"Password: $password":} + notify {"Openvpn Config for $fqdn: openvpn_ports=$openvpn_ports, tor=$tor":} + #include site_openvpn } -- cgit v1.2.3 From 075d6fb40ddaace0442a8d5ba9396c9f1849bddc Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 11:50:22 +0200 Subject: beginning of site_openvpn --- puppet/modules/site_openvpn/manifests/init.pp | 81 +++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 puppet/modules/site_openvpn/manifests/init.pp (limited to 'puppet') diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp new file mode 100644 index 00000000..3d753af9 --- /dev/null +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -0,0 +1,81 @@ +class site_openvpn { + + $openvpn_server=$::fqdn + + openvpn::server { + $openvpn_server: + country => hiera("country"), + province => hiera("province"), + city => hiera("city"), + organization => hiera("organization"), + email => hiera("email"); + } + +# configure server + + + openvpn::option { + "dev $openvpn_server": + key => "dev", + value => "tun0", + server => "$openvpn_server"; + "script-security $openvpn_server": + key => "script-security", + value => "3", + server => "$openvpn_server"; + "daemon $openvpn_server": + key => "daemon", + server => "$openvpn_server"; + "keepalive $openvpn_server": + key => "keepalive", + value => "10 60", + server => "$openvpn_server"; + "ping-timer-rem $openvpn_server": + key => "ping-timer-rem", + server => "$openvpn_server"; + "persist-tun $openvpn_server": + key => "persist-tun", + server => "$openvpn_server"; + "persist-key $openvpn_server": + key => "persist-key", + server => "$openvpn_server"; + "proto $openvpn_server": + key => "proto", + value => "tcp-server", + server => "$openvpn_server"; + "cipher $openvpn_server": + key => "cipher", + value => "BF-CBC", + server => "$openvpn_server"; + "local $openvpn_server": + key => "local", + value => $ipaddress, + server => "$openvpn_server"; + "tls-server $openvpn_server": + key => "tls-server", + server => "$openvpn_server"; + "server $openvpn_server": + key => "server", + value => "10.10.10.0 255.255.255.0", + server => "$openvpn_server"; + "lport $openvpn_server": + key => "lport", + value => "1194", + server => "$openvpn_server"; + "management $openvpn_server": + key => "management", + value => "/var/run/openvpn-$openvpn_server.sock unix", + server => "$openvpn_server"; + "comp-lzo $openvpn_server": + key => "comp-lzo", + server => "$openvpn_server"; + "topology $openvpn_server": + key => "topology", + value => "subnet", + server => "$openvpn_server"; + "client-to-client $openvpn_server": + key => "client-to-client", + server => "$openvpn_server"; + } + +} -- cgit v1.2.3 From 7ad84a65744250098be1e05ef998f32f5c0a0523 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 12:20:15 +0200 Subject: hierachy levels need to be unambiguous, so we can't use services here, as one host could provide multiple services --- puppet/hiera.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/hiera.yaml b/puppet/hiera.yaml index 76584ad1..764966a2 100644 --- a/puppet/hiera.yaml +++ b/puppet/hiera.yaml @@ -7,7 +7,7 @@ :hierarchy: - hosts/%{fqdn} - - services/%{service} +# - services/%{service} # that's not possible, as hiera needs _one_ target per hierarchy - defaults # relative from where puppet is run, so we need to run puppet -- cgit v1.2.3 From 5c7ce0a1c90ab1c0844369882f7fcdb6ff05c16d Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 13:39:00 +0200 Subject: new config layout --- puppet/hiera.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/hiera.yaml b/puppet/hiera.yaml index 764966a2..66efa299 100644 --- a/puppet/hiera.yaml +++ b/puppet/hiera.yaml @@ -7,7 +7,10 @@ :hierarchy: - hosts/%{fqdn} -# - services/%{service} # that's not possible, as hiera needs _one_ target per hierarchy + - ca/%{fqdn} + - ca/defaults + - eip/%{fqdn} + - eip/defaults - defaults # relative from where puppet is run, so we need to run puppet -- cgit v1.2.3 From 764ae6f21a8a54af78b29fc14876af36e2dd4651 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 13:39:23 +0200 Subject: parse new config layout --- puppet/manifests/site.pp | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 1bfc730e..bb29e393 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,10 +1,22 @@ +define print() { + notice("The value is: '${name}'") +} + + node 'default' { - $service='eip' - $password=hiera('testpw') - $openvpn_ports=hiera_array('openvpn_ports') - $tor=hiera('tor') - notify {"Password: $password":} - notify {"Openvpn Config for $fqdn: openvpn_ports=$openvpn_ports, tor=$tor":} - #include site_openvpn + #$password=hiera('testpw') + #notify {"Password: $password":} + + $services=hiera_array('services') + notice("Services for $fqdn: $services") + + if 'eip' in $services { + $openvpn_ports=hiera_array('openvpn_ports') + $tor=hiera('tor') + notice("Openvpn Config for $fqdn: openvpn_ports=$openvpn_ports, tor=$tor") + print{$openvpn_ports:} + #include site_openvpn + } + } -- cgit v1.2.3 From 1a0d1907b303c2ab1e8da2a26e061e8a7327241e Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 13:58:03 +0200 Subject: just a comment --- puppet/hiera.yaml | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet') diff --git a/puppet/hiera.yaml b/puppet/hiera.yaml index 66efa299..a992c057 100644 --- a/puppet/hiera.yaml +++ b/puppet/hiera.yaml @@ -11,6 +11,7 @@ - ca/defaults - eip/%{fqdn} - eip/defaults +# more services following - defaults # relative from where puppet is run, so we need to run puppet -- cgit v1.2.3 From 75e57c74d5aa0595e02435ca4de15b9df1cc6002 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 21 Sep 2012 12:45:36 +0200 Subject: parsing of hiera config hash works --- puppet/manifests/site.pp | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index bb29e393..abb81511 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,7 +1,15 @@ define print() { - notice("The value is: '${name}'") + notice("The value is: '${name}'") +} + +define create_openvpn_config($port, $protocol) { + $openvpn_configname=$name + notice("Creating OpenVPN $openvpn_configname: + Port: $port, Protocol: $protocol") + # ... + #include site_openvpn + } - node 'default' { #$password=hiera('testpw') @@ -11,12 +19,9 @@ node 'default' { notice("Services for $fqdn: $services") if 'eip' in $services { - $openvpn_ports=hiera_array('openvpn_ports') + $openvpn=hiera('openvpn') $tor=hiera('tor') - notice("Openvpn Config for $fqdn: openvpn_ports=$openvpn_ports, tor=$tor") - print{$openvpn_ports:} - #include site_openvpn + notice("Tor enabled: $tor") + create_resources('create_openvpn_config', $openvpn) } - - } -- cgit v1.2.3 From 1c5eb8a64426c93d8118acac52870a6a95f73010 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 21 Sep 2012 15:03:08 +0200 Subject: oved things around --- puppet/manifests/site.pp | 18 ++--- puppet/modules/site_openvpn/manifests/init.pp | 79 -------------------- .../site_openvpn/manifests/server_config.pp | 84 ++++++++++++++++++++++ 3 files changed, 89 insertions(+), 92 deletions(-) create mode 100644 puppet/modules/site_openvpn/manifests/server_config.pp (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index abb81511..98e683af 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -2,26 +2,18 @@ define print() { notice("The value is: '${name}'") } -define create_openvpn_config($port, $protocol) { - $openvpn_configname=$name - notice("Creating OpenVPN $openvpn_configname: - Port: $port, Protocol: $protocol") - # ... - #include site_openvpn - -} - node 'default' { - #$password=hiera('testpw') - #notify {"Password: $password":} + $concat_basedir = '/var/lib/puppet/modules/concat' + include concat::setup $services=hiera_array('services') notice("Services for $fqdn: $services") if 'eip' in $services { - $openvpn=hiera('openvpn') $tor=hiera('tor') notice("Tor enabled: $tor") - create_resources('create_openvpn_config', $openvpn) + + $openvpn_config=hiera('openvpn') + create_resources('site_openvpn::server_config', $openvpn_config) } } diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp index 3d753af9..7d63d569 100644 --- a/puppet/modules/site_openvpn/manifests/init.pp +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -1,81 +1,2 @@ class site_openvpn { - - $openvpn_server=$::fqdn - - openvpn::server { - $openvpn_server: - country => hiera("country"), - province => hiera("province"), - city => hiera("city"), - organization => hiera("organization"), - email => hiera("email"); - } - -# configure server - - - openvpn::option { - "dev $openvpn_server": - key => "dev", - value => "tun0", - server => "$openvpn_server"; - "script-security $openvpn_server": - key => "script-security", - value => "3", - server => "$openvpn_server"; - "daemon $openvpn_server": - key => "daemon", - server => "$openvpn_server"; - "keepalive $openvpn_server": - key => "keepalive", - value => "10 60", - server => "$openvpn_server"; - "ping-timer-rem $openvpn_server": - key => "ping-timer-rem", - server => "$openvpn_server"; - "persist-tun $openvpn_server": - key => "persist-tun", - server => "$openvpn_server"; - "persist-key $openvpn_server": - key => "persist-key", - server => "$openvpn_server"; - "proto $openvpn_server": - key => "proto", - value => "tcp-server", - server => "$openvpn_server"; - "cipher $openvpn_server": - key => "cipher", - value => "BF-CBC", - server => "$openvpn_server"; - "local $openvpn_server": - key => "local", - value => $ipaddress, - server => "$openvpn_server"; - "tls-server $openvpn_server": - key => "tls-server", - server => "$openvpn_server"; - "server $openvpn_server": - key => "server", - value => "10.10.10.0 255.255.255.0", - server => "$openvpn_server"; - "lport $openvpn_server": - key => "lport", - value => "1194", - server => "$openvpn_server"; - "management $openvpn_server": - key => "management", - value => "/var/run/openvpn-$openvpn_server.sock unix", - server => "$openvpn_server"; - "comp-lzo $openvpn_server": - key => "comp-lzo", - server => "$openvpn_server"; - "topology $openvpn_server": - key => "topology", - value => "subnet", - server => "$openvpn_server"; - "client-to-client $openvpn_server": - key => "client-to-client", - server => "$openvpn_server"; - } - } diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp new file mode 100644 index 00000000..e0e8db4f --- /dev/null +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -0,0 +1,84 @@ +define site_openvpn::server_config($port, $protocol) { + $openvpn_configname=$name + notice("Creating OpenVPN $openvpn_configname: + Port: $port, Protocol: $protocol") + + $openvpn_server=$::fqdn + # we don't need a ca generated + #openvpn::server { + # $openvpn_configname: + # country => hiera("country"), + # province => hiera("province"), + # city => hiera("city"), + # organization => hiera("organization"), + # email => hiera("email"); + #} + + # configure server + # all config options need to be "hieraized" + + openvpn::option { + "dev $openvpn_configname": + key => "dev", + value => "tun", + server => "$openvpn_server"; + "script-security $openvpn_configname": + key => "script-security", + value => "3", + server => "$openvpn_server"; + "daemon $openvpn_configname": + key => "daemon", + server => "$openvpn_server"; + "keepalive $openvpn_configname": + key => "keepalive", + value => "10 60", + server => "$openvpn_server"; + "ping-timer-rem $openvpn_configname": + key => "ping-timer-rem", + server => "$openvpn_server"; + "persist-tun $openvpn_configname": + key => "persist-tun", + server => "$openvpn_server"; + "persist-key $openvpn_configname": + key => "persist-key", + server => "$openvpn_server"; + "proto $openvpn_configname": + key => "proto", + value => "$proto", + server => "$openvpn_server"; + "cipher $openvpn_configname": + key => "cipher", + value => "BF-CBC", + server => "$openvpn_server"; + "local $openvpn_configname": + key => "local", + value => $ipaddress, + server => "$openvpn_server"; + "tls-server $openvpn_configname": + key => "tls-server", + server => "$openvpn_server"; + "server $openvpn_configname": + key => "server", + value => "$server", + server => "$openvpn_server"; + "lport $openvpn_configname": + key => "lport", + value => "$port", + server => "$openvpn_server"; + "management $openvpn_configname": + key => "management", + value => "/var/run/openvpn-$openvpn_configname.sock unix", + server => "$openvpn_server"; + "comp-lzo $openvpn_configname": + key => "comp-lzo", + server => "$openvpn_server"; + "topology $openvpn_configname": + key => "topology", + value => "subnet", + server => "$openvpn_server"; + "client-to-client $openvpn_configname": + key => "client-to-client", + server => "$openvpn_server"; + } + +} -- cgit v1.2.3 From 276de1e249b25e5e00c49229132215681aee6467 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 21 Sep 2012 20:26:20 +0200 Subject: basic configuration for openvpn server files --- puppet/manifests/site.pp | 13 ++- puppet/modules/site_openvpn/manifests/init.pp | 41 +++++++++ .../site_openvpn/manifests/server_config.pp | 100 +++++++++++++-------- 3 files changed, 111 insertions(+), 43 deletions(-) (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 98e683af..f7b7303f 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,19 +1,18 @@ -define print() { - notice("The value is: '${name}'") -} - node 'default' { - $concat_basedir = '/var/lib/puppet/modules/concat' + # $concat_basedir = '/var/lib/puppet/modules/concat' # do we need this ? include concat::setup $services=hiera_array('services') notice("Services for $fqdn: $services") if 'eip' in $services { + include site_openvpn + $tor=hiera('tor') notice("Tor enabled: $tor") - $openvpn_config=hiera('openvpn') - create_resources('site_openvpn::server_config', $openvpn_config) + $openvpn_configs=hiera('openvpn_server_configs') + create_resources('site_openvpn::server_config', $openvpn_configs) + } } diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp index 7d63d569..c83b98c7 100644 --- a/puppet/modules/site_openvpn/manifests/init.pp +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -1,2 +1,43 @@ class site_openvpn { + package { + "openvpn": + ensure => installed; + } + service { + "openvpn": + ensure => running, + hasrestart => true, + hasstatus => true, + require => Exec["concat_/etc/default/openvpn"]; + } + file { + "/etc/openvpn": + ensure => directory, + require => Package["openvpn"]; + } + + include concat::setup + + concat { + "/etc/default/openvpn": + owner => root, + group => root, + mode => 644, + warn => true, + notify => Service["openvpn"]; + } + + concat::fragment { + "openvpn.default.header": + content => template("openvpn/etc-default-openvpn.erb"), + target => "/etc/default/openvpn", + order => 01; + } + + concat::fragment { + "openvpn.default.autostart.${name}": + content => "AUTOSTART=all", + target => "/etc/default/openvpn", + order => 10; + } } diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index e0e8db4f..4a130d13 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -1,84 +1,112 @@ -define site_openvpn::server_config($port, $protocol) { +define site_openvpn::server_config($port, $proto) { $openvpn_configname=$name notice("Creating OpenVPN $openvpn_configname: - Port: $port, Protocol: $protocol") + Port: $port, Protocol: $proto") + + file { + "/etc/openvpn/${name}": + ensure => directory, + require => Package["openvpn"]; + } + + concat { + "/etc/openvpn/${openvpn_configname}.conf": + owner => root, + group => root, + mode => 644, + warn => true, + require => File["/etc/openvpn"], + notify => Service["openvpn"]; + } - $openvpn_server=$::fqdn - # we don't need a ca generated - #openvpn::server { - # $openvpn_configname: - # country => hiera("country"), - # province => hiera("province"), - # city => hiera("city"), - # organization => hiera("organization"), - # email => hiera("email"); - #} - # configure server - # all config options need to be "hieraized" openvpn::option { + "ca ${openvpn_configname}": + key => "ca", + value => "/etc/openvpn/ca.crt", + #require => Exec["initca ${openvpn_configname}"], + server => "${openvpn_configname}"; + "cert ${openvpn_configname}": + key => "cert", + value => "/etc/openvpn/${openvpn_configname}/server.crt", + #require => Exec["generate server cert ${openvpn_configname}"], + server => "${openvpn_configname}"; + "key ${openvpn_configname}": + key => "key", + value => "/etc/openvpn/${openvpn_configname}/server.key", + #require => Exec["generate server cert ${openvpn_configname}"], + server => "${openvpn_configname}"; + "dh ${openvpn_configname}": + key => "dh", + value => "/etc/openvpn/dh1024.pem", + #require => Exec["generate dh param ${openvpn_configname}"], + server => "${openvpn_configname}"; "dev $openvpn_configname": key => "dev", value => "tun", - server => "$openvpn_server"; + server => "$openvpn_configname"; + "mode ${openvpn_configname}": + key => 'mode', + value => 'server', + server => $openvpn_configname; "script-security $openvpn_configname": key => "script-security", value => "3", - server => "$openvpn_server"; + server => "$openvpn_configname"; "daemon $openvpn_configname": key => "daemon", - server => "$openvpn_server"; + server => "$openvpn_configname"; "keepalive $openvpn_configname": key => "keepalive", value => "10 60", - server => "$openvpn_server"; + server => "$openvpn_configname"; "ping-timer-rem $openvpn_configname": key => "ping-timer-rem", - server => "$openvpn_server"; + server => "$openvpn_configname"; "persist-tun $openvpn_configname": key => "persist-tun", - server => "$openvpn_server"; + server => "$openvpn_configname"; "persist-key $openvpn_configname": key => "persist-key", - server => "$openvpn_server"; + server => "$openvpn_configname"; "proto $openvpn_configname": key => "proto", value => "$proto", - server => "$openvpn_server"; + server => "$openvpn_configname"; "cipher $openvpn_configname": key => "cipher", value => "BF-CBC", - server => "$openvpn_server"; + server => "$openvpn_configname"; "local $openvpn_configname": key => "local", value => $ipaddress, - server => "$openvpn_server"; + server => "$openvpn_configname"; "tls-server $openvpn_configname": key => "tls-server", - server => "$openvpn_server"; - "server $openvpn_configname": - key => "server", - value => "$server", - server => "$openvpn_server"; + server => "$openvpn_configname"; + #"server $openvpn_configname": + # key => "server", + # value => "$server", + # server => "$openvpn_configname"; "lport $openvpn_configname": key => "lport", value => "$port", - server => "$openvpn_server"; + server => "$openvpn_configname"; "management $openvpn_configname": key => "management", value => "/var/run/openvpn-$openvpn_configname.sock unix", - server => "$openvpn_server"; + server => "$openvpn_configname"; "comp-lzo $openvpn_configname": key => "comp-lzo", - server => "$openvpn_server"; + server => "$openvpn_configname"; "topology $openvpn_configname": key => "topology", value => "subnet", - server => "$openvpn_server"; - "client-to-client $openvpn_configname": - key => "client-to-client", - server => "$openvpn_server"; + server => "$openvpn_configname"; + #"client-to-client $openvpn_configname": + # key => "client-to-client", + # server => "$openvpn_configname"; } } -- cgit v1.2.3 From f6ab238512364ea640dc46e35590d5a5d5de51f3 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 11:55:35 +0200 Subject: added submodule concat --- puppet/modules/concat | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/concat (limited to 'puppet') diff --git a/puppet/modules/concat b/puppet/modules/concat new file mode 160000 index 00000000..abce1280 --- /dev/null +++ b/puppet/modules/concat @@ -0,0 +1 @@ +Subproject commit abce1280e07b544d8455f1572dd870bbd2f14892 -- cgit v1.2.3 From 8fb0fcd72bdb357942d5e9adc2092e78ce6e1ee0 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 23 Sep 2012 16:06:56 +0200 Subject: added submodule sshd --- puppet/modules/sshd | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/sshd (limited to 'puppet') diff --git a/puppet/modules/sshd b/puppet/modules/sshd new file mode 160000 index 00000000..bd2e283a --- /dev/null +++ b/puppet/modules/sshd @@ -0,0 +1 @@ +Subproject commit bd2e283ab59430a7b3194804f1c8da7a9b58f8ff -- cgit v1.2.3 From 1dba92e9a2d71b7a1259ecb5f627e57e1a8fc7b8 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 23 Sep 2012 19:01:54 +0200 Subject: beginning of site_sshd --- puppet/modules/site_sshd/manifests/init.pp | 1 + puppet/modules/site_sshd/manifests/ssh_key.pp | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 puppet/modules/site_sshd/manifests/init.pp create mode 100644 puppet/modules/site_sshd/manifests/ssh_key.pp (limited to 'puppet') diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp new file mode 100644 index 00000000..630e9bdf --- /dev/null +++ b/puppet/modules/site_sshd/manifests/init.pp @@ -0,0 +1 @@ +class site_sshd {} diff --git a/puppet/modules/site_sshd/manifests/ssh_key.pp b/puppet/modules/site_sshd/manifests/ssh_key.pp new file mode 100644 index 00000000..b47b2ebd --- /dev/null +++ b/puppet/modules/site_sshd/manifests/ssh_key.pp @@ -0,0 +1,3 @@ +define site_sshd::ssh_key($key) { + # ... todo: deploy ssh_key +} -- cgit v1.2.3 From 8320de2fd5bd8fcb429dfc1b68527a1c39a8341f Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 23 Sep 2012 19:02:28 +0200 Subject: reorderd config, include site_sshd --- puppet/manifests/site.pp | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index f7b7303f..a897de11 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -5,6 +5,14 @@ node 'default' { $services=hiera_array('services') notice("Services for $fqdn: $services") + # configure ssh and inculde ssh-keys + #include sshd + $ssh_keys=hiera_hash('ssh_keys') + include site_sshd + notice($ssh_keys) + create_resources('site_sshd::ssh_key', $ssh_keys) + + if 'eip' in $services { include site_openvpn -- cgit v1.2.3 From 967c231e754d769225e26cbd7b2ad3738bce833b Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 17:36:58 +0200 Subject: added submodule apt --- puppet/modules/apt | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/apt (limited to 'puppet') diff --git a/puppet/modules/apt b/puppet/modules/apt new file mode 160000 index 00000000..02bd3269 --- /dev/null +++ b/puppet/modules/apt @@ -0,0 +1 @@ +Subproject commit 02bd3269948f1a3c5a586e581a7fec22da69a2cc -- cgit v1.2.3 From 1b52d7de0f6214ceec879382932968fd07212624 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 17:45:08 +0200 Subject: added submodule lsb --- puppet/modules/lsb | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/lsb (limited to 'puppet') diff --git a/puppet/modules/lsb b/puppet/modules/lsb new file mode 160000 index 00000000..3742c1a0 --- /dev/null +++ b/puppet/modules/lsb @@ -0,0 +1 @@ +Subproject commit 3742c1a00c5602154a81834443ec5b0ca32c4ca0 -- cgit v1.2.3 From 3fc154d5b495338b7cce2971a0fba2c4faef4ee2 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 17:46:03 +0200 Subject: added submodule ntp --- puppet/modules/ntp | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/ntp (limited to 'puppet') diff --git a/puppet/modules/ntp b/puppet/modules/ntp new file mode 160000 index 00000000..27f2bc72 --- /dev/null +++ b/puppet/modules/ntp @@ -0,0 +1 @@ +Subproject commit 27f2bc72110b1001233eb0907aa07e06cdf33194 -- cgit v1.2.3 From 53dea7cd638ebf8d353d052b2d2185940c2056b9 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 17:54:53 +0200 Subject: added submodule git --- puppet/modules/git | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/git (limited to 'puppet') diff --git a/puppet/modules/git b/puppet/modules/git new file mode 160000 index 00000000..497a1034 --- /dev/null +++ b/puppet/modules/git @@ -0,0 +1 @@ +Subproject commit 497a1034489e0dc3cab5dab2fb0a857785769734 -- cgit v1.2.3 From b6f07a78502ecbe850c0b798dfdd0fdb60a78425 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 18:32:40 +0200 Subject: include some basic mclasses --- puppet/manifests/site.pp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index a897de11..f70c0673 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,6 +1,10 @@ node 'default' { + + # include some basic classes # $concat_basedir = '/var/lib/puppet/modules/concat' # do we need this ? include concat::setup + include apt,git,lsb + $services=hiera_array('services') notice("Services for $fqdn: $services") @@ -21,6 +25,6 @@ node 'default' { $openvpn_configs=hiera('openvpn_server_configs') create_resources('site_openvpn::server_config', $openvpn_configs) - } + } -- cgit v1.2.3 From bedef1a878698997c5c8490599dc9269fef60c37 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 18:35:38 +0200 Subject: added submodule common --- puppet/modules/common | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/common (limited to 'puppet') diff --git a/puppet/modules/common b/puppet/modules/common new file mode 160000 index 00000000..0961ad45 --- /dev/null +++ b/puppet/modules/common @@ -0,0 +1 @@ +Subproject commit 0961ad453b8befb4ea61bbd19f6ecea32b9619c9 -- cgit v1.2.3 From e73a5e34742a63d82ee4b1a84a779403d9f71bd7 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 18:41:37 +0200 Subject: include common --- puppet/manifests/site.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index f70c0673..5f58a733 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -3,8 +3,8 @@ node 'default' { # include some basic classes # $concat_basedir = '/var/lib/puppet/modules/concat' # do we need this ? include concat::setup - include apt,git,lsb - + include apt, lsb, git + import "common" $services=hiera_array('services') notice("Services for $fqdn: $services") -- cgit v1.2.3