2bf2f6497a6ba287c74351cce29b900f843481b0
[puppet_openvpn.git] / manifests / server.pp
1 # server.pp
2
3 define openvpn::server($country, $province, $city, $organization, $email) {
4     include openvpn
5
6     file {
7         "/etc/openvpn/${name}":
8             ensure => directory,
9             require => Package["openvpn"];
10     }
11     file {
12         "/etc/openvpn/${name}/client-configs":
13             ensure => directory,
14             require => File["/etc/openvpn/${name}"];
15         "/etc/openvpn/${name}/download-configs":
16             ensure => directory,
17             require => File["/etc/openvpn/${name}"];
18     }
19
20     exec {
21         "copy easy-rsa to openvpn config folder ${name}":
22             command => "cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/${name}/easy-rsa",
23             creates => "/etc/openvpn/${name}/easy-rsa",
24             require => File["/etc/openvpn/${name}"];
25     }
26     file {
27         "/etc/openvpn/${name}/easy-rsa/vars":
28             ensure  => present,
29             content => template("openvpn/vars.erb"),
30             require => Exec["copy easy-rsa to openvpn config folder ${name}"];
31     }
32     
33     exec {
34         "generate dh param ${name}":
35             command  => ". ./vars && ./clean-all && ./build-dh",
36             cwd      => "/etc/openvpn/${name}/easy-rsa",
37             creates  => "/etc/openvpn/${name}/easy-rsa/keys/dh1024.pem",
38             provider => "shell",
39             require  => File["/etc/openvpn/${name}/easy-rsa/vars"];
40         
41         "initca ${name}":
42             command  => ". ./vars && ./pkitool --initca",
43             cwd      => "/etc/openvpn/${name}/easy-rsa",
44             creates  => "/etc/openvpn/${name}/easy-rsa/keys/ca.key",
45             provider => "shell",
46             require  => Exec["generate dh param ${name}"];
47         
48         "generate server cert ${name}":
49             command  => ". ./vars && ./pkitool --server server",
50             cwd      => "/etc/openvpn/${name}/easy-rsa",
51             creates  => "/etc/openvpn/${name}/easy-rsa/keys/server.key",
52             provider => "shell",
53             require  => Exec["initca ${name}"];
54     }
55
56     file {
57         "/etc/openvpn/${name}/keys":
58             ensure  => link,
59             target  => "/etc/openvpn/${name}/easy-rsa/keys",
60             require => Exec["copy easy-rsa to openvpn config folder ${name}"];
61     }
62
63     openvpn::option {
64         "ca ${name}":
65             key     => "ca",
66             value   => "/etc/openvpn/${name}/keys/ca.crt",
67             require => Exec["initca ${name}"],
68             server  => "${name}";
69         "cert ${name}":
70             key     => "cert",
71             value   => "/etc/openvpn/${name}/keys/server.crt",
72             require => Exec["generate server cert ${name}"],
73             server  => "${name}";
74         "key ${name}":
75             key     => "key",
76             value   => "/etc/openvpn/${name}/keys/server.key",
77             require => Exec["generate server cert ${name}"],
78             server  => "${name}";
79         "dh ${name}":
80             key     => "dh",
81             value   => "/etc/openvpn/${name}/keys/dh1024.pem",
82             require => Exec["generate dh param ${name}"],
83             server  => "${name}";
84     }
85     
86     common::concatfilepart {
87         "etc-default-openvpn autostart for ${name}":
88             ensure  => present,
89             content => "AUTOSTART=\"\$AUTOSTART ${name}\"\n",
90             file    => "/etc/default/openvpn";
91     }
92 }