ec2fde9d89fa38c92e52797683a56e0ac4b144a7
[puppet_openvpn.git] / manifests / server.pp
1 # server.pp
2
3 define openvpn::server($country, $province, $city, $organization, $email) {
4     include openvpn
5
6     $easyrsa_source = $operatingsystem ? {
7       'centos' => '/usr/share/doc/openvpn-2.2.0/easy-rsa/2.0',
8       default => '/usr/share/doc/openvpn/examples/easy-rsa/2.0'
9     }
10
11     $link_openssl_cnf = $lsbdistcodename ? {
12       'precise' => true,
13       default => false
14     }
15
16     file {
17         "/etc/openvpn/${name}":
18             ensure  => directory,
19             require => Package["openvpn"];
20     }
21     file {
22         "/etc/openvpn/${name}/client-configs":
23             ensure  => directory,
24             require => File["/etc/openvpn/${name}"];
25         "/etc/openvpn/${name}/download-configs":
26             ensure  => directory,
27             require => File["/etc/openvpn/${name}"];
28     }
29
30     openvpn::option {
31         "client-config-dir ${name}":
32             key     => 'client-config-dir',
33             value   => "/etc/openvpn/${name}/client-configs",
34             server  => $name,
35             require => File["/etc/openvpn/${name}"];
36         "mode ${name}":
37             key    => 'mode',
38             value  => 'server',
39             server => $name;
40     }
41
42     exec {
43         "copy easy-rsa to openvpn config folder ${name}":
44             command => "/bin/cp -r ${easyrsa_source} /etc/openvpn/${name}/easy-rsa",
45             creates => "/etc/openvpn/${name}/easy-rsa",
46             notify  => Exec["fix_easyrsa_file_permissions"],
47             require => File["/etc/openvpn/${name}"];
48     }
49     exec {
50         "fix_easyrsa_file_permissions":
51             refreshonly => "true",
52             command     => "/bin/chmod 755 /etc/openvpn/${name}/easy-rsa/*";
53     }
54     file {
55         "/etc/openvpn/${name}/easy-rsa/vars":
56             ensure  => present,
57             content => template("openvpn/vars.erb"),
58             require => Exec["copy easy-rsa to openvpn config folder ${name}"];
59     }
60
61     file {
62       "/etc/openvpn/${name}/easy-rsa/openssl.cnf":
63         require => Exec["copy easy-rsa to openvpn config folder ${name}"];
64     }
65     if $link_openssl_cnf == true {
66         File["/etc/openvpn/${name}/easy-rsa/openssl.cnf"] {
67             ensure => link,
68             target => "/etc/openvpn/${name}/easy-rsa/openssl-1.0.0.cnf"
69         }
70     }
71
72     exec {
73         "generate dh param ${name}":
74             command  => ". ./vars && ./clean-all && ./build-dh",
75             cwd      => "/etc/openvpn/${name}/easy-rsa",
76             creates  => "/etc/openvpn/${name}/easy-rsa/keys/dh1024.pem",
77             provider => "shell",
78             require  => File["/etc/openvpn/${name}/easy-rsa/vars"];
79
80         "initca ${name}":
81             command  => ". ./vars && ./pkitool --initca",
82             cwd      => "/etc/openvpn/${name}/easy-rsa",
83             creates  => "/etc/openvpn/${name}/easy-rsa/keys/ca.key",
84             provider => "shell",
85             require  => [ Exec["generate dh param ${name}"], File["/etc/openvpn/${name}/easy-rsa/openssl.cnf"] ];
86
87         "generate server cert ${name}":
88             command  => ". ./vars && ./pkitool --server server",
89             cwd      => "/etc/openvpn/${name}/easy-rsa",
90             creates  => "/etc/openvpn/${name}/easy-rsa/keys/server.key",
91             provider => "shell",
92             require  => Exec["initca ${name}"];
93     }
94
95     file {
96         "/etc/openvpn/${name}/keys":
97             ensure  => link,
98             target  => "/etc/openvpn/${name}/easy-rsa/keys",
99             require => Exec["copy easy-rsa to openvpn config folder ${name}"];
100     }
101
102     openvpn::option {
103         "ca ${name}":
104             key     => "ca",
105             value   => "/etc/openvpn/${name}/keys/ca.crt",
106             require => Exec["initca ${name}"],
107             server  => "${name}";
108         "cert ${name}":
109             key     => "cert",
110             value   => "/etc/openvpn/${name}/keys/server.crt",
111             require => Exec["generate server cert ${name}"],
112             server  => "${name}";
113         "key ${name}":
114             key     => "key",
115             value   => "/etc/openvpn/${name}/keys/server.key",
116             require => Exec["generate server cert ${name}"],
117             server  => "${name}";
118         "dh ${name}":
119             key     => "dh",
120             value   => "/etc/openvpn/${name}/keys/dh1024.pem",
121             require => Exec["generate dh param ${name}"],
122             server  => "${name}";
123     }
124
125     concat::fragment {
126         "openvpn.default.autostart.${name}":
127             content => "AUTOSTART=\"\$AUTOSTART ${name}\"\n",
128             target  => "/etc/default/openvpn",
129             order   => 10;
130     }
131
132     concat {
133         "/etc/openvpn/${name}.conf":
134             owner   => root,
135             group   => root,
136             mode    => 644,
137             warn    => true,
138             require => File["/etc/openvpn"],
139             notify  => Service["openvpn"];
140     }
141
142 }