fd94796790330993dbd245e5dcf57cc6e30b0a53
[puppet_openvpn.git] / manifests / client.pp
1 # client.pp
2
3 define openvpn::client($server, $remote_host = $fqdn) {
4     exec {
5         "generate certificate for ${name} in context of ${server}":
6             command  => ". ./vars && ./pkitool ${name}",
7             cwd      => "/etc/openvpn/${server}/easy-rsa",
8             creates  => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt",
9             provider => "shell",
10             require  => Exec["generate server cert ${server}"];
11     }
12
13     file {
14         "/etc/openvpn/${server}/download-configs/${name}":
15             ensure  => directory,
16             require => File["/etc/openvpn/${server}/download-configs"];
17
18         "/etc/openvpn/${server}/download-configs/${name}/keys":
19             ensure  => directory,
20             require => File["/etc/openvpn/${server}/download-configs/${name}"];
21
22         "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt":
23             ensure => link,
24             target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt",
25             require => [ Exec["generate certificate for ${name} in context of ${server}"],
26                          File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
27
28         "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key":
29             ensure => link,
30             target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.key",
31             require => [ Exec["generate certificate for ${name} in context of ${server}"],
32                          File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
33
34         "/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt":
35             ensure => link,
36             target => "/etc/openvpn/${server}/easy-rsa/keys/ca.crt",
37             require => [ Exec["generate certificate for ${name} in context of ${server}"],
38                          File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
39     }
40
41
42     openvpn::option {
43         "ca ${server} with ${name}":
44             key    => "ca",
45             value  => "keys/ca.crt",
46             client => $name,
47             server => $server;
48         "cert ${server} with ${name}":
49             key    => "cert",
50             value  => "keys/${name}.crt",
51             client => $name,
52             server => $server;
53         "key ${server} with ${name}":
54             key    => "key",
55             value  => "keys/${name}.key",
56             client => $name,
57             server => $server;
58         "client ${server} with ${name}":
59             key    => "client",
60             client => $name,
61             server => $server;
62         "dev ${server} with ${name}":
63             key    => "dev",
64             value  => "tun",
65             client => $name,
66             server => $server;
67         "proto ${server} with ${name}":
68             key    => "proto",
69             value  => "tcp",
70             client => $name,
71             server => $server;
72         "remote ${server} with ${name}":
73             key    => "remote",
74             value  => "${remote_host} 1194",
75             client => $name,
76             server => $server;
77         "resolv-retry ${server} with ${name}":
78             key    => "resolv-retry",
79             value  => "infinite",
80             client => $name,
81             server => $server;
82         "nobind ${server} with ${name}":
83             key    => "nobind",
84             client => $name,
85             server => $server;
86         "persist-key ${server} with ${name}":
87             key    => "persist-key",
88             client => $name,
89             server => $server;
90         "persist-tun ${server} with ${name}":
91             key    => "persist-tun",
92             client => $name,
93             server => $server;
94         "mute-replay-warnings ${server} with ${name}":
95             key    => "mute-replay-warnings",
96             client => $name,
97             server => $server;
98         "ns-cert-type ${server} with ${name}":
99             key    => "ns-cert-type",
100             value  => "server",
101             client => $name,
102             server => $server;
103         "comp-lzo ${server} with ${name}":
104             key    => "comp-lzo",
105             client => $name,
106             server => $server;
107         "verb ${server} with ${name}":
108             key    => "verb",
109             value  => "3",
110             client => $name,
111             server => $server;
112         "mute ${server} with ${name}":
113             key    => "mute",
114             value  => "20",
115             client => $name,
116             server => $server;
117     }
118
119     exec {
120         "tar the thing ${server} with ${name}":
121             cwd         => "/etc/openvpn/${server}/download-configs/",
122             command     => "/bin/rm ${name}.tar.gz; tar --exclude=\\*.conf.d -chzvf ${name}.tar.gz ${name}",
123             refreshonly => true,
124             require     => [ File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"],
125                             File["/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt"],
126                             File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"],
127                             File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] ];
128     }
129
130
131     concat {
132         [ "/etc/openvpn/${server}/client-configs/${name}", "/etc/openvpn/${server}/download-configs/${name}/${name}.conf" ]:
133             owner   => root,
134             group   => root,
135             mode    => 644,
136             warn    => true,
137             force   => true,
138             notify  => Exec["tar the thing ${server} with ${name}"],
139             require => [ File["/etc/openvpn"], File["/etc/openvpn/${server}/download-configs/${name}"] ];
140     }
141
142 }