diff options
| author | Justin Lambert <jlambert@eml.cc> | 2013-01-09 16:52:17 -0700 |
|---|---|---|
| committer | Justin Lambert <jlambert@eml.cc> | 2013-01-09 16:52:17 -0700 |
| commit | c0b642e0e81b3c12c52a5f4b2d8f5ae4317e8c36 (patch) | |
| tree | 6aa5db258835cf3c8b4f6bb33222a71f48f7f108 | |
| parent | 8f860f15f6a2435105623b37cfcc894f52c2d571 (diff) | |
more cleanup, spec tests pass
| -rw-r--r-- | manifests/client.pp | 18 | ||||
| -rw-r--r-- | manifests/option.pp | 24 | ||||
| -rw-r--r-- | manifests/server.pp | 27 | ||||
| -rw-r--r-- | spec/defines/openvpn_client_spec.rb | 239 | ||||
| -rw-r--r-- | spec/defines/openvpn_option_spec.rb | 42 | ||||
| -rw-r--r-- | spec/defines/openvpn_server_spec.rb | 188 | ||||
| -rw-r--r-- | templates/client.erb | 2 | ||||
| -rw-r--r-- | templates/server.erb | 2 |
8 files changed, 290 insertions, 252 deletions
diff --git a/manifests/client.pp b/manifests/client.pp index 71b720d..6abef5e 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -2,6 +2,7 @@ define openvpn::client( $server, + $compression = 'comp-lzo', $dev = 'tun', $mute = '20', $mute_replay_warnings = true, @@ -12,7 +13,7 @@ define openvpn::client( $port = '1194', $proto = 'tcp', $remote_host = $::fqdn, - $resolve_retry = 'infinite', + $resolv_retry = 'infinite', $verb = '3', ) { exec { @@ -50,10 +51,17 @@ define openvpn::client( target => "/etc/openvpn/${server}/easy-rsa/keys/ca.crt", require => [ Exec["generate certificate for ${name} in context of ${server}"], File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; + + "/etc/openvpn/${server}/download-configs/${name}/${name}.conf": + owner => root, + group => root, + mode => '0444', + content => template('openvpn/client.erb'), + notify => Exec["tar the thing ${server} with ${name}"]; } concat { - [ "/etc/openvpn/${server}/client-configs/${name}", "/etc/openvpn/${server}/download-configs/${name}/${name}.conf" ]: + "/etc/openvpn/${server}/client-configs/${name}": owner => root, group => root, mode => 644, @@ -63,12 +71,6 @@ define openvpn::client( require => [ File['/etc/openvpn'], File["/etc/openvpn/${server}/download-configs/${name}"] ]; } - concat::fragment { - "openvpn.${server}.client.${name}": - target => "/etc/openvpn/${server}/download-configs/${name}/${name}.conf", - content => "${content}\n"; - } - exec { "tar the thing ${server} with ${name}": cwd => "/etc/openvpn/${server}/download-configs/", diff --git a/manifests/option.pp b/manifests/option.pp deleted file mode 100644 index eb3d5a7..0000000 --- a/manifests/option.pp +++ /dev/null @@ -1,24 +0,0 @@ -# option.pp - -define openvpn::option($key, $server, $value = '', $client = '', $csc = false) { - $content = $value ? { - '' => $key, - default => "${key} ${value}" - } - - if $client == '' { - $path = "/etc/openvpn/${server}.conf" - } else { - if $csc { - $path = "/etc/openvpn/${server}/client-configs/${client}" - } else { - $path = "/etc/openvpn/${server}/download-configs/${client}/${client}.conf" - } - } - - concat::fragment { - "openvpn.${server}.${client}.${name}": - target => $path, - content => "${content}\n"; - } -} diff --git a/manifests/server.pp b/manifests/server.pp index 9355327..ad9351a 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -12,11 +12,11 @@ define openvpn::server( $group = 'nobody', $user = 'nobody', $logfile = "${name}/openvpn.log", - $status-log = "${name}/openvpn-status.log", + $status_log = "${name}/openvpn-status.log", $dev = 'tun0', $local = $::ipaddress_eth0, $ipp = false, - $server = "${network_eth0} ${netmask_eth0}", + $server = "${::network_eth0} ${::netmask_eth0}", $push = [] ) { include openvpn @@ -103,20 +103,13 @@ define openvpn::server( target => '/etc/default/openvpn', order => 10; } - - concat { - "/etc/openvpn/${name}.conf": - owner => root, - group => root, - mode => 644, - warn => true, - require => File['/etc/openvpn'], - notify => Service['openvpn']; - } - - concat::fragment { - "openvpn.${server}.${name}": - target => "/etc/openvpn/${name}.conf", - content => template('openvpn/server.erb') + + file { + "/etc/openvpn/${name}.conf": + owner => root, + group => root, + mode => '0444', + content => template('openvpn/server.erb'), + notify => Service['openvpn']; } } diff --git a/spec/defines/openvpn_client_spec.rb b/spec/defines/openvpn_client_spec.rb index da71d63..143b76f 100644 --- a/spec/defines/openvpn_client_spec.rb +++ b/spec/defines/openvpn_client_spec.rb @@ -23,94 +23,153 @@ describe 'openvpn::client', :type => :define do 'command' => '/bin/rm test_client.tar.gz; tar --exclude=\*.conf.d -chzvf test_client.tar.gz test_client' ) } - it { should contain_openvpn__option('ca test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'ca', - 'value' => 'keys/ca.crt' - )} - it { should contain_openvpn__option('cert test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'cert', - 'value' => 'keys/test_client.crt' - )} - it { should contain_openvpn__option('key test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'key', - 'value' => 'keys/test_client.key' - )} - it { should contain_openvpn__option('client test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'client' - )} - it { should contain_openvpn__option('dev test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'dev', - 'value' => 'tun' - )} - it { should contain_openvpn__option('proto test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'proto', - 'value' => 'tcp' - )} - it { should contain_openvpn__option('remote test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'remote', - 'value' => 'somehost 1194' - )} - it { should contain_openvpn__option('resolv-retry test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'resolv-retry', - 'value' => 'infinite' - )} - it { should contain_openvpn__option('nobind test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'nobind' - )} - it { should contain_openvpn__option('persist-key test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'persist-key' - )} - it { should contain_openvpn__option('persist-tun test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'persist-tun' - )} - it { should contain_openvpn__option('mute-replay-warnings test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'mute-replay-warnings' - )} - it { should contain_openvpn__option('ns-cert-type test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'ns-cert-type', - 'value' => 'server' - )} - it { should contain_openvpn__option('comp-lzo test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'comp-lzo' - )} - it { should contain_openvpn__option('verb test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'verb', - 'value' => '3' - )} - it { should contain_openvpn__option('mute test_server with test_client').with( - 'server' => 'test_server', - 'client' => 'test_client', - 'key' => 'mute', - 'value' => '20' - )} + context "setting the minimum parameters" do + let(:params) { { 'server' => 'test_server' } } + let(:facts) { { :fqdn => 'somehost', :concat_basedir => '/var/lib/puppet/concat' } } + + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^client$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^ca\s+keys\/ca\.crt$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^cert\s+keys\/test_client.crt$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^key\s+keys\/test_client\.key$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^dev\s+tun$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^proto\s+tcp$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^remote\s+somehost\s+1194$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^comp-lzo$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^resolv-retry\s+infinite$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^nobind$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^persist-key$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^persist-tun$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^mute-replay-warnings$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^ns\-cert\-type\s+server$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^verb\s+3$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^mute\s+20$/)} + end + + context "setting all of the parameters" do + let(:params) { { + 'server' => 'test_server', + 'compression' => 'comp-something', + 'dev' => 'tap', + 'mute' => 10, + 'mute_replay_warnings' => false, + 'nobind' => false, + 'ns_cert_type' => 'client', + 'persist_key' => false, + 'persist_tun' => false, + 'port' => '123', + 'proto' => 'udp', + 'remote_host' => 'somewhere', + 'resolv_retry' => '2m', + 'verb' => '1' + } } + let(:facts) { { :fqdn => 'somehost', :concat_basedir => '/var/lib/puppet/concat' } } + + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^client$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^ca\s+keys\/ca\.crt$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^cert\s+keys\/test_client.crt$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^key\s+keys\/test_client\.key$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^dev\s+tap$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^proto\s+udp$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^remote\s+somewhere\s+123$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^comp-something$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^resolv-retry\s+2m$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^ns\-cert\-type\s+client$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^verb\s+1$/)} + it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^mute\s+10$/)} + end + + + + + +# it { should contain_openvpn__option('ca test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'ca', +# 'value' => 'keys/ca.crt' +# )} +# it { should contain_openvpn__option('cert test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'cert', +# 'value' => 'keys/test_client.crt' +# )} +# it { should contain_openvpn__option('key test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'key', +# 'value' => 'keys/test_client.key' +# )} +# it { should contain_openvpn__option('client test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'client' +# )} +# it { should contain_openvpn__option('dev test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'dev', +# 'value' => 'tun' +# )} +# it { should contain_openvpn__option('proto test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'proto', +# 'value' => 'tcp' +# )} +# it { should contain_openvpn__option('remote test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'remote', +# 'value' => 'somehost 1194' +# )} +# it { should contain_openvpn__option('resolv-retry test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'resolv-retry', +# 'value' => 'infinite' +# )} +# it { should contain_openvpn__option('nobind test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'nobind' +# )} +# it { should contain_openvpn__option('persist-key test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'persist-key' +# )} +# it { should contain_openvpn__option('persist-tun test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'persist-tun' +# )} +# it { should contain_openvpn__option('mute-replay-warnings test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'mute-replay-warnings' +# )} +# it { should contain_openvpn__option('ns-cert-type test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'ns-cert-type', +# 'value' => 'server' +# )} +# it { should contain_openvpn__option('comp-lzo test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'comp-lzo' +# )} +# it { should contain_openvpn__option('verb test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'verb', +# 'value' => '3' +# )} +# it { should contain_openvpn__option('mute test_server with test_client').with( +# 'server' => 'test_server', +# 'client' => 'test_client', +# 'key' => 'mute', +# 'value' => '20' +# )} end diff --git a/spec/defines/openvpn_option_spec.rb b/spec/defines/openvpn_option_spec.rb deleted file mode 100644 index a2d1661..0000000 --- a/spec/defines/openvpn_option_spec.rb +++ /dev/null @@ -1,42 +0,0 @@ -require 'spec_helper' - -describe 'openvpn::option', :type => :define do - - let(:title) { 'test_param' } - - context "when key => 'test_key', server => 'test_server'" do - let(:params) { { 'key' => 'test_key', 'server' => 'test_server' } } - - it { should contain_concat__fragment('openvpn.test_server..test_param').with( - 'target' => '/etc/openvpn/test_server.conf', - 'content' => "test_key\n" - ) } - end - - context "when key => 'test_key', value => 'test_value', server => 'test_server'" do - let(:params) { { 'key' => 'test_key', 'value' => 'test_value', 'server' => 'test_server' } } - - it { should contain_concat__fragment('openvpn.test_server..test_param').with( - 'target' => '/etc/openvpn/test_server.conf', - 'content' => "test_key test_value\n" - ) } - end - - context "when key => 'test_key', server => 'test_server', client => 'test_client'" do - let(:params) { { 'key' => 'test_key', 'server' => 'test_server', 'client' => 'test_client' } } - - it { should contain_concat__fragment('openvpn.test_server.test_client.test_param').with( - 'target' => '/etc/openvpn/test_server/download-configs/test_client/test_client.conf', - 'content' => "test_key\n" - ) } - end - - context "when key => 'test_key', server => 'test_server', client => 'test_client', csc => true" do - let(:params) { { 'key' => 'test_key', 'server' => 'test_server', 'client' => 'test_client', 'csc' => 'true' } } - - it { should contain_concat__fragment('openvpn.test_server.test_client.test_param').with( - 'target' => '/etc/openvpn/test_server/client-configs/test_client', - 'content' => "test_key\n" - ) } - end -end diff --git a/spec/defines/openvpn_server_spec.rb b/spec/defines/openvpn_server_spec.rb index 1032302..85dadf2 100644 --- a/spec/defines/openvpn_server_spec.rb +++ b/spec/defines/openvpn_server_spec.rb @@ -3,82 +3,124 @@ require 'spec_helper' describe 'openvpn::server', :type => :define do let(:title) { 'test_server' } - let(:params) { { - 'country' => 'CO', - 'province' => 'ST', - 'city' => 'Some City', - 'organization' => 'example.org', - 'email' => 'testemail@example.org' - } } + + context "creating a server with the minimum parameters" do + let(:params) { { + 'country' => 'CO', + 'province' => 'ST', + 'city' => 'Some City', + 'organization' => 'example.org', + 'email' => 'testemail@example.org' + } } - let (:facts) { { :concat_basedir => '/var/lib/puppet/concat' } } + let (:facts) { { + :ipaddress_eth0 => '1.2.3.4', + :network_eth0 => '1.2.3.0', + :netmask_eth0 => '255.255.255.0', + :concat_basedir => '/var/lib/puppet/concat' + } } - # Files associated with a server config - it { should contain_file('/etc/openvpn/test_server').with('ensure' => 'directory')} - it { should contain_file('/etc/openvpn/test_server/client-configs').with('ensure' => 'directory')} - it { should contain_file('/etc/openvpn/test_server/download-configs').with('ensure' => 'directory')} - it { should contain_file('/etc/openvpn/test_server/easy-rsa/vars')} - it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf')} - it { should contain_file('/etc/openvpn/test_server/keys').with( - 'ensure' => 'link', - 'target' => '/etc/openvpn/test_server/easy-rsa/keys' - )} + # Files associated with a server config + it { should contain_file('/etc/openvpn/test_server').with('ensure' => 'directory')} + it { should contain_file('/etc/openvpn/test_server/client-configs').with('ensure' => 'directory')} + it { should contain_file('/etc/openvpn/test_server/download-configs').with('ensure' => 'directory')} + it { should contain_file('/etc/openvpn/test_server/easy-rsa/vars')} + it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf')} + it { should contain_file('/etc/openvpn/test_server/keys').with( + 'ensure' => 'link', + 'target' => '/etc/openvpn/test_server/easy-rsa/keys' + )} - it { should contain_concat__fragment('openvpn.default.autostart.test_server').with( - 'content' => "AUTOSTART=\"$AUTOSTART test_server\"\n", - 'target' => '/etc/default/openvpn' - )} + # Execs to working with certificates + it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with( + 'command' => '/bin/cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa' + )} + it { should contain_exec('generate dh param test_server') } + it { should contain_exec('initca test_server') } + it { should contain_exec('generate server cert test_server') } + + # Configure to start vpn session + it { should contain_concat__fragment('openvpn.default.autostart.test_server').with( + 'content' => "AUTOSTART=\"$AUTOSTART test_server\"\n", + 'target' => '/etc/default/openvpn' + )} - # Execs to working with certificates - it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with( - 'command' => '/bin/cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa' - )} - it { should contain_exec('generate dh param test_server') } - it { should contain_exec('initca test_server') } - it { should contain_exec('generate server cert test_server') } + # VPN server config file itself + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^mode\s+server$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^client\-config\-dir\s+\/etc\/openvpn\/test_server\/client\-configs$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^ca\s+\/etc\/openvpn\/test_server\/keys\/ca.crt$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^cert\s+\/etc\/openvpn\/test_server\/keys\/server.crt$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^key\s+\/etc\/openvpn\/test_server\/keys\/server.key$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^dh\s+\/etc\/openvpn\/test_server\/keys\/dh1024.pem$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^proto\s+tcp$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^port\s+1194$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^comp-lzo$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^group\s+nobody$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^user\s+nobody$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^log\-append\s+test_server\/openvpn\.log$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^status\s+test_server\/openvpn\-status\.log$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^dev\s+tun0$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^local\s+1\.2\.3\.4$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^server\s+1\.2\.3\.0\s+255\.255\.255\.0$/) } + end - # Options that should be set - it { should contain_openvpn__option('client-config-dir test_server').with( - 'server' => 'test_server', - 'key' => 'client-config-dir', - 'value' => '/etc/openvpn/test_server/client-configs' - )} - it { should contain_openvpn__option('mode test_server').with( - 'server' => 'test_server', - 'key' => 'mode', - 'value' => 'server' - )} - it { should contain_openvpn__option('ca test_server').with( - 'server' => 'test_server', - 'key' => 'ca', - 'value' => '/etc/openvpn/test_server/keys/ca.crt' - )} - it { should contain_openvpn__option('cert test_server').with( - 'server' => 'test_server', - 'key' => 'cert', - 'value' => '/etc/openvpn/test_server/keys/server.crt' - )} - it { should contain_openvpn__option('key test_server').with( - 'server' => 'test_server', - 'key' => 'key', - 'value' => '/etc/openvpn/test_server/keys/server.key' - )} - it { should contain_openvpn__option('dh test_server').with( - 'server' => 'test_server', - 'key' => 'dh', - 'value' => '/etc/openvpn/test_server/keys/dh1024.pem' - )} - it { should contain_openvpn__option('proto test_server').with( - 'server' => 'test_server', - 'key' => 'proto', - 'value' => 'tcp' - )} - it { should contain_openvpn__option('comp-lzo test_server').with( - 'server' => 'test_server', - 'key' => 'comp-lzo' - )} + context "creating a server setting all parameters" do + let(:params) { { + 'country' => 'CO', + 'province' => 'ST', + 'city' => 'Some City', + 'organization' => 'example.org', + 'email' => 'testemail@example.org', + 'compression' => 'fake_compression', + 'port' => '123', + 'proto' => 'udp', + 'group' => 'someone', + 'user' => 'someone', + 'logfile' => '/var/log/openvpn/test_server.log', + 'status_log' => '/var/log/openvpn/test_server_status.log', + 'dev' => 'tun1', + 'local' => '2.3.4.5', + 'ipp' => true, + 'server' => '2.3.4.0 255.255.0.0', + 'push' => [ 'dhcp-option DNS 172.31.0.30', 'route 172.31.0.0 255.255.0.0' ] + } } + + let (:facts) { { + :ipaddress_eth0 => '1.2.3.4', + :network_eth0 => '1.2.3.0', + :netmask_eth0 => '255.255.255.0', + :concat_basedir => '/var/lib/puppet/concat' + } } + + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^mode\s+server$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^client\-config\-dir\s+\/etc\/openvpn\/test_server\/client\-configs$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^ca\s+\/etc\/openvpn\/test_server\/keys\/ca.crt$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^cert\s+\/etc\/openvpn\/test_server\/keys\/server.crt$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^key\s+\/etc\/openvpn\/test_server\/keys\/server.key$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^dh\s+\/etc\/openvpn\/test_server\/keys\/dh1024.pem$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^proto\s+udp$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^port\s+123$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^fake_compression$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^group\s+someone$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^user\s+someone$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^log\-append\s+\/var\/log\/openvpn\/test_server\.log$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^status\s+\/var\/log\/openvpn\/test_server_status\.log$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^dev\s+tun1$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^local\s+2\.3\.4\.5$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^server\s+2\.3\.4\.0\s+255\.255\.0\.0$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^push\s+dhcp-option\s+DNS\s+172\.31\.0\.30$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^push\s+route\s+172\.31\.0\.0\s+255\.255\.0\.0$/) } + end context "when RedHat based machine" do + let(:params) { { + 'country' => 'CO', + 'province' => 'ST', + 'city' => 'Some City', + 'organization' => 'example.org', + 'email' => 'testemail@example.org' + } } + let(:facts) { { :osfamily => 'RedHat', :concat_basedir => '/var/lib/puppet/concat' } } it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf').with( @@ -93,6 +135,14 @@ describe 'openvpn::server', :type => :define do end context "when Debian based machine" do + let(:params) { { + 'country' => 'CO', + 'province' => 'ST', + 'city' => 'Some City', + 'organization' => 'example.org', + 'email' => 'testemail@example.org' + } } + let(:facts) { { :osfamily => 'Debian', :concat_basedir => '/var/lib/puppet/concat' } } it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf').with( diff --git a/templates/client.erb b/templates/client.erb index 3d0649b..c343cd7 100644 --- a/templates/client.erb +++ b/templates/client.erb @@ -19,6 +19,6 @@ persist-tun <% if scope.lookupvar('mute_replay_warnings') %> mute-replay-warnings <% end %> -ns-cert-type <%= scope.lookupvar('ns-cert-type') %> +ns-cert-type <%= scope.lookupvar('ns_cert_type') %> verb <%= scope.lookupvar('verb') %> mute <%= scope.lookupvar('mute') %> diff --git a/templates/server.erb b/templates/server.erb index 7f3d74d..540a786 100644 --- a/templates/server.erb +++ b/templates/server.erb @@ -10,7 +10,7 @@ port <%= scope.lookupvar('port') %> group <%= scope.lookupvar('group') %> user <%= scope.lookupvar('user') %> log-append <%= scope.lookupvar('logfile') %> -status <%= scope.lookupvar('status-log') %> +status <%= scope.lookupvar('status_log') %> dev <%= scope.lookupvar('dev') %> local <%= scope.lookupvar('local') %> <% if scope.lookupvar('ipp') %> |