diff options
author | Raffael Schmid <raffael@yux.ch> | 2013-01-19 15:29:29 +0100 |
---|---|---|
committer | Raffael Schmid <raffael@yux.ch> | 2013-01-19 15:29:29 +0100 |
commit | c769e17c89d1889889c444213ef9a49bda5a041e (patch) | |
tree | f16e67ad320cb1b499bad31a8ed9d73592b4da05 | |
parent | 75d3fd74c83a7c172211c8ea681f527652ef4521 (diff) |
use nogroup on Debian based machines, nobody on RedHat ones
-rw-r--r-- | manifests/init.pp | 1 | ||||
-rw-r--r-- | manifests/params.pp | 8 | ||||
-rw-r--r-- | manifests/server.pp | 19 | ||||
-rw-r--r-- | spec/defines/openvpn_server_spec.rb | 7 | ||||
-rw-r--r-- | templates/server.erb | 2 |
5 files changed, 27 insertions, 10 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 173b9bd..a757873 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -18,6 +18,7 @@ # class openvpn { + class {'openvpn::params': } -> class {'openvpn::install': } -> class {'openvpn::config': } ~> class {'openvpn::service': } -> diff --git a/manifests/params.pp b/manifests/params.pp new file mode 100644 index 0000000..328f2cf --- /dev/null +++ b/manifests/params.pp @@ -0,0 +1,8 @@ +class openvpn::params { + + $group = $::osfamily ? { + 'RedHat' => 'nobody', + default => 'nogroup' + } + +} diff --git a/manifests/server.pp b/manifests/server.pp index 78b3df3..b5f0e63 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -30,9 +30,13 @@ # Default: tun # Options: tun (routed connections), tap (bridged connections) # +# [*user*] +# String. Group to drop privileges to after startup +# Default: nobody +# # [*group*] # String. User to drop privileges to after startup -# Default: nobody +# Default: depends on your $::osfamily # # [*ipp*] # Boolean. Persist ifconfig information to a file to retain client IP @@ -62,10 +66,6 @@ # String. Logfile for periodic dumps of the vpn service status # Default: "${name}/openvpn-status.log" # -# [*user*] -# String. Group to drop privileges to after startup -# Default: nobody -# # [*server*] # String. Network to assign client addresses out of # Default: None. Required in tun mode, not in tap mode @@ -102,7 +102,8 @@ define openvpn::server( $email, $compression = 'comp-lzo', $dev = 'tun0', - $group = 'nobody', + $user = 'nobody', + $group = false, $ipp = false, $ip_pool = [], $local = $::ipaddress_eth0, @@ -110,7 +111,6 @@ define openvpn::server( $port = '1194', $proto = 'tcp', $status_log = "${name}/openvpn-status.log", - $user = 'nobody', $server = '', $push = [] ) { @@ -135,6 +135,11 @@ define openvpn::server( default => false } + $group_to_set = $group ? { + false => $openvpn::params::group, + default => $group + } + file { ["/etc/openvpn/${name}", "/etc/openvpn/${name}/client-configs", "/etc/openvpn/${name}/download-configs" ]: ensure => directory; diff --git a/spec/defines/openvpn_server_spec.rb b/spec/defines/openvpn_server_spec.rb index da50786..3a17bc2 100644 --- a/spec/defines/openvpn_server_spec.rb +++ b/spec/defines/openvpn_server_spec.rb @@ -17,7 +17,8 @@ describe 'openvpn::server', :type => :define do :ipaddress_eth0 => '1.2.3.4', :network_eth0 => '1.2.3.0', :netmask_eth0 => '255.255.255.0', - :concat_basedir => '/var/lib/puppet/concat' + :concat_basedir => '/var/lib/puppet/concat', + :osfamily => 'anything_else' } } # Files associated with a server config @@ -50,7 +51,7 @@ describe 'openvpn::server', :type => :define do it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^tls-server$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^port\s+1194$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^comp-lzo$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^group\s+nobody$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^group\s+nogroup$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^user\s+nobody$/) } it { should_not contain_file('/etc/openvpn/test_server.conf').with_content(/^log\-append\s+test_server\/openvpn\.log$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^status\s+test_server\/openvpn\-status\.log$/) } @@ -127,6 +128,7 @@ describe 'openvpn::server', :type => :define do it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with( 'command' => '/bin/cp -r /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa' )} + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^group\s+nobody$/) } end @@ -156,6 +158,7 @@ describe 'openvpn::server', :type => :define do 'target' => '/etc/default/openvpn' )} + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^group\s+nogroup$/) } end diff --git a/templates/server.erb b/templates/server.erb index 1d1430c..006e56f 100644 --- a/templates/server.erb +++ b/templates/server.erb @@ -12,7 +12,7 @@ tls-server <% if scope.lookupvar('compression') != '' -%> <%= scope.lookupvar('compression') %> <% end -%> -group <%= scope.lookupvar('group') %> +group <%= scope.lookupvar('group_to_set') %> user <%= scope.lookupvar('user') %> <% if scope.lookupvar('logfile') -%> log-append <%= scope.lookupvar('logfile') %> |