diff options
| author | Raffael Schmid <raffael@yux.ch> | 2012-12-29 07:11:51 -0800 |
|---|---|---|
| committer | Raffael Schmid <raffael@yux.ch> | 2012-12-29 07:11:51 -0800 |
| commit | 1052248662a3e2f54d21bfd529060e6ffb3594ac (patch) | |
| tree | 6fcbc06272a58e85bd4a607247211c169afcfa30 | |
| parent | 25f1fe8d813f6128068d890a40f5e24be78fb47c (diff) | |
| parent | 5754d3c5a10afbc7e3242299088bb3e1978cf7c7 (diff) | |
Merge pull request #4 from jlambert121/openvpn2.2.2
puppet-lint fixes and Openvpn2.2.2
| -rw-r--r-- | manifests/client.pp | 82 | ||||
| -rw-r--r-- | manifests/init.pp | 24 | ||||
| -rw-r--r-- | manifests/option.pp | 6 | ||||
| -rw-r--r-- | manifests/server.pp | 73 |
4 files changed, 98 insertions, 87 deletions
diff --git a/manifests/client.pp b/manifests/client.pp index fd94796..7927000 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -6,7 +6,7 @@ define openvpn::client($server, $remote_host = $fqdn) { command => ". ./vars && ./pkitool ${name}", cwd => "/etc/openvpn/${server}/easy-rsa", creates => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt", - provider => "shell", + provider => 'shell', require => Exec["generate server cert ${server}"]; } @@ -20,98 +20,98 @@ define openvpn::client($server, $remote_host = $fqdn) { require => File["/etc/openvpn/${server}/download-configs/${name}"]; "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt": - ensure => link, - target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt", - require => [ Exec["generate certificate for ${name} in context of ${server}"], - File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; + ensure => link, + target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt", + require => [ Exec["generate certificate for ${name} in context of ${server}"], + File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key": - ensure => link, - target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.key", - require => [ Exec["generate certificate for ${name} in context of ${server}"], - File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; + ensure => link, + target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.key", + require => [ Exec["generate certificate for ${name} in context of ${server}"], + File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; "/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt": - ensure => link, - target => "/etc/openvpn/${server}/easy-rsa/keys/ca.crt", - require => [ Exec["generate certificate for ${name} in context of ${server}"], - File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; + ensure => link, + target => "/etc/openvpn/${server}/easy-rsa/keys/ca.crt", + require => [ Exec["generate certificate for ${name} in context of ${server}"], + File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; } openvpn::option { "ca ${server} with ${name}": - key => "ca", - value => "keys/ca.crt", + key => 'ca', + value => 'keys/ca.crt', client => $name, server => $server; "cert ${server} with ${name}": - key => "cert", + key => 'cert', value => "keys/${name}.crt", client => $name, server => $server; "key ${server} with ${name}": - key => "key", + key => 'key', value => "keys/${name}.key", client => $name, server => $server; "client ${server} with ${name}": - key => "client", + key => 'client', client => $name, server => $server; "dev ${server} with ${name}": - key => "dev", - value => "tun", + key => 'dev', + value => 'tun', client => $name, server => $server; "proto ${server} with ${name}": - key => "proto", - value => "tcp", + key => 'proto', + value => 'tcp', client => $name, server => $server; "remote ${server} with ${name}": - key => "remote", + key => 'remote', value => "${remote_host} 1194", client => $name, server => $server; "resolv-retry ${server} with ${name}": - key => "resolv-retry", - value => "infinite", + key => 'resolv-retry', + value => 'infinite', client => $name, server => $server; "nobind ${server} with ${name}": - key => "nobind", + key => 'nobind', client => $name, server => $server; "persist-key ${server} with ${name}": - key => "persist-key", + key => 'persist-key', client => $name, server => $server; "persist-tun ${server} with ${name}": - key => "persist-tun", + key => 'persist-tun', client => $name, server => $server; "mute-replay-warnings ${server} with ${name}": - key => "mute-replay-warnings", + key => 'mute-replay-warnings', client => $name, server => $server; "ns-cert-type ${server} with ${name}": - key => "ns-cert-type", - value => "server", + key => 'ns-cert-type', + value => 'server', client => $name, server => $server; "comp-lzo ${server} with ${name}": - key => "comp-lzo", + key => 'comp-lzo', client => $name, server => $server; "verb ${server} with ${name}": - key => "verb", - value => "3", + key => 'verb', + value => '3', client => $name, server => $server; "mute ${server} with ${name}": - key => "mute", - value => "20", + key => 'mute', + value => '20', client => $name, server => $server; } @@ -121,10 +121,10 @@ define openvpn::client($server, $remote_host = $fqdn) { cwd => "/etc/openvpn/${server}/download-configs/", command => "/bin/rm ${name}.tar.gz; tar --exclude=\\*.conf.d -chzvf ${name}.tar.gz ${name}", refreshonly => true, - require => [ File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"], - File["/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt"], - File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"], - File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] ]; + require => [ File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"], + File["/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt"], + File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"], + File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] ]; } @@ -136,7 +136,7 @@ define openvpn::client($server, $remote_host = $fqdn) { warn => true, force => true, notify => Exec["tar the thing ${server} with ${name}"], - require => [ File["/etc/openvpn"], File["/etc/openvpn/${server}/download-configs/${name}"] ]; + require => [ File['/etc/openvpn'], File["/etc/openvpn/${server}/download-configs/${name}"] ]; } } diff --git a/manifests/init.pp b/manifests/init.pp index 7e7fe32..6fd4510 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -2,42 +2,42 @@ class openvpn { package { - "openvpn": + 'openvpn': ensure => installed; } service { - "openvpn": + 'openvpn': ensure => running, hasrestart => true, hasstatus => true, - require => Exec["concat_/etc/default/openvpn"]; + require => Exec['concat_/etc/default/openvpn']; } file { - "/etc/openvpn": + '/etc/openvpn': ensure => directory, - require => Package["openvpn"]; + require => Package['openvpn']; } file { - "/etc/openvpn/keys": + '/etc/openvpn/keys': ensure => directory, - require => File["/etc/openvpn"]; + require => File['/etc/openvpn']; } include concat::setup concat { - "/etc/default/openvpn": + '/etc/default/openvpn': owner => root, group => root, mode => 644, warn => true, - notify => Service["openvpn"]; + notify => Service['openvpn']; } concat::fragment { - "openvpn.default.header": - content => template("openvpn/etc-default-openvpn.erb"), - target => "/etc/default/openvpn", + 'openvpn.default.header': + content => template('openvpn/etc-default-openvpn.erb'), + target => '/etc/default/openvpn', order => 01; } diff --git a/manifests/option.pp b/manifests/option.pp index 5cadb31..eb3d5a7 100644 --- a/manifests/option.pp +++ b/manifests/option.pp @@ -1,12 +1,12 @@ # option.pp -define openvpn::option($key, $value = "", $server, $client = "", $csc = false) { +define openvpn::option($key, $server, $value = '', $client = '', $csc = false) { $content = $value ? { - "" => "${key}", + '' => $key, default => "${key} ${value}" } - if $client == "" { + if $client == '' { $path = "/etc/openvpn/${server}.conf" } else { if $csc { diff --git a/manifests/server.pp b/manifests/server.pp index ec2fde9..bfcaad8 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -3,20 +3,20 @@ define openvpn::server($country, $province, $city, $organization, $email) { include openvpn - $easyrsa_source = $operatingsystem ? { - 'centos' => '/usr/share/doc/openvpn-2.2.0/easy-rsa/2.0', - default => '/usr/share/doc/openvpn/examples/easy-rsa/2.0' + $easyrsa_source = $::osfamily ? { + 'RedHat' => '/usr/share/doc/openvpn-2.2.2/easy-rsa/2.0', + default => '/usr/share/doc/openvpn/examples/easy-rsa/2.0' } - $link_openssl_cnf = $lsbdistcodename ? { - 'precise' => true, - default => false + $link_openssl_cnf = $::osfamily ? { + /(Debian|RedHat)/ => true, + default => false } file { "/etc/openvpn/${name}": ensure => directory, - require => Package["openvpn"]; + require => Package['openvpn']; } file { "/etc/openvpn/${name}/client-configs": @@ -34,27 +34,27 @@ define openvpn::server($country, $province, $city, $organization, $email) { server => $name, require => File["/etc/openvpn/${name}"]; "mode ${name}": - key => 'mode', - value => 'server', - server => $name; + key => 'mode', + value => 'server', + server => $name; } exec { "copy easy-rsa to openvpn config folder ${name}": command => "/bin/cp -r ${easyrsa_source} /etc/openvpn/${name}/easy-rsa", creates => "/etc/openvpn/${name}/easy-rsa", - notify => Exec["fix_easyrsa_file_permissions"], + notify => Exec['fix_easyrsa_file_permissions'], require => File["/etc/openvpn/${name}"]; } exec { - "fix_easyrsa_file_permissions": - refreshonly => "true", + 'fix_easyrsa_file_permissions': + refreshonly => true, command => "/bin/chmod 755 /etc/openvpn/${name}/easy-rsa/*"; } file { "/etc/openvpn/${name}/easy-rsa/vars": ensure => present, - content => template("openvpn/vars.erb"), + content => template('openvpn/vars.erb'), require => Exec["copy easy-rsa to openvpn config folder ${name}"]; } @@ -71,24 +71,24 @@ define openvpn::server($country, $province, $city, $organization, $email) { exec { "generate dh param ${name}": - command => ". ./vars && ./clean-all && ./build-dh", + command => '. ./vars && ./clean-all && ./build-dh', cwd => "/etc/openvpn/${name}/easy-rsa", creates => "/etc/openvpn/${name}/easy-rsa/keys/dh1024.pem", - provider => "shell", + provider => 'shell', require => File["/etc/openvpn/${name}/easy-rsa/vars"]; "initca ${name}": - command => ". ./vars && ./pkitool --initca", + command => '. ./vars && ./pkitool --initca', cwd => "/etc/openvpn/${name}/easy-rsa", creates => "/etc/openvpn/${name}/easy-rsa/keys/ca.key", - provider => "shell", + provider => 'shell', require => [ Exec["generate dh param ${name}"], File["/etc/openvpn/${name}/easy-rsa/openssl.cnf"] ]; "generate server cert ${name}": - command => ". ./vars && ./pkitool --server server", + command => '. ./vars && ./pkitool --server server', cwd => "/etc/openvpn/${name}/easy-rsa", creates => "/etc/openvpn/${name}/easy-rsa/keys/server.key", - provider => "shell", + provider => 'shell', require => Exec["initca ${name}"]; } @@ -101,31 +101,42 @@ define openvpn::server($country, $province, $city, $organization, $email) { openvpn::option { "ca ${name}": - key => "ca", + key => 'ca', value => "/etc/openvpn/${name}/keys/ca.crt", require => Exec["initca ${name}"], - server => "${name}"; + server => $name; "cert ${name}": - key => "cert", + key => 'cert', value => "/etc/openvpn/${name}/keys/server.crt", require => Exec["generate server cert ${name}"], - server => "${name}"; + server => $name; "key ${name}": - key => "key", + key => 'key', value => "/etc/openvpn/${name}/keys/server.key", require => Exec["generate server cert ${name}"], - server => "${name}"; + server => $name; "dh ${name}": - key => "dh", + key => 'dh', value => "/etc/openvpn/${name}/keys/dh1024.pem", require => Exec["generate dh param ${name}"], - server => "${name}"; + server => $name; + + "proto ${name}": + key => 'proto', + value => 'tcp', + require => Exec["generate dh param ${name}"], + server => $name; + + "comp-lzo ${name}": + key => 'comp-lzo', + require => Exec["generate dh param ${name}"], + server => $name; } concat::fragment { "openvpn.default.autostart.${name}": content => "AUTOSTART=\"\$AUTOSTART ${name}\"\n", - target => "/etc/default/openvpn", + target => '/etc/default/openvpn', order => 10; } @@ -135,8 +146,8 @@ define openvpn::server($country, $province, $city, $organization, $email) { group => root, mode => 644, warn => true, - require => File["/etc/openvpn"], - notify => Service["openvpn"]; + require => File['/etc/openvpn'], + notify => Service['openvpn']; } } |