From 938c06b1c4d6c77f85b05112d7312131eafbd4ec Mon Sep 17 00:00:00 2001 From: Raffael Schmid Date: Fri, 10 Feb 2012 16:32:16 +0100 Subject: ready for 2.7 module structure --- manifests/classes/openvpn.pp | 32 ---------- manifests/client.pp | 130 ++++++++++++++++++++++++++++++++++++++++ manifests/definitions/client.pp | 130 ---------------------------------------- manifests/definitions/option.pp | 31 ---------- manifests/definitions/push.pp | 18 ------ manifests/definitions/route.pp | 12 ---- manifests/definitions/server.pp | 92 ---------------------------- manifests/init.pp | 34 ++++++++++- manifests/option.pp | 31 ++++++++++ manifests/push.pp | 18 ++++++ manifests/route.pp | 12 ++++ manifests/server.pp | 92 ++++++++++++++++++++++++++++ 12 files changed, 314 insertions(+), 318 deletions(-) delete mode 100644 manifests/classes/openvpn.pp create mode 100644 manifests/client.pp delete mode 100644 manifests/definitions/client.pp delete mode 100644 manifests/definitions/option.pp delete mode 100644 manifests/definitions/push.pp delete mode 100644 manifests/definitions/route.pp delete mode 100644 manifests/definitions/server.pp create mode 100644 manifests/option.pp create mode 100644 manifests/push.pp create mode 100644 manifests/route.pp create mode 100644 manifests/server.pp diff --git a/manifests/classes/openvpn.pp b/manifests/classes/openvpn.pp deleted file mode 100644 index 55dac85..0000000 --- a/manifests/classes/openvpn.pp +++ /dev/null @@ -1,32 +0,0 @@ -# openvpn.pp - -class openvpn { - package { - "openvpn": - ensure => installed; - } - service { - "openvpn": - ensure => running, - hasrestart => true, - hasstatus => true, - require => Exec["/etc/default/openvpn concatenation"]; - } - file { - "/etc/openvpn": - ensure => directory, - require => Package["openvpn"]; - } - file { - "/etc/openvpn/keys": - ensure => directory, - require => File["/etc/openvpn"]; - } - common::concatfilepart { - "00-etc-default-openvpn header": - ensure => present, - content => template("openvpn/etc-default-openvpn.erb"), - notify => Service["openvpn"], - file => "/etc/default/openvpn"; - } -} diff --git a/manifests/client.pp b/manifests/client.pp new file mode 100644 index 0000000..620d374 --- /dev/null +++ b/manifests/client.pp @@ -0,0 +1,130 @@ +# client.pp + +define openvpn::client($server, $remote_host = $fqdn) { + exec { + "generate certificate for ${name} in context of ${server}": + command => ". ./vars && ./pkitool ${name}", + cwd => "/etc/openvpn/${server}/easy-rsa", + creates => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt", + provider => "shell", + require => Exec["generate server cert ${server}"]; + } + + file { + "/etc/openvpn/${server}/download-configs/${name}": + ensure => directory, + require => File["/etc/openvpn/${server}/download-configs"]; + + "/etc/openvpn/${server}/download-configs/${name}/keys": + ensure => directory, + require => File["/etc/openvpn/${server}/download-configs/${name}"]; + + "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt": + ensure => link, + target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt", + require => [ Exec["generate certificate for ${name} in context of ${server}"], + File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; + + "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key": + ensure => link, + target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.key", + require => [ Exec["generate certificate for ${name} in context of ${server}"], + File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; + + "/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt": + ensure => link, + target => "/etc/openvpn/${server}/easy-rsa/keys/ca.crt", + require => [ Exec["generate certificate for ${name} in context of ${server}"], + File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; + } + + + openvpn::option { + "ca ${server} with ${name}": + key => "ca", + value => "keys/ca.crt", + client => $name, + server => $server; + "cert ${server} with ${name}": + key => "cert", + value => "keys/${name}.crt", + client => $name, + server => $server; + "key ${server} with ${name}": + key => "key", + value => "keys/${name}.key", + client => $name, + server => $server; + "client ${server} with ${name}": + key => "client", + client => $name, + server => $server; + "dev ${server} with ${name}": + key => "dev", + value => "tun", + client => $name, + server => $server; + "proto ${server} with ${name}": + key => "proto", + value => "tcp", + client => $name, + server => $server; + "remote ${server} with ${name}": + key => "remote", + value => "${remote_host} 1194", + client => $name, + server => $server; + "resolv-retry ${server} with ${name}": + key => "resolv-retry", + value => "infinite", + client => $name, + server => $server; + "nobind ${server} with ${name}": + key => "nobind", + client => $name, + server => $server; + "persist-key ${server} with ${name}": + key => "persist-key", + client => $name, + server => $server; + "persist-tun ${server} with ${name}": + key => "persist-tun", + client => $name, + server => $server; + "mute-replay-warnings ${server} with ${name}": + key => "mute-replay-warnings", + client => $name, + server => $server; + "ns-cert-type ${server} with ${name}": + key => "ns-cert-type", + value => "server", + client => $name, + server => $server; + "comp-lzo ${server} with ${name}": + key => "comp-lzo", + client => $name, + server => $server; + "verb ${server} with ${name}": + key => "verb", + value => "3", + client => $name, + server => $server; + "mute ${server} with ${name}": + key => "mute", + value => "20", + client => $name, + server => $server; + } + + exec { + "tar the thing ${server} with ${name}": + cwd => "/etc/openvpn/${server}/download-configs/", + command => "rm ${name}.tar.gz; tar --exclude=\\*.conf.d -chzvf ${name}.tar.gz ${name}", + refreshonly => true, + subscribe => Exec["/etc/openvpn/${server}/download-configs/${name}/${name}.conf concatenation"], + require => [ File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"], + File["/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt"], + File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"], + File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] ]; + } +} diff --git a/manifests/definitions/client.pp b/manifests/definitions/client.pp deleted file mode 100644 index 620d374..0000000 --- a/manifests/definitions/client.pp +++ /dev/null @@ -1,130 +0,0 @@ -# client.pp - -define openvpn::client($server, $remote_host = $fqdn) { - exec { - "generate certificate for ${name} in context of ${server}": - command => ". ./vars && ./pkitool ${name}", - cwd => "/etc/openvpn/${server}/easy-rsa", - creates => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt", - provider => "shell", - require => Exec["generate server cert ${server}"]; - } - - file { - "/etc/openvpn/${server}/download-configs/${name}": - ensure => directory, - require => File["/etc/openvpn/${server}/download-configs"]; - - "/etc/openvpn/${server}/download-configs/${name}/keys": - ensure => directory, - require => File["/etc/openvpn/${server}/download-configs/${name}"]; - - "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt": - ensure => link, - target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt", - require => [ Exec["generate certificate for ${name} in context of ${server}"], - File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; - - "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key": - ensure => link, - target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.key", - require => [ Exec["generate certificate for ${name} in context of ${server}"], - File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; - - "/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt": - ensure => link, - target => "/etc/openvpn/${server}/easy-rsa/keys/ca.crt", - require => [ Exec["generate certificate for ${name} in context of ${server}"], - File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; - } - - - openvpn::option { - "ca ${server} with ${name}": - key => "ca", - value => "keys/ca.crt", - client => $name, - server => $server; - "cert ${server} with ${name}": - key => "cert", - value => "keys/${name}.crt", - client => $name, - server => $server; - "key ${server} with ${name}": - key => "key", - value => "keys/${name}.key", - client => $name, - server => $server; - "client ${server} with ${name}": - key => "client", - client => $name, - server => $server; - "dev ${server} with ${name}": - key => "dev", - value => "tun", - client => $name, - server => $server; - "proto ${server} with ${name}": - key => "proto", - value => "tcp", - client => $name, - server => $server; - "remote ${server} with ${name}": - key => "remote", - value => "${remote_host} 1194", - client => $name, - server => $server; - "resolv-retry ${server} with ${name}": - key => "resolv-retry", - value => "infinite", - client => $name, - server => $server; - "nobind ${server} with ${name}": - key => "nobind", - client => $name, - server => $server; - "persist-key ${server} with ${name}": - key => "persist-key", - client => $name, - server => $server; - "persist-tun ${server} with ${name}": - key => "persist-tun", - client => $name, - server => $server; - "mute-replay-warnings ${server} with ${name}": - key => "mute-replay-warnings", - client => $name, - server => $server; - "ns-cert-type ${server} with ${name}": - key => "ns-cert-type", - value => "server", - client => $name, - server => $server; - "comp-lzo ${server} with ${name}": - key => "comp-lzo", - client => $name, - server => $server; - "verb ${server} with ${name}": - key => "verb", - value => "3", - client => $name, - server => $server; - "mute ${server} with ${name}": - key => "mute", - value => "20", - client => $name, - server => $server; - } - - exec { - "tar the thing ${server} with ${name}": - cwd => "/etc/openvpn/${server}/download-configs/", - command => "rm ${name}.tar.gz; tar --exclude=\\*.conf.d -chzvf ${name}.tar.gz ${name}", - refreshonly => true, - subscribe => Exec["/etc/openvpn/${server}/download-configs/${name}/${name}.conf concatenation"], - require => [ File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"], - File["/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt"], - File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"], - File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] ]; - } -} diff --git a/manifests/definitions/option.pp b/manifests/definitions/option.pp deleted file mode 100644 index 8c2a7a2..0000000 --- a/manifests/definitions/option.pp +++ /dev/null @@ -1,31 +0,0 @@ -# option.pp - -define openvpn::option($ensure = present, $key, $value = "", $server, $client = "", $csc = false) { - $content = $value ? { - "" => "${key}", - default => "${key} ${value}" - } - - if $client == "" { - $path = "/etc/openvpn/${server}.conf" - $req = File["/etc/openvpn"] - $notify = Service["openvpn"] - } else { - if $csc { - $path = "/etc/openvpn/${server}/client-configs/${client}" - } else { - $path = "/etc/openvpn/${server}/download-configs/${client}/${client}.conf" - } - $req = [ File["/etc/openvpn"], File["/etc/openvpn/${server}/download-configs/${client}"] ] - $notify = undef - } - - common::concatfilepart { - "${name}": - ensure => $ensure, - file => $path, - content => "${content}\n", - notify => $notify, - require => $req; - } -} diff --git a/manifests/definitions/push.pp b/manifests/definitions/push.pp deleted file mode 100644 index e799b04..0000000 --- a/manifests/definitions/push.pp +++ /dev/null @@ -1,18 +0,0 @@ -## push.pp -# -#define openvpn::push($network, $netmask, $server, $gateway = "undefined") { -# -# $gw = $gateway ? { -# "undefined" => "", -# default => " ${gateway}" -# } -# -# common::concatfilepart { -# "push ${name}": -# ensure => $ensure, -# file => "/etc/openvpn/${server}.conf", -# content => "push \"route ${network} ${netmask}${gw}\"\n", -# notify => Service["openvpn"], -# require => Package["openvpn"]; -# } -#} diff --git a/manifests/definitions/route.pp b/manifests/definitions/route.pp deleted file mode 100644 index 00d955a..0000000 --- a/manifests/definitions/route.pp +++ /dev/null @@ -1,12 +0,0 @@ -## route.pp -# -#define openvpn::route($network, $netmask, $server, $gateway) { -# common::concatfilepart { -# "route ${name}": -# ensure => $ensure, -# file => "/etc/openvpn/${server}.conf", -# content => "route ${network} ${netmask} ${gateway}\n", -# notify => Service["openvpn"], -# require => Package["openvpn"]; -# } -#} diff --git a/manifests/definitions/server.pp b/manifests/definitions/server.pp deleted file mode 100644 index 2bf2f64..0000000 --- a/manifests/definitions/server.pp +++ /dev/null @@ -1,92 +0,0 @@ -# server.pp - -define openvpn::server($country, $province, $city, $organization, $email) { - include openvpn - - file { - "/etc/openvpn/${name}": - ensure => directory, - require => Package["openvpn"]; - } - file { - "/etc/openvpn/${name}/client-configs": - ensure => directory, - require => File["/etc/openvpn/${name}"]; - "/etc/openvpn/${name}/download-configs": - ensure => directory, - require => File["/etc/openvpn/${name}"]; - } - - exec { - "copy easy-rsa to openvpn config folder ${name}": - command => "cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/${name}/easy-rsa", - creates => "/etc/openvpn/${name}/easy-rsa", - require => File["/etc/openvpn/${name}"]; - } - file { - "/etc/openvpn/${name}/easy-rsa/vars": - ensure => present, - content => template("openvpn/vars.erb"), - require => Exec["copy easy-rsa to openvpn config folder ${name}"]; - } - - exec { - "generate dh param ${name}": - command => ". ./vars && ./clean-all && ./build-dh", - cwd => "/etc/openvpn/${name}/easy-rsa", - creates => "/etc/openvpn/${name}/easy-rsa/keys/dh1024.pem", - provider => "shell", - require => File["/etc/openvpn/${name}/easy-rsa/vars"]; - - "initca ${name}": - command => ". ./vars && ./pkitool --initca", - cwd => "/etc/openvpn/${name}/easy-rsa", - creates => "/etc/openvpn/${name}/easy-rsa/keys/ca.key", - provider => "shell", - require => Exec["generate dh param ${name}"]; - - "generate server cert ${name}": - command => ". ./vars && ./pkitool --server server", - cwd => "/etc/openvpn/${name}/easy-rsa", - creates => "/etc/openvpn/${name}/easy-rsa/keys/server.key", - provider => "shell", - require => Exec["initca ${name}"]; - } - - file { - "/etc/openvpn/${name}/keys": - ensure => link, - target => "/etc/openvpn/${name}/easy-rsa/keys", - require => Exec["copy easy-rsa to openvpn config folder ${name}"]; - } - - openvpn::option { - "ca ${name}": - key => "ca", - value => "/etc/openvpn/${name}/keys/ca.crt", - require => Exec["initca ${name}"], - server => "${name}"; - "cert ${name}": - key => "cert", - value => "/etc/openvpn/${name}/keys/server.crt", - require => Exec["generate server cert ${name}"], - server => "${name}"; - "key ${name}": - key => "key", - value => "/etc/openvpn/${name}/keys/server.key", - require => Exec["generate server cert ${name}"], - server => "${name}"; - "dh ${name}": - key => "dh", - value => "/etc/openvpn/${name}/keys/dh1024.pem", - require => Exec["generate dh param ${name}"], - server => "${name}"; - } - - common::concatfilepart { - "etc-default-openvpn autostart for ${name}": - ensure => present, - content => "AUTOSTART=\"\$AUTOSTART ${name}\"\n", - file => "/etc/default/openvpn"; - } -} diff --git a/manifests/init.pp b/manifests/init.pp index bab81f2..55dac85 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,4 +1,32 @@ -# init.pp +# openvpn.pp -import "classes/*.pp" -import "definitions/*.pp" +class openvpn { + package { + "openvpn": + ensure => installed; + } + service { + "openvpn": + ensure => running, + hasrestart => true, + hasstatus => true, + require => Exec["/etc/default/openvpn concatenation"]; + } + file { + "/etc/openvpn": + ensure => directory, + require => Package["openvpn"]; + } + file { + "/etc/openvpn/keys": + ensure => directory, + require => File["/etc/openvpn"]; + } + common::concatfilepart { + "00-etc-default-openvpn header": + ensure => present, + content => template("openvpn/etc-default-openvpn.erb"), + notify => Service["openvpn"], + file => "/etc/default/openvpn"; + } +} diff --git a/manifests/option.pp b/manifests/option.pp new file mode 100644 index 0000000..8c2a7a2 --- /dev/null +++ b/manifests/option.pp @@ -0,0 +1,31 @@ +# option.pp + +define openvpn::option($ensure = present, $key, $value = "", $server, $client = "", $csc = false) { + $content = $value ? { + "" => "${key}", + default => "${key} ${value}" + } + + if $client == "" { + $path = "/etc/openvpn/${server}.conf" + $req = File["/etc/openvpn"] + $notify = Service["openvpn"] + } else { + if $csc { + $path = "/etc/openvpn/${server}/client-configs/${client}" + } else { + $path = "/etc/openvpn/${server}/download-configs/${client}/${client}.conf" + } + $req = [ File["/etc/openvpn"], File["/etc/openvpn/${server}/download-configs/${client}"] ] + $notify = undef + } + + common::concatfilepart { + "${name}": + ensure => $ensure, + file => $path, + content => "${content}\n", + notify => $notify, + require => $req; + } +} diff --git a/manifests/push.pp b/manifests/push.pp new file mode 100644 index 0000000..e799b04 --- /dev/null +++ b/manifests/push.pp @@ -0,0 +1,18 @@ +## push.pp +# +#define openvpn::push($network, $netmask, $server, $gateway = "undefined") { +# +# $gw = $gateway ? { +# "undefined" => "", +# default => " ${gateway}" +# } +# +# common::concatfilepart { +# "push ${name}": +# ensure => $ensure, +# file => "/etc/openvpn/${server}.conf", +# content => "push \"route ${network} ${netmask}${gw}\"\n", +# notify => Service["openvpn"], +# require => Package["openvpn"]; +# } +#} diff --git a/manifests/route.pp b/manifests/route.pp new file mode 100644 index 0000000..00d955a --- /dev/null +++ b/manifests/route.pp @@ -0,0 +1,12 @@ +## route.pp +# +#define openvpn::route($network, $netmask, $server, $gateway) { +# common::concatfilepart { +# "route ${name}": +# ensure => $ensure, +# file => "/etc/openvpn/${server}.conf", +# content => "route ${network} ${netmask} ${gateway}\n", +# notify => Service["openvpn"], +# require => Package["openvpn"]; +# } +#} diff --git a/manifests/server.pp b/manifests/server.pp new file mode 100644 index 0000000..2bf2f64 --- /dev/null +++ b/manifests/server.pp @@ -0,0 +1,92 @@ +# server.pp + +define openvpn::server($country, $province, $city, $organization, $email) { + include openvpn + + file { + "/etc/openvpn/${name}": + ensure => directory, + require => Package["openvpn"]; + } + file { + "/etc/openvpn/${name}/client-configs": + ensure => directory, + require => File["/etc/openvpn/${name}"]; + "/etc/openvpn/${name}/download-configs": + ensure => directory, + require => File["/etc/openvpn/${name}"]; + } + + exec { + "copy easy-rsa to openvpn config folder ${name}": + command => "cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/${name}/easy-rsa", + creates => "/etc/openvpn/${name}/easy-rsa", + require => File["/etc/openvpn/${name}"]; + } + file { + "/etc/openvpn/${name}/easy-rsa/vars": + ensure => present, + content => template("openvpn/vars.erb"), + require => Exec["copy easy-rsa to openvpn config folder ${name}"]; + } + + exec { + "generate dh param ${name}": + command => ". ./vars && ./clean-all && ./build-dh", + cwd => "/etc/openvpn/${name}/easy-rsa", + creates => "/etc/openvpn/${name}/easy-rsa/keys/dh1024.pem", + provider => "shell", + require => File["/etc/openvpn/${name}/easy-rsa/vars"]; + + "initca ${name}": + command => ". ./vars && ./pkitool --initca", + cwd => "/etc/openvpn/${name}/easy-rsa", + creates => "/etc/openvpn/${name}/easy-rsa/keys/ca.key", + provider => "shell", + require => Exec["generate dh param ${name}"]; + + "generate server cert ${name}": + command => ". ./vars && ./pkitool --server server", + cwd => "/etc/openvpn/${name}/easy-rsa", + creates => "/etc/openvpn/${name}/easy-rsa/keys/server.key", + provider => "shell", + require => Exec["initca ${name}"]; + } + + file { + "/etc/openvpn/${name}/keys": + ensure => link, + target => "/etc/openvpn/${name}/easy-rsa/keys", + require => Exec["copy easy-rsa to openvpn config folder ${name}"]; + } + + openvpn::option { + "ca ${name}": + key => "ca", + value => "/etc/openvpn/${name}/keys/ca.crt", + require => Exec["initca ${name}"], + server => "${name}"; + "cert ${name}": + key => "cert", + value => "/etc/openvpn/${name}/keys/server.crt", + require => Exec["generate server cert ${name}"], + server => "${name}"; + "key ${name}": + key => "key", + value => "/etc/openvpn/${name}/keys/server.key", + require => Exec["generate server cert ${name}"], + server => "${name}"; + "dh ${name}": + key => "dh", + value => "/etc/openvpn/${name}/keys/dh1024.pem", + require => Exec["generate dh param ${name}"], + server => "${name}"; + } + + common::concatfilepart { + "etc-default-openvpn autostart for ${name}": + ensure => present, + content => "AUTOSTART=\"\$AUTOSTART ${name}\"\n", + file => "/etc/default/openvpn"; + } +} -- cgit v1.2.3