1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
# server.pp
define openvpn::server($country, $province, $city, $organization, $email) {
include openvpn
file {
"/etc/openvpn/${name}":
ensure => directory,
require => Package["openvpn"];
}
file {
"/etc/openvpn/${name}/client-configs":
ensure => directory,
require => File["/etc/openvpn/${name}"];
"/etc/openvpn/${name}/download-configs":
ensure => directory,
require => File["/etc/openvpn/${name}"];
}
exec {
"copy easy-rsa to openvpn config folder ${name}":
command => "cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/${name}/easy-rsa",
creates => "/etc/openvpn/${name}/easy-rsa",
require => File["/etc/openvpn/${name}"];
}
file {
"/etc/openvpn/${name}/easy-rsa/vars":
ensure => present,
content => template("openvpn/vars.erb"),
require => Exec["copy easy-rsa to openvpn config folder ${name}"];
}
exec {
"generate dh param ${name}":
command => ". ./vars && ./clean-all && ./build-dh",
cwd => "/etc/openvpn/${name}/easy-rsa",
creates => "/etc/openvpn/${name}/easy-rsa/keys/dh1024.pem",
provider => "shell",
require => File["/etc/openvpn/${name}/easy-rsa/vars"];
"initca ${name}":
command => ". ./vars && ./pkitool --initca",
cwd => "/etc/openvpn/${name}/easy-rsa",
creates => "/etc/openvpn/${name}/easy-rsa/keys/ca.key",
provider => "shell",
require => Exec["generate dh param ${name}"];
"generate server cert ${name}":
command => ". ./vars && ./pkitool --server server",
cwd => "/etc/openvpn/${name}/easy-rsa",
creates => "/etc/openvpn/${name}/easy-rsa/keys/server.key",
provider => "shell",
require => Exec["initca ${name}"];
}
file {
"/etc/openvpn/${name}/keys":
ensure => link,
target => "/etc/openvpn/${name}/easy-rsa/keys",
require => Exec["copy easy-rsa to openvpn config folder ${name}"];
}
openvpn::option {
"ca ${name}":
key => "ca",
value => "/etc/openvpn/${name}/keys/ca.crt",
require => Exec["initca ${name}"],
server => "${name}";
"cert ${name}":
key => "cert",
value => "/etc/openvpn/${name}/keys/server.crt",
require => Exec["generate server cert ${name}"],
server => "${name}";
"key ${name}":
key => "key",
value => "/etc/openvpn/${name}/keys/server.key",
require => Exec["generate server cert ${name}"],
server => "${name}";
"dh ${name}":
key => "dh",
value => "/etc/openvpn/${name}/keys/dh1024.pem",
require => Exec["generate dh param ${name}"],
server => "${name}";
}
concat::fragment {
"openvpn.default.autostart.${name}":
content => "AUTOSTART=\"\$AUTOSTART ${name}\"\n",
target => "/etc/default/openvpn",
order => 10;
}
concat {
"/etc/openvpn/${name}.conf":
owner => root,
group => root,
mode => 644,
warn => true,
require => File["/etc/openvpn"],
notify => Service["openvpn"];
}
}
|
