From 8d5c319af81844c8b01bc83a5ac312c2bf6241b2 Mon Sep 17 00:00:00 2001 From: Alexandru Barbur Date: Fri, 23 May 2014 01:22:48 +0000 Subject: [PATCH 1/4] Add an option for a shutdown script. --- manifests/server.pp | 3 +++ templates/server.erb | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/manifests/server.pp b/manifests/server.pp index 47959fa7..85b4c2cb 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -136,6 +136,9 @@ # [*up*] # String, Script which we want to run when openvpn server starts # +# [*down*] +# String, Script which we want to run when openvpn server stops +# # [*username_as_common_name*] # Boolean. If true then set username-as-common-name # Default: false diff --git a/templates/server.erb b/templates/server.erb index 72608f7c..6f0a8927 100644 --- a/templates/server.erb +++ b/templates/server.erb @@ -78,10 +78,15 @@ plugin /usr/lib/openvpn/openvpn-auth-pam.so login <% if scope.lookupvar('management') -%> management <%= scope.lookupvar('management_ip') %> <%= scope.lookupvar('management_port') %> <% end -%> -<% if scope.lookupvar('up') != ''-%> +<% if scope.lookupvar('up') != '' or scope.lookupvar('down') != ''-%> script-security 2 +<% end -%> +<% if scope.lookupvar('up') != '' -%> up <%= scope.lookupvar('up') %> <% end -%> +<% if scope.lookupvar('down') != '' -%> +down <%= scope.lookupvar('down') %> +<% end -%> <% if scope.lookupvar('username_as_common_name') -%> username-as-common-name <% end -%> From dc07dbdeedcce78063dd419a9bc813c62992db86 Mon Sep 17 00:00:00 2001 From: Alexandru Barbur Date: Fri, 23 May 2014 01:35:21 +0000 Subject: [PATCH 2/4] Whoops, include the parameter in the openvpn::server class definition. --- manifests/server.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/server.pp b/manifests/server.pp index 85b4c2cb..bd7039ba 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -308,6 +308,7 @@ $management_ip = 'localhost', $management_port = 7505, $up = '', + $down = '', $username_as_common_name = false, $ldap_enabled = false, $ldap_server = '', From 97725ab452471c188570aea4458308b742a388e7 Mon Sep 17 00:00:00 2001 From: Alexandru Barbur Date: Fri, 23 May 2014 01:38:48 +0000 Subject: [PATCH 3/4] Enclose the 'up' and 'down' settings in the server's configuration file in double quotes to allow for scripts with arguments. --- templates/server.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/server.erb b/templates/server.erb index 6f0a8927..6b2dbd39 100644 --- a/templates/server.erb +++ b/templates/server.erb @@ -82,10 +82,10 @@ management <%= scope.lookupvar('management_ip') %> <%= scope.lookupvar('manageme script-security 2 <% end -%> <% if scope.lookupvar('up') != '' -%> -up <%= scope.lookupvar('up') %> +up "<%= scope.lookupvar('up') %>" <% end -%> <% if scope.lookupvar('down') != '' -%> -down <%= scope.lookupvar('down') %> +down "<%= scope.lookupvar('down') %>" <% end -%> <% if scope.lookupvar('username_as_common_name') -%> username-as-common-name From 26f4f7c169653ff7de0a428aa1ea79430fbc1223 Mon Sep 17 00:00:00 2001 From: Raffael Schmid Date: Sun, 25 May 2014 10:49:13 +0200 Subject: [PATCH 4/4] add tests for up/down handling --- spec/defines/openvpn_server_spec.rb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/spec/defines/openvpn_server_spec.rb b/spec/defines/openvpn_server_spec.rb index dfb9d0ff..87667f9a 100644 --- a/spec/defines/openvpn_server_spec.rb +++ b/spec/defines/openvpn_server_spec.rb @@ -93,6 +93,8 @@ 'logfile' => '/var/log/openvpn/test_server.log', 'status_log' => '/var/log/openvpn/test_server_status.log', 'dev' => 'tun1', + 'up' => '/tmp/up', + 'down' => '/tmp/down', 'local' => '2.3.4.5', 'ipp' => true, 'server' => '2.3.4.0 255.255.0.0', @@ -155,6 +157,11 @@ it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^persist-key$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^persist-tun$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^up "/tmp/up"$}) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^down "/tmp/down"$}) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^script-security 2$}) } + + it { should contain_file('/etc/openvpn/test_server/easy-rsa/vars').with_content(/^export CA_EXPIRE=365$/) } it { should contain_file('/etc/openvpn/test_server/easy-rsa/vars').with_content(/^export KEY_EXPIRE=365$/) } it { should contain_file('/etc/openvpn/test_server/easy-rsa/vars').with_content(/^export KEY_CN="yolo"$/) }