Merge branch 'master' into amazon-wheezy-small-support

Conflicts: CHANGELOG.md manifests/params.pp
voxpupuli · Mar 5, 2015 · 503d1fd · 503d1fd
2 parents 76e10a2 + 530e094
commit 503d1fd
Show file tree

Hide file tree

Showing 15 changed files with 111 additions and 83 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,10 @@
 
 * Support for systems without `lsb-release` package ([#134](https://github.com/luxflux/puppet-openvpn/pull/134))
 
+## 2.7.1
+
+* Fix server in client mode ([#137](https://github.com/luxflux/puppet-openvpn/pull/137))
+
 ## 2.7.0
 
 * Support for removing a client specific conf file ([#115](https://github.com/luxflux/puppet-openvpn/pull/115))

diff --git a/Vagrantfile b/Vagrantfile
@@ -2,41 +2,38 @@
 # vi: set ft=ruby :
 
 def server_config(config)
-  config.vm.provision :puppet, :module_path => '..' do |puppet|
-    puppet.manifests_path = "vagrant"
-    puppet.manifest_file  = "server.pp"
+  config.vm.provision :puppet do |puppet|
+    puppet.manifests_path = 'vagrant'
+    puppet.manifest_file  = 'server.pp'
+    puppet.temp_dir = '/tmp'
+    puppet.options = ['--modulepath=/tmp/modules']
   end
 end
 
 def client_config(config)
-  config.vm.provision :puppet, :module_path => '..' do |puppet|
-    puppet.manifests_path = "vagrant"
-    puppet.manifest_file  = "client.pp"
+  config.vm.provision :puppet do |puppet|
+    puppet.manifests_path = 'vagrant'
+    puppet.manifest_file  = 'client.pp'
+    puppet.temp_dir = '/tmp'
+    puppet.options = ['--modulepath=/tmp/modules']
   end
 end
 
-Vagrant::Config.run do |config|
+Vagrant::Config.run(2) do |config|
 
-  config.vm.define :server_ubuntu do |c|
-    c.vm.box = 'precise64'
-    server_config c
-    c.vm.network :hostonly, '10.255.255.10'
-  end
-
-  config.vm.define :server_centos do |c|
-    c.vm.box = 'centos63'
-
-    c.vm.provision :shell, :inline => 'if [ ! -f rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm ]; then wget -q http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm; fi'
-    c.vm.provision :shell, :inline => 'yum install -y rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm || exit 0'
+  config.vm.provision :shell, path: 'vagrant/provision_module.sh'
 
+  config.vm.define :server_ubuntu do |c|
+    c.vm.hostname = 'server'
+    c.vm.box = 'ubuntu/trusty64'
     server_config c
-    c.vm.network :hostonly, '10.255.255.11'
+    c.vm.network :private_network, ip: '10.255.255.10'
   end
 
   config.vm.define :client_ubuntu do |c|
-    c.vm.box = 'precise64'
+    c.vm.hostname = 'client'
+    c.vm.box = 'ubuntu/trusty64'
     client_config c
-    c.vm.network :hostonly, '10.255.255.20'
+    c.vm.network :private_network, ip: '10.255.255.20'
   end
-
 end
diff --git a/manifests/ca.pp b/manifests/ca.pp
@@ -114,13 +114,13 @@
   }
 
   File {
-    group   => $group_to_set,
+    group => $group_to_set,
   }
 
   # directory shared with openvpn::server
   ensure_resource(file, "/etc/openvpn/${name}", {
-    ensure  => directory,
-    mode    => '0750',
+    ensure => directory,
+    mode   => '0750',
   })
 
   exec { "copy easy-rsa to openvpn config folder ${name}":
@@ -143,7 +143,7 @@
   }
 
   file { "/etc/openvpn/${name}/easy-rsa/vars":
-    ensure  => present,
+    ensure  => file,
     content => template('openvpn/vars.erb'),
     require => Exec["copy easy-rsa to openvpn config folder ${name}"],
   }
@@ -155,7 +155,7 @@
   if $openvpn::params::link_openssl_cnf == true {
     File["/etc/openvpn/${name}/easy-rsa/openssl.cnf"] {
       ensure => link,
-      target => "/etc/openvpn/${name}/easy-rsa/openssl-1.0.0.cnf"
+      target => "/etc/openvpn/${name}/easy-rsa/openssl-1.0.0.cnf",
     }
   }
 

diff --git a/manifests/client.pp b/manifests/client.pp
@@ -203,7 +203,7 @@
       command  => ". ./vars && ./pkitool ${name}",
       cwd      => "/etc/openvpn/${ca_name}/easy-rsa",
       creates  => "/etc/openvpn/${ca_name}/easy-rsa/keys/${name}.crt",
-      provider => 'shell';
+      provider => 'shell',
   }
 
   file { [ "/etc/openvpn/${server}/download-configs/${name}",
@@ -229,6 +229,7 @@
     target  => "/etc/openvpn/${ca_name}/easy-rsa/keys/ca.crt",
     require => Exec["generate certificate for ${name} in context of ${ca_name}"],
   }
+
   if $tls_auth {
     file { "/etc/openvpn/${server}/download-configs/${name}/keys/${name}/ta.key":
       ensure  => link,

diff --git a/manifests/config.pp b/manifests/config.pp
@@ -32,19 +32,17 @@
 class openvpn::config {
 
   if $::osfamily == 'Debian' {
-    concat {
-      '/etc/default/openvpn':
-        owner  => root,
-        group  => root,
-        mode   => 644,
-        warn   => true;
+    concat { '/etc/default/openvpn':
+      owner => root,
+      group => root,
+      mode  => '0644',
+      warn  => true,
     }
 
-    concat::fragment {
-      'openvpn.default.header':
-        content => template('openvpn/etc-default-openvpn.erb'),
-        target  => '/etc/default/openvpn',
-        order   => 01;
+    concat::fragment { 'openvpn.default.header':
+      content => template('openvpn/etc-default-openvpn.erb'),
+      target  => '/etc/default/openvpn',
+      order   => 01,
     }
   }
 }
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -34,13 +34,13 @@
 #
 class openvpn {
 
-  class {'openvpn::params': } ->
-  class {'openvpn::install': } ->
-  class {'openvpn::config': } ->
+  class { 'openvpn::params': } ->
+  class { 'openvpn::install': } ->
+  class { 'openvpn::config': } ->
   Class['openvpn']
 
   if ! $::openvpn::params::systemd {
-    class {'openvpn::service':
+    class { 'openvpn::service':
       subscribe => [Class['openvpn::config'], Class['openvpn::install'] ],
       before    => Class['openvpn'],
     }

diff --git a/manifests/install.pp b/manifests/install.pp
@@ -39,9 +39,8 @@
   }
 
 
-  file {
-    [ '/etc/openvpn', '/etc/openvpn/keys' ]:
-      ensure  => directory,
-      require => Package['openvpn'];
+  file { [ '/etc/openvpn', '/etc/openvpn/keys' ]:
+    ensure  => directory,
+    require => Package['openvpn'],
   }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -20,27 +20,30 @@
       $group = 'nobody'
       $link_openssl_cnf = true
 
+      # Redhat/Centos >= 7.0
+      if(versioncmp($::operatingsystemrelease, '7.0') >= 0) {
+        $additional_packages = ['easy-rsa']
+        $easyrsa_source = '/usr/share/easy-rsa/2.0'
+        $systemd = true
+
       # Redhat/Centos >= 6.4
-      if(versioncmp($::operatingsystemrelease, '6.4') >= 0) {
+      } elsif(versioncmp($::operatingsystemrelease, '6.4') >= 0) {
         $additional_packages = ['easy-rsa']
         $easyrsa_source = '/usr/share/easy-rsa/2.0'
+        $systemd = false
 
       # Redhat/Centos < 6.4 >= 6
       } elsif(versioncmp($::operatingsystemrelease, '6') >= 0) {
         $easyrsa_source = '/usr/share/openvpn/easy-rsa/2.0'
+        $systemd = false
 
       # Redhat/Centos < 6
       } else {
         $easyrsa_source = '/usr/share/doc/openvpn/examples/easy-rsa/2.0'
+        $systemd = false
       }
 
       $ldap_auth_plugin_location = undef # no ldap plugin on redhat/centos
-
-      if(versioncmp($::operatingsystemrelease, '7.0') >= 0) {
-        $systemd = true
-      } else {
-        $systemd = false
-      }
     }
     'Debian': { # Debian/Ubuntu
       $group = 'nogroup'
@@ -98,5 +101,4 @@
       fail("Not supported OS family ${::osfamily}")
     }
   }
-
 }
diff --git a/manifests/revoke.pp b/manifests/revoke.pp
@@ -47,7 +47,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-define openvpn::revoke($server) {
+define openvpn::revoke(
+  $server,
+) {
 
   Openvpn::Server[$server] ->
   Openvpn::Revoke[$name]
@@ -59,6 +61,6 @@
     command  => ". ./vars && ./revoke-full ${name} ; test $? -eq 2 && touch revoked/${name}",
     cwd      => "/etc/openvpn/${server}/easy-rsa",
     creates  => "/etc/openvpn/${server}/easy-rsa/revoked/${name}",
-    provider => 'shell';
+    provider => 'shell',
   }
 }
diff --git a/manifests/server.pp b/manifests/server.pp
@@ -427,7 +427,7 @@
   }
 
   File {
-    group   => $group_to_set,
+    group => $group_to_set,
   }
 
   # directory shared with openvpn::ca
@@ -437,8 +437,8 @@
     notify => $notify,
   })
 
-  if $remote == undef {
-    if $shared_ca == undef {
+  if !$remote {
+    if !$shared_ca {
       # VPN Server Mode
       if $country == undef { fail('country has to be specified in server mode') }
       if $province == undef { fail('province has to be specified in server mode') }
@@ -481,6 +481,9 @@
   } else {
     # VPN Client Mode
 
+    $ca_name = $name
+    $ca_common_name = $name
+
     file { "/etc/openvpn/${name}/keys":
       ensure  => directory,
       mode    => '0750',
@@ -489,19 +492,18 @@
   }
 
   if $::osfamily == 'Debian' {
-    concat::fragment {
-      "openvpn.default.autostart.${name}":
-        content => "AUTOSTART=\"\$AUTOSTART ${name}\"\n",
-        target  => '/etc/default/openvpn',
-        order   => 10;
+    concat::fragment { "openvpn.default.autostart.${name}":
+      content => "AUTOSTART=\"\$AUTOSTART ${name}\"\n",
+      target  => '/etc/default/openvpn',
+      order   => 10,
     }
   }
 
   file { "/etc/openvpn/${name}.conf":
     owner   => root,
     group   => root,
     mode    => '0440',
-    content => template('openvpn/server.erb');
+    content => template('openvpn/server.erb'),
   }
 
   if $ldap_enabled == true {

diff --git a/manifests/service.pp b/manifests/service.pp
@@ -30,11 +30,10 @@
 # limitations under the License.
 #
 class openvpn::service {
-  service {
-    'openvpn':
-      ensure     => running,
-      enable     => true,
-      hasrestart => true,
-      hasstatus  => true;
+  service { 'openvpn':
+    ensure     => running,
+    enable     => true,
+    hasrestart => true,
+    hasstatus  => true,
   }
 }
diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "luxflux-openvpn",
-  "version": "2.7.0",
+  "version": "2.7.1",
   "author": "luxflux",
   "summary": "OpenVPN server puppet module",
   "license": "Apache-2.0",

diff --git a/spec/defines/openvpn_server_spec.rb b/spec/defines/openvpn_server_spec.rb
@@ -222,6 +222,7 @@
   end
 
   context "creating a server in client mode" do
+    let(:title) { 'test_client' }
     let(:params) { {
       'remote'              => ['vpn.example.com 12345'],
       'server_poll_timeout' => 1,
@@ -238,18 +239,25 @@
       :operatingsystemrelease => '12.04',
     } }
 
-    it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^client$/) }
-    it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^remote\s+vpn.example.com\s+12345$/) }
-    it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^server-poll-timeout\s+1$/) }
-    it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^ping-timer-rem$/) }
-    it { should contain_file('/etc/openvpn/test_server/keys').
+    it { should contain_file('/etc/openvpn/test_client.conf').with_content(/^client$/) }
+    it { should contain_file('/etc/openvpn/test_client.conf').
+         with_content(/^remote\s+vpn.example.com\s+12345$/) }
+    it { should contain_file('/etc/openvpn/test_client.conf').with_content(/^server-poll-timeout\s+1$/) }
+    it { should contain_file('/etc/openvpn/test_client.conf').with_content(/^ping-timer-rem$/) }
+    it { should contain_file('/etc/openvpn/test_client.conf').
+         with_content(%r{^ca /etc/openvpn/test_client/keys/ca.crt$}) }
+    it { should contain_file('/etc/openvpn/test_client.conf').
+         with_content(%r{^cert /etc/openvpn/test_client/keys/test_client.crt$}) }
+    it { should contain_file('/etc/openvpn/test_client.conf').
+         with_content(%r{^key /etc/openvpn/test_client/keys/test_client.key$}) }
+    it { should contain_file('/etc/openvpn/test_client/keys').
          with(:ensure =>'directory', :mode =>'0750', :group =>'nogroup') }
-    it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^ns-cert-type server/) }
-    it { should_not contain_file('/etc/openvpn/test_server.conf').with_content(/^mode\s+server$/) }
-    it { should_not contain_file('/etc/openvpn/test_server.conf').with_content(/^client-config-dir/) }
-    it { should_not contain_file('/etc/openvpn/test_server.conf').with_content(/^dh/) }
+    it { should contain_file('/etc/openvpn/test_client.conf').with_content(/^ns-cert-type server/) }
+    it { should_not contain_file('/etc/openvpn/test_client.conf').with_content(/^mode\s+server$/) }
+    it { should_not contain_file('/etc/openvpn/test_client.conf').with_content(/^client-config-dir/) }
+    it { should_not contain_file('/etc/openvpn/test_client.conf').with_content(/^dh/) }
 
-    it { should_not contain_openvpn__ca('test_server') }
+    it { should_not contain_openvpn__ca('test_client') }
   end
 
   context "when altering send and receive buffers" do

diff --git a/vagrant/Puppetfile b/vagrant/Puppetfile
@@ -0,0 +1 @@
+mod 'luxflux-openvpn', path: '/vagrant'
diff --git a/vagrant/provision_module.sh b/vagrant/provision_module.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -e
+
+if [ ! -f /module-installed ]; then
+  apt-get update
+  apt-get install -y ruby-dev git
+
+  gem install librarian-puppet --no-rdoc --no-ri
+
+  cp /vagrant/vagrant/Puppetfile /tmp
+  cd /tmp && librarian-puppet install --verbose
+
+  touch /module-installed
+fi