Skip to content

Commit

Permalink
* Add defaults for unsupported OS
Browse files Browse the repository at this point in the history 
* Add Data in modules
* Remove root_group parameter
* Removed top scope variables
* Removed create_resources
* Removed params.pp
* Remove systemd option in favor of facts provided by stdlib
  • Loading branch information
@jkroepke
jkroepke committed Oct 20, 2018
1 parent 139c727 commit ed49b84
Show file tree
Hide file tree
Showing 27 changed files with 247 additions and 212 deletions.
17 changes: 17 additions & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
FROM ruby:2.4

WORKDIR /opt/puppet

ENV PUPPET_VERSION "~> 5"
ENV PARALLEL_TEST_PROCESSORS=4

# Cache gems
COPY Gemfile .
RUN bundle install --without system_tests development release --path=${BUNDLE_PATH:-vendor/bundle}

COPY . .

RUN bundle install
RUN bundle exec rake rubocop
RUN bundle exec rake test
RUN bundle exec rake test_with_coveralls
14 changes: 14 additions & 0 deletions data/defaults.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
openvpn::autostart_all: true
openvpn::manage_service: true
openvpn::etc_directory: '/etc'
openvpn::group: 'nobody'
openvpn::link_openssl_cnf: true
openvpn::pam_module_path: ~
openvpn::namespecific_rclink: false
openvpn::default_easyrsa_ver: '2.0'
openvpn::easyrsa_source: '/usr/share/easy-rsa/'
openvpn::additional_packages: ['easy-rsa']
openvpn::ldap_auth_plugin_location: ~
openvpn::systemd: false

openvpn::deploy::prepare::etc_directory: "%{alias('openvpn::etc_directory')}"
9 changes: 9 additions & 0 deletions data/family/Archlinux.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
openvpn::default_easyrsa_ver: '3.0'
openvpn::etc_directory: '/etc'
openvpn::additional_packages: ['easy-rsa']
openvpn::easyrsa_source: '/usr/share/easy-rsa/'
openvpn::group: 'nobody'
openvpn::ldap_auth_plugin_location: ~
openvpn::pam_module_path: ~
openvpn::link_openssl_cnf: true
openvpn::namespecific_rclink: false
9 changes: 9 additions & 0 deletions data/family/Debian.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
openvpn::etc_directory: '/etc'
openvpn::group: 'nogroup'
openvpn::link_openssl_cnf: true
openvpn::namespecific_rclink: false
openvpn::default_easyrsa_ver: '2.0'
openvpn::additional_packages: ['easy-rsa','openvpn-auth-ldap']
openvpn::easyrsa_source: '/usr/share/easy-rsa/'
openvpn::ldap_auth_plugin_location: '/usr/lib/openvpn/openvpn-auth-ldap.so'
openvpn::pam_module_path: '/usr/lib/openvpn/openvpn-plugin-auth-pam.so'
8 changes: 8 additions & 0 deletions data/family/FreeBSD.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
openvpn::etc_directory: '/usr/local/etc'
openvpn::group: 'nogroup'
openvpn::link_openssl_cnf: true
openvpn::pam_module_path: '/usr/local/lib/openvpn/openvpn-auth-pam.so'
openvpn::additional_packages: ['easy-rsa2']
openvpn::easyrsa_source: '/usr/local/share/easy-rsa'
openvpn::default_easyrsa_ver: '2.0'
openvpn::namespecific_rclink: true
7 changes: 7 additions & 0 deletions data/family/RedHat.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
openvpn::etc_directory: '/etc'
openvpn::group: 'nobody'
openvpn::link_openssl_cnf: true
openvpn::pam_module_path: '/usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so'
openvpn::namespecific_rclink: false
openvpn::default_easyrsa_ver: '3.0'
openvpn::easyrsa_source: '/usr/share/easy-rsa/3'
2 changes: 2 additions & 0 deletions data/family/RedHat/6.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
openvpn::additional_packages: ['easy-rsa','openvpn-auth-ldap']
openvpn::ldap_auth_plugin_location: '/usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so'
2 changes: 2 additions & 0 deletions data/family/RedHat/7.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
openvpn::additional_packages: ['easy-rsa']
openvpn::ldap_auth_plugin_location: ~
16 changes: 16 additions & 0 deletions hiera.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
version: 5

defaults:
datadir: 'data'
data_hash: yaml_data

hierarchy:
- name: 'OS Major Release Overrides'
path: "family/%{facts.os.family}/%{facts.os.release.major}.yaml"
- name: 'Operating System'
path: "os/%{facts.os.name}.yaml"
- name: 'Operating System Family'
path: "family/%{facts.os.family}.yaml"
- name: 'Defaults'
path: 'defaults.yaml'
16 changes: 8 additions & 8 deletions manifests/ca.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
#
# [*group*]
# String. User to drop privileges to after startup
# Default: depends on your $::osfamily
# Default: depends on your $facts['os']['family']
#
# [*ssl_key_size*]
# String. Length of SSL keys (in bits) generated by this module.
Expand Down Expand Up @@ -109,15 +109,15 @@

include openvpn
$group_to_set = $group ? {
undef => $openvpn::params::group,
undef => $openvpn::group,
default => $group
}

File {
group => $group_to_set,
}

$etc_directory = $::openvpn::params::etc_directory
$etc_directory = $openvpn::etc_directory

ensure_resource('file', "${etc_directory}/openvpn/${name}", {
ensure => directory,
Expand All @@ -130,7 +130,7 @@
links => 'follow',
source_permissions => 'use',
group => 0,
source => "file:${openvpn::params::easyrsa_source}",
source => "file:${openvpn::easyrsa_source}",
require => File["${etc_directory}/openvpn/${name}"],
}

Expand All @@ -141,7 +141,7 @@
require => File["${etc_directory}/openvpn/${name}/easy-rsa"],
}

case $openvpn::params::easyrsa_version {
case $openvpn::easyrsa_version {
'2.0': {
file { "${etc_directory}/openvpn/${name}/easy-rsa/vars":
ensure => file,
Expand All @@ -150,7 +150,7 @@
require => File["${etc_directory}/openvpn/${name}/easy-rsa"],
}

if $openvpn::params::link_openssl_cnf == true {
if $openvpn::link_openssl_cnf == true {
File["${etc_directory}/openvpn/${name}/easy-rsa/openssl.cnf"] {
ensure => link,
target => "${etc_directory}/openvpn/${name}/easy-rsa/openssl-1.0.0.cnf",
Expand Down Expand Up @@ -216,7 +216,7 @@
require => File["${etc_directory}/openvpn/${name}/easy-rsa"],
}

if $openvpn::params::link_openssl_cnf == true {
if $openvpn::link_openssl_cnf == true {
File["${etc_directory}/openvpn/${name}/easy-rsa/openssl.cnf"] {
ensure => link,
target => "${etc_directory}/openvpn/${name}/easy-rsa/openssl-1.0.cnf",
Expand Down Expand Up @@ -264,7 +264,7 @@

}
default: {
fail("unexepected value for EasyRSA version, got '${openvpn::params::easyrsa_version}', expect 2.0 or 3.0.")
fail("unexepected value for EasyRSA version, got '${openvpn::easyrsa_version}', expect 2.0 or 3.0.")
}
}

Expand Down
8 changes: 4 additions & 4 deletions manifests/client.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,7 @@
Openvpn::Ca[$ca_name]
-> Openvpn::Client[$name]

$etc_directory = $::openvpn::params::etc_directory
$etc_directory = $openvpn::etc_directory

if $expire {
if is_integer($expire) {
Expand All @@ -256,7 +256,7 @@
$env_expire = ''
}

case $openvpn::params::easyrsa_version {
case $openvpn::easyrsa_version {
'2.0': {
exec { "generate certificate for ${name} in context of ${ca_name}":
command => ". ./vars && ${env_expire} ./pkitool ${name}",
Expand Down Expand Up @@ -298,7 +298,7 @@
}
}
default: {
fail("unexepected value for EasyRSA version, got '${openvpn::params::easyrsa_version}', expect 2.0 or 3.0.")
fail("unexepected value for EasyRSA version, got '${openvpn::easyrsa_version}', expect 2.0 or 3.0.")
}
}

Expand Down Expand Up @@ -354,7 +354,7 @@

file { "${etc_directory}/openvpn/${server}/download-configs/${name}/${name}.conf":
owner => root,
group => $::openvpn::params::root_group,
group => 0,
mode => '0444',
content => template('openvpn/client.erb', 'openvpn/client_external_auth.erb'),
}
Expand Down
2 changes: 1 addition & 1 deletion manifests/client_specific_config.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@
-> Openvpn::Client[$name]
-> Openvpn::Client_specific_config[$name]

file { "${::openvpn::params::etc_directory}/openvpn/${server}/client-configs/${name}":
file { "${openvpn::etc_directory}/openvpn/${server}/client-configs/${name}":
ensure => $ensure,
content => template('openvpn/client_specific_config.erb'),
}
Expand Down
7 changes: 3 additions & 4 deletions manifests/config.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
class openvpn::config inherits openvpn::params {

if $::osfamily == 'Debian' {
class openvpn::config {
if $facts['os']['family'] == 'Debian' {
concat { '/etc/default/openvpn':
owner => root,
group => $openvpn::params::root_group,
group => 0,
mode => '0644',
warn => true,
}
Expand Down
8 changes: 4 additions & 4 deletions manifests/deploy/client.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,15 +38,15 @@

if $manage_etc {
file { [
"${::openvpn::params::etc_directory}/openvpn",
"${::openvpn::params::etc_directory}/openvpn/keys",
"${::openvpn::params::etc_directory}/openvpn/keys/${name}",
"${openvpn::deploy::prepare::etc_directory}/openvpn",
"${openvpn::deploy::prepare::etc_directory}/openvpn/keys",
"${openvpn::deploy::prepare::etc_directory}/openvpn/keys/${name}",
]:
ensure => directory,
require => Package['openvpn'];
}
} else {
file { "${::openvpn::params::etc_directory}/openvpn/keys/${name}":
file { "${openvpn::deploy::prepare::etc_directory}/openvpn/keys/${name}":
ensure => directory,
require => Package['openvpn'];
}
Expand Down
10 changes: 5 additions & 5 deletions manifests/deploy/export.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@

@@file { "exported-${server}-${name}-config":
ensure => file,
path => "${::openvpn::params::etc_directory}/openvpn/${name}.conf",
path => "${openvpn::etc_directory}/openvpn/${name}.conf",
owner => 'root',
group => 'root',
mode => '0600',
Expand All @@ -50,7 +50,7 @@

@@file { "exported-${server}-${name}-ca":
ensure => file,
path => "${::openvpn::params::etc_directory}/openvpn/keys/${name}/ca.crt",
path => "${openvpn::etc_directory}/openvpn/keys/${name}/ca.crt",
owner => 'root',
group => 'root',
mode => '0600',
Expand All @@ -60,7 +60,7 @@

@@file { "exported-${server}-${name}-crt":
ensure => file,
path => "${::openvpn::params::etc_directory}/openvpn/keys/${name}/${name}.crt",
path => "${openvpn::etc_directory}/openvpn/keys/${name}/${name}.crt",
owner => 'root',
group => 'root',
mode => '0600',
Expand All @@ -70,7 +70,7 @@

@@file { "exported-${server}-${name}-key":
ensure => file,
path => "${::openvpn::params::etc_directory}/openvpn/keys/${name}/${name}.key",
path => "${openvpn::etc_directory}/openvpn/keys/${name}/${name}.key",
owner => 'root',
group => 'root',
mode => '0600',
Expand All @@ -81,7 +81,7 @@
if $tls_auth {
@@file { "exported-${server}-${name}-ta":
ensure => file,
path => "${::openvpn::params::etc_directory}/openvpn/keys/${name}/ta.key",
path => "${openvpn::etc_directory}/openvpn/keys/${name}/ta.key",
owner => 'root',
group => 'root',
mode => '0600',
Expand Down
10 changes: 6 additions & 4 deletions manifests/deploy/prepare.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@
#
# === Parameters
#
# None
# [*etc_directory*]
# String. Path of the configuration directory.
# Default: /etc
#
# === Variables
#
Expand All @@ -19,9 +21,9 @@
# Phil Bayfield https://bitbucket.org/Philio/
#

class openvpn::deploy::prepare {

class { 'openvpn::params': }
class openvpn::deploy::prepare(
String $etc_directory,
) {

class { 'openvpn::deploy::install': }
~> class { 'openvpn::deploy::service': }
Expand Down
Loading

0 comments on commit ed49b84

Please sign in to comment.