From 58c1845298917e14f8f8ff326bd15e58e0afe464 Mon Sep 17 00:00:00 2001 From: Raffael Schmid Date: Sat, 7 Feb 2015 11:15:36 +0100 Subject: [PATCH 1/8] do not depend on facts from `lsb-release` package, fixes #123 --- manifests/params.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 5cce9b8b..ee665242 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -46,16 +46,16 @@ } } 'Debian': { # Debian/Ubuntu - case $::lsbdistid { + case $::operatingsystem { 'Debian': { # Version > 8.0.0, jessie - if(versioncmp($::lsbdistrelease, '8.0.0') >= 0) { + if(versioncmp($::operatingsystemdistrelease, '8.0.0') >= 0) { $additional_packages = ['easy-rsa', 'openvpn-auth-ldap'] $easyrsa_source = '/usr/share/easy-rsa/' $ldap_auth_plugin_location = '/usr/lib/openvpn/openvpn-auth-ldap.so' # Version > 7.0.0, wheezy - } elsif(versioncmp($::lsbdistrelease, '7.0.0') >= 0) { + } elsif(versioncmp($::operatingsystemdistrelease, '7.0.0') >= 0) { $additional_packages = ['openvpn-auth-ldap'] $easyrsa_source = '/usr/share/doc/openvpn/examples/easy-rsa/2.0' $ldap_auth_plugin_location = '/usr/lib/openvpn/openvpn-auth-ldap.so' @@ -65,7 +65,7 @@ } 'Ubuntu': { # Version > 13.10, saucy - if(versioncmp($::lsbdistrelease, '13.10') >= 0) { + if(versioncmp($::operatingsystemdistrelease, '13.10') >= 0) { $additional_packages = ['easy-rsa', 'openvpn-auth-ldap'] $easyrsa_source = '/usr/share/easy-rsa/' $ldap_auth_plugin_location = '/usr/lib/openvpn/openvpn-auth-ldap.so' @@ -74,7 +74,7 @@ } } default: { - fail("Not supported OS / Distribution: ${::osfamily}/${::lsbdistid}") + fail("Not supported OS / Distribution: ${::osfamily}/${::operatingsystem}") } } From 2f5935d787865676a46c5c24d613b6a6a1df6ea2 Mon Sep 17 00:00:00 2001 From: Raffael Schmid Date: Sat, 7 Feb 2015 11:17:38 +0100 Subject: [PATCH 2/8] update changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c23aadb..8fa8ae29 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ## Next version +* Support for systems without `lsb-release` package ([#134](https://github.com/luxflux/puppet-openvpn/pull/134)) + ## 2.7.0 * Support for removing a client specific conf file ([#115](https://github.com/luxflux/puppet-openvpn/pull/115)) From 33820e9904520b5f86bf3a4db6e8e303fe5ff6d9 Mon Sep 17 00:00:00 2001 From: Raffael Schmid Date: Sat, 7 Feb 2015 11:28:19 +0100 Subject: [PATCH 3/8] fix the tests... --- manifests/params.pp | 6 ++-- spec/classes/openvpn_init_spec.rb | 10 +++---- spec/classes/openvpn_install_spec.rb | 16 +++++------ spec/defines/openvpn_ca_spec.rb | 28 +++++++++---------- spec/defines/openvpn_client_spec.rb | 16 +++++------ .../openvpn_client_specific_config_spec.rb | 8 +++--- spec/defines/openvpn_revoke_spec.rb | 8 +++--- spec/defines/openvpn_server_spec.rb | 24 ++++++++-------- 8 files changed, 58 insertions(+), 58 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index ee665242..a9571909 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -49,13 +49,13 @@ case $::operatingsystem { 'Debian': { # Version > 8.0.0, jessie - if(versioncmp($::operatingsystemdistrelease, '8.0.0') >= 0) { + if(versioncmp($::operatingsystemrelease, '8.0.0') >= 0) { $additional_packages = ['easy-rsa', 'openvpn-auth-ldap'] $easyrsa_source = '/usr/share/easy-rsa/' $ldap_auth_plugin_location = '/usr/lib/openvpn/openvpn-auth-ldap.so' # Version > 7.0.0, wheezy - } elsif(versioncmp($::operatingsystemdistrelease, '7.0.0') >= 0) { + } elsif(versioncmp($::operatingsystemrelease, '7.0.0') >= 0) { $additional_packages = ['openvpn-auth-ldap'] $easyrsa_source = '/usr/share/doc/openvpn/examples/easy-rsa/2.0' $ldap_auth_plugin_location = '/usr/lib/openvpn/openvpn-auth-ldap.so' @@ -65,7 +65,7 @@ } 'Ubuntu': { # Version > 13.10, saucy - if(versioncmp($::operatingsystemdistrelease, '13.10') >= 0) { + if(versioncmp($::operatingsystemrelease, '13.10') >= 0) { $additional_packages = ['easy-rsa', 'openvpn-auth-ldap'] $easyrsa_source = '/usr/share/easy-rsa/' $ldap_auth_plugin_location = '/usr/lib/openvpn/openvpn-auth-ldap.so' diff --git a/spec/classes/openvpn_init_spec.rb b/spec/classes/openvpn_init_spec.rb index 25bc2cc3..b40842f1 100644 --- a/spec/classes/openvpn_init_spec.rb +++ b/spec/classes/openvpn_init_spec.rb @@ -5,9 +5,9 @@ context 'non-systemd systems' do let(:facts) { { :concat_basedir => '/var/lib/puppet/concat', - :osfamily => 'Debian', - :lsbdistid => 'Ubuntu', - :lsbdistrelease => '12.04', + :osfamily => 'Debian', + :operatingsystem => 'Ubuntu', + :operatingsystemrelease => '12.04', } } it { should create_class('openvpn') } @@ -16,8 +16,8 @@ context 'systemd systems' do let(:facts) { { - :concat_basedir => '/var/lib/puppet/concat', - :osfamily => 'RedHat', + :concat_basedir => '/var/lib/puppet/concat', + :osfamily => 'RedHat', :operatingsystemrelease => '7.0', } } diff --git a/spec/classes/openvpn_install_spec.rb b/spec/classes/openvpn_install_spec.rb index 84c577b7..45fe9a2d 100644 --- a/spec/classes/openvpn_install_spec.rb +++ b/spec/classes/openvpn_install_spec.rb @@ -4,15 +4,15 @@ let(:osfamily) { 'Debian' } let(:operatingsystemmajrelease) { nil } let(:operatingsystemrelease) { nil } - let(:lsbdistid) { 'Ubuntu' } - let(:lsbdistrelease) { '13.10' } + let(:operatingsystem) { 'Ubuntu' } + let(:operatingsystemrelease) { '13.10' } let(:facts) do { :osfamily => osfamily, :operatingsystemmajrelease => operatingsystemmajrelease, :operatingsystemrelease => operatingsystemrelease, - :lsbdistid => lsbdistid, - :lsbdistrelease => lsbdistrelease, + :operatingsystem => operatingsystem, + :operatingsystemrelease => operatingsystemrelease, } end @@ -25,22 +25,22 @@ describe 'installed packages' do context 'debian' do let(:osfamily) { 'Debian' } - let(:lsbdistid) { 'Debian' } + let(:operatingsystem) { 'Debian' } context 'squeeze' do - let(:lsbdistrelease) { '6.5' } + let(:operatingsystemrelease) { '6.5' } it { should_not contain_package('openvpn-auth-ldap') } it { should_not contain_package('easy-rsa') } end context 'wheezy' do - let(:lsbdistrelease) { '7.4' } + let(:operatingsystemrelease) { '7.4' } it { should contain_package('openvpn-auth-ldap') } it { should_not contain_package('easy-rsa') } end context 'jessie' do - let(:lsbdistrelease) { '8.0.0' } + let(:operatingsystemrelease) { '8.0.0' } it { should contain_package('openvpn-auth-ldap') } it { should contain_package('easy-rsa') } end diff --git a/spec/defines/openvpn_ca_spec.rb b/spec/defines/openvpn_ca_spec.rb index ebc547b7..414e4845 100644 --- a/spec/defines/openvpn_ca_spec.rb +++ b/spec/defines/openvpn_ca_spec.rb @@ -6,12 +6,12 @@ let(:facts) { { :ipaddress_eth0 => '1.2.3.4', - :network_eth0 => '1.2.3.0', - :netmask_eth0 => '255.255.255.0', + :network_eth0 => '1.2.3.0', + :netmask_eth0 => '255.255.255.0', :concat_basedir => '/var/lib/puppet/concat', - :osfamily => 'Debian', - :lsbdistid => 'Ubuntu', - :lsbdistrelease => '12.04', + :osfamily => 'Debian', + :operatingsystem => 'Ubuntu', + :operatingsystemrelease => '12.04', } } context "creating a server with the minimum parameters" do @@ -73,8 +73,8 @@ :netmask_eth0 => '255.255.255.0', :concat_basedir => '/var/lib/puppet/concat', :osfamily => 'Debian', - :lsbdistid => 'Ubuntu', - :lsbdistrelease => '12.04', + :operatingsystem => 'Ubuntu', + :operatingsystemrelease => '12.04', } } it { should contain_file('/etc/openvpn/test_server/easy-rsa/vars').with_content(/^export CA_EXPIRE=365$/) } @@ -148,7 +148,7 @@ 'email' => 'testemail@example.org' } } - let(:facts) { { :osfamily => 'Debian', :lsbdistid => 'Debian', :concat_basedir => '/var/lib/puppet/concat' } } + let(:facts) { { :osfamily => 'Debian', :operatingsystem => 'Debian', :concat_basedir => '/var/lib/puppet/concat' } } shared_examples_for 'a newer version than wheezy' do it { should contain_package('easy-rsa').with('ensure' => 'present') } @@ -158,24 +158,24 @@ end context "when jessie/sid" do before do - facts[:lsbdistid] = 'Debian' - facts[:lsbdistrelease] = '8.0.1' + facts[:operatingsystem] = 'Debian' + facts[:operatingsystemrelease] = '8.0.1' end it_behaves_like 'a newer version than wheezy' end context 'when ubuntu 13.10' do before do - facts[:lsbdistid] = 'Ubuntu' - facts[:lsbdistrelease] = '13.10' + facts[:operatingsystem] = 'Ubuntu' + facts[:operatingsystemrelease] = '13.10' end it_behaves_like 'a newer version than wheezy' end context 'when ubuntu 14.04' do before do - facts[:lsbdistid] = 'Ubuntu' - facts[:lsbdistrelease] = '14.04' + facts[:operatingsystem] = 'Ubuntu' + facts[:operatingsystemrelease] = '14.04' end it_behaves_like 'a newer version than wheezy' end diff --git a/spec/defines/openvpn_client_spec.rb b/spec/defines/openvpn_client_spec.rb index 971313f1..bef88a30 100644 --- a/spec/defines/openvpn_client_spec.rb +++ b/spec/defines/openvpn_client_spec.rb @@ -4,11 +4,11 @@ let(:title) { 'test_client' } let(:params) { { 'server' => 'test_server' } } let(:facts) { { - :fqdn => 'somehost', + :fqdn => 'somehost', :concat_basedir => '/var/lib/puppet/concat', - :osfamily => 'Debian', - :lsbdistid => 'Ubuntu', - :lsbdistrelease => '12.04', + :osfamily => 'Debian', + :operatingsystem => 'Ubuntu', + :operatingsystemrelease => '12.04', } } let(:pre_condition) do 'openvpn::server { "test_server": @@ -89,11 +89,11 @@ 'rcvbuf' => 393215, } } let(:facts) { { - :fqdn => 'somehost', + :fqdn => 'somehost', :concat_basedir => '/var/lib/puppet/concat', - :osfamily => 'Debian', - :lsbdistid => 'Ubuntu', - :lsbdistrelease => '12.04', + :osfamily => 'Debian', + :operatingsystem => 'Ubuntu', + :operatingsystemrelease => '12.04', } } it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^client$/)} diff --git a/spec/defines/openvpn_client_specific_config_spec.rb b/spec/defines/openvpn_client_specific_config_spec.rb index 520ea773..2689ffb7 100644 --- a/spec/defines/openvpn_client_specific_config_spec.rb +++ b/spec/defines/openvpn_client_specific_config_spec.rb @@ -4,11 +4,11 @@ let(:title) { 'test_client' } let(:params) { { 'server' => 'test_server' } } let(:facts) { { - :fqdn => 'somehost', + :fqdn => 'somehost', :concat_basedir => '/var/lib/puppet/concat', - :osfamily => 'Debian', - :lsbdistid => 'Ubuntu', - :lsbdistrelease => '12.04', + :osfamily => 'Debian', + :operatingsystem => 'Ubuntu', + :operatingsystemrelease => '12.04', } } let(:pre_condition) do [ diff --git a/spec/defines/openvpn_revoke_spec.rb b/spec/defines/openvpn_revoke_spec.rb index 822ba80f..04b65918 100644 --- a/spec/defines/openvpn_revoke_spec.rb +++ b/spec/defines/openvpn_revoke_spec.rb @@ -4,11 +4,11 @@ let(:title) { 'test_client' } let(:params) { { 'server' => 'test_server' } } let(:facts) { { - :fqdn => 'somehost', + :fqdn => 'somehost', :concat_basedir => '/var/lib/puppet/concat', - :osfamily => 'Debian', - :lsbdistid => 'Ubuntu', - :lsbdistrelease => '12.04', + :osfamily => 'Debian', + :operatingsystem => 'Ubuntu', + :operatingsystemrelease => '12.04', } } let(:pre_condition) do [ diff --git a/spec/defines/openvpn_server_spec.rb b/spec/defines/openvpn_server_spec.rb index cea7505e..1a1622ce 100644 --- a/spec/defines/openvpn_server_spec.rb +++ b/spec/defines/openvpn_server_spec.rb @@ -6,12 +6,12 @@ let(:facts) { { :ipaddress_eth0 => '1.2.3.4', - :network_eth0 => '1.2.3.0', - :netmask_eth0 => '255.255.255.0', + :network_eth0 => '1.2.3.0', + :netmask_eth0 => '255.255.255.0', :concat_basedir => '/var/lib/puppet/concat', - :osfamily => 'Debian', - :lsbdistid => 'Ubuntu', - :lsbdistrelease => '12.04', + :osfamily => 'Debian', + :operatingsystem => 'Ubuntu', + :operatingsystemrelease => '12.04', } } context 'creating a server without any parameter' do @@ -155,8 +155,8 @@ :netmask_eth0 => '255.255.255.0', :concat_basedir => '/var/lib/puppet/concat', :osfamily => 'Debian', - :lsbdistid => 'Ubuntu', - :lsbdistrelease => '12.04', + :operatingsystem => 'Ubuntu', + :operatingsystemrelease => '12.04', } } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^mode\s+server$/) } @@ -234,8 +234,8 @@ :netmask_eth0 => '255.255.255.0', :concat_basedir => '/var/lib/puppet/concat', :osfamily => 'Debian', - :lsbdistid => 'Ubuntu', - :lsbdistrelease => '12.04', + :operatingsystem => 'Ubuntu', + :operatingsystemrelease => '12.04', } } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^client$/) } @@ -326,7 +326,7 @@ 'email' => 'testemail@example.org' } } - let(:facts) { { :osfamily => 'Debian', :lsbdistid => 'Debian', :concat_basedir => '/var/lib/puppet/concat' } } + let(:facts) { { :osfamily => 'Debian', :operatingsystem => 'Debian', :concat_basedir => '/var/lib/puppet/concat' } } # Configure to start vpn session it { should contain_concat__fragment('openvpn.default.autostart.test_server').with( @@ -340,8 +340,8 @@ context 'ldap' do before do facts[:osfamily] = 'Debian' - facts[:lsbdistid] = 'Debian' - facts[:lsbdistrelease] = '8.0.0' + facts[:operatingsystem] = 'Debian' + facts[:operatingsystemrelease] = '8.0.0' end let(:params) { { 'country' => 'CO', From c1611c0fc4adf74edd6538cda9e3e118c8ce14d5 Mon Sep 17 00:00:00 2001 From: Raffael Schmid Date: Sat, 7 Feb 2015 11:28:30 +0100 Subject: [PATCH 4/8] add some color --- .rspec | 1 + 1 file changed, 1 insertion(+) create mode 100644 .rspec diff --git a/.rspec b/.rspec new file mode 100644 index 00000000..4e1e0d2f --- /dev/null +++ b/.rspec @@ -0,0 +1 @@ +--color From e708143f7bd67c24e029cecee1d256f122fb162d Mon Sep 17 00:00:00 2001 From: Raffael Schmid Date: Sat, 7 Feb 2015 11:32:46 +0100 Subject: [PATCH 5/8] handle amazon operating system, fixes #44 --- manifests/params.pp | 11 +++++++++++ spec/classes/openvpn_install_spec.rb | 9 +++++++++ 2 files changed, 20 insertions(+) diff --git a/manifests/params.pp b/manifests/params.pp index a9571909..4c3058ad 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -80,6 +80,17 @@ $systemd = false } + 'Linux': { + case $::operatingsystem { + 'Amazon': { + $additional_packages = ['easy-rsa'] + $easyrsa_source = '/usr/share/easy-rsa/2.0' + } + default: { + fail("Not supported OS / Distribution: ${::osfamily}/${::operatingsystem}") + } + } + } default: { fail("Not supported OS family ${::osfamily}") } diff --git a/spec/classes/openvpn_install_spec.rb b/spec/classes/openvpn_install_spec.rb index 45fe9a2d..ac77cf86 100644 --- a/spec/classes/openvpn_install_spec.rb +++ b/spec/classes/openvpn_install_spec.rb @@ -73,5 +73,14 @@ it { should contain_package('easy-rsa') } end end + + context 'Amazon' do + let(:osfamily) { 'Linux' } + let(:operatingsystem) { 'Amazon' } + let(:operatingsystemrelease) { nil } + + it { should_not contain_package('openvpn-auth-ldap') } + it { should contain_package('easy-rsa') } + end end end From e87d6b72408cac92740081d4a5abf9357b171b58 Mon Sep 17 00:00:00 2001 From: Raffael Schmid Date: Sat, 7 Feb 2015 11:34:47 +0100 Subject: [PATCH 6/8] disable systemd on amazon images --- manifests/params.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/params.pp b/manifests/params.pp index 4c3058ad..06e49477 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -85,6 +85,7 @@ 'Amazon': { $additional_packages = ['easy-rsa'] $easyrsa_source = '/usr/share/easy-rsa/2.0' + $systemd = false } default: { fail("Not supported OS / Distribution: ${::osfamily}/${::operatingsystem}") From 290b45980597eba8843843351b93147d175e4a97 Mon Sep 17 00:00:00 2001 From: Raffael Schmid Date: Mon, 9 Feb 2015 11:33:16 +0100 Subject: [PATCH 7/8] wheeze is version 8.0, not 8.0.0 --- manifests/params.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 06e49477..8e34fa08 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -48,14 +48,14 @@ 'Debian': { # Debian/Ubuntu case $::operatingsystem { 'Debian': { - # Version > 8.0.0, jessie - if(versioncmp($::operatingsystemrelease, '8.0.0') >= 0) { + # Version > 8.0, jessie + if(versioncmp($::operatingsystemrelease, '8.0') >= 0) { $additional_packages = ['easy-rsa', 'openvpn-auth-ldap'] $easyrsa_source = '/usr/share/easy-rsa/' $ldap_auth_plugin_location = '/usr/lib/openvpn/openvpn-auth-ldap.so' - # Version > 7.0.0, wheezy - } elsif(versioncmp($::operatingsystemrelease, '7.0.0') >= 0) { + # Version > 7.0, wheezy + } elsif(versioncmp($::operatingsystemrelease, '7.0') >= 0) { $additional_packages = ['openvpn-auth-ldap'] $easyrsa_source = '/usr/share/doc/openvpn/examples/easy-rsa/2.0' $ldap_auth_plugin_location = '/usr/lib/openvpn/openvpn-auth-ldap.so' From 76e10a2f71feeef37213709691778a19ae6c8e5b Mon Sep 17 00:00:00 2001 From: Raffael Schmid Date: Mon, 9 Feb 2015 11:37:48 +0100 Subject: [PATCH 8/8] nobody on Amazon OS --- manifests/params.pp | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 8e34fa08..551bbdcf 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -15,14 +15,11 @@ # limitations under the License. # class openvpn::params { - - $group = $::osfamily ? { - 'RedHat' => 'nobody', - default => 'nogroup' - } - case $::osfamily { 'RedHat': { + $group = 'nobody' + $link_openssl_cnf = true + # Redhat/Centos >= 6.4 if(versioncmp($::operatingsystemrelease, '6.4') >= 0) { $additional_packages = ['easy-rsa'] @@ -46,6 +43,9 @@ } } 'Debian': { # Debian/Ubuntu + $group = 'nogroup' + $link_openssl_cnf = true + case $::operatingsystem { 'Debian': { # Version > 8.0, jessie @@ -83,9 +83,11 @@ 'Linux': { case $::operatingsystem { 'Amazon': { + $group = 'nobody' $additional_packages = ['easy-rsa'] $easyrsa_source = '/usr/share/easy-rsa/2.0' $systemd = false + $link_openssl_cnf = true } default: { fail("Not supported OS / Distribution: ${::osfamily}/${::operatingsystem}") @@ -97,9 +99,4 @@ } } - $link_openssl_cnf = $::osfamily ? { - /(Debian|RedHat)/ => true, - default => false - } - }