aboutsummaryrefslogtreecommitdiff
path: root/manifests/openvpn
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/openvpn')
-rw-r--r--manifests/openvpn/base.pp5
-rw-r--r--manifests/openvpn/host.pp16
-rw-r--r--manifests/openvpn/host_base.pp10
-rw-r--r--manifests/openvpn/interface.pp10
-rw-r--r--manifests/openvpn/server.pp10
5 files changed, 51 insertions, 0 deletions
diff --git a/manifests/openvpn/base.pp b/manifests/openvpn/base.pp
new file mode 100644
index 0000000..0342ca3
--- /dev/null
+++ b/manifests/openvpn/base.pp
@@ -0,0 +1,5 @@
+class virtual::openvpn::base {
+ include openvpn
+ include virtual
+ module_dir { "virtual/openvpn": }
+}
diff --git a/manifests/openvpn/host.pp b/manifests/openvpn/host.pp
new file mode 100644
index 0000000..3d126db
--- /dev/null
+++ b/manifests/openvpn/host.pp
@@ -0,0 +1,16 @@
+# openvpn.pp -- create a "virtual" OpenVPN Server within a vserver
+# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
+# See LICENSE for the full license granted to you.
+
+# configures the specified vserver for openvpn hosting
+# see also http://oldwiki.linux-vserver.org/some_hints_from_john
+# and http://linux-vserver.org/Frequently_Asked_Questions#Can_I_run_an_OpenVPN_Server_in_a_guest.3F
+
+define virtual::openvpn::host() {
+ include virtual::openvpn::host_base
+ exec { "mktun for ${name}":
+ command => "./MAKEDEV tun",
+ cwd => "/etc/vservers/${name}/vdir/dev",
+ creates => "/etc/vservers/${name}/vdir/dev/net/tun";
+ }
+}
diff --git a/manifests/openvpn/host_base.pp b/manifests/openvpn/host_base.pp
new file mode 100644
index 0000000..072a8a7
--- /dev/null
+++ b/manifests/openvpn/host_base.pp
@@ -0,0 +1,10 @@
+class virtual::openvpn::host_base inherits virtual::openvpn::base {
+ file {
+ "/var/lib/puppet/modules/virtual/openvpn/create_interface":
+ source => "puppet:///modules/virtual/create_openvpn_interface",
+ mode => 0755, owner => root, group => 0;
+ "/var/lib/puppet/modules/virtual/openvpn/destroy_interface":
+ source => "puppet:///modules/virtual/destroy_openvpn_interface",
+ mode => 0755, owner => root, group => 0;
+ }
+}
diff --git a/manifests/openvpn/interface.pp b/manifests/openvpn/interface.pp
new file mode 100644
index 0000000..60c61e2
--- /dev/null
+++ b/manifests/openvpn/interface.pp
@@ -0,0 +1,10 @@
+# this configures a specific tun interface for the given subnet
+define virtual::openvpn::interface($subnet) {
+ # create and setup the interface if it doesn't exist already
+ # this is a "bit" coarse grained but works for me
+ ifupdown::manual {
+ $name:
+ up => "/var/lib/puppet/modules/virtual/openvpn/create_interface ${name} ${subnet}",
+ down => "/var/lib/puppet/modules/virtual/openvpn/destroy_interface ${name} ${subnet}"
+ }
+}
diff --git a/manifests/openvpn/server.pp b/manifests/openvpn/server.pp
new file mode 100644
index 0000000..b31f80b
--- /dev/null
+++ b/manifests/openvpn/server.pp
@@ -0,0 +1,10 @@
+# actually setup the openvpn server within a vserver
+define virtual::openvpn::server($config) {
+ include virtual::openvpn::base
+ file {
+ "/etc/openvpn/${name}.conf":
+ ensure => present, content => $config,
+ mode => 0644, owner => root, group => 0,
+ notify => Service['openvpn'];
+ }
+}