diff options
Diffstat (limited to 'manifests/openvpn')
-rw-r--r-- | manifests/openvpn/base.pp | 5 | ||||
-rw-r--r-- | manifests/openvpn/host.pp | 16 | ||||
-rw-r--r-- | manifests/openvpn/host_base.pp | 10 | ||||
-rw-r--r-- | manifests/openvpn/interface.pp | 10 | ||||
-rw-r--r-- | manifests/openvpn/server.pp | 10 |
5 files changed, 51 insertions, 0 deletions
diff --git a/manifests/openvpn/base.pp b/manifests/openvpn/base.pp new file mode 100644 index 0000000..0342ca3 --- /dev/null +++ b/manifests/openvpn/base.pp @@ -0,0 +1,5 @@ +class virtual::openvpn::base { + include openvpn + include virtual + module_dir { "virtual/openvpn": } +} diff --git a/manifests/openvpn/host.pp b/manifests/openvpn/host.pp new file mode 100644 index 0000000..3d126db --- /dev/null +++ b/manifests/openvpn/host.pp @@ -0,0 +1,16 @@ +# openvpn.pp -- create a "virtual" OpenVPN Server within a vserver +# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at> +# See LICENSE for the full license granted to you. + +# configures the specified vserver for openvpn hosting +# see also http://oldwiki.linux-vserver.org/some_hints_from_john +# and http://linux-vserver.org/Frequently_Asked_Questions#Can_I_run_an_OpenVPN_Server_in_a_guest.3F + +define virtual::openvpn::host() { + include virtual::openvpn::host_base + exec { "mktun for ${name}": + command => "./MAKEDEV tun", + cwd => "/etc/vservers/${name}/vdir/dev", + creates => "/etc/vservers/${name}/vdir/dev/net/tun"; + } +} diff --git a/manifests/openvpn/host_base.pp b/manifests/openvpn/host_base.pp new file mode 100644 index 0000000..072a8a7 --- /dev/null +++ b/manifests/openvpn/host_base.pp @@ -0,0 +1,10 @@ +class virtual::openvpn::host_base inherits virtual::openvpn::base { + file { + "/var/lib/puppet/modules/virtual/openvpn/create_interface": + source => "puppet:///modules/virtual/create_openvpn_interface", + mode => 0755, owner => root, group => 0; + "/var/lib/puppet/modules/virtual/openvpn/destroy_interface": + source => "puppet:///modules/virtual/destroy_openvpn_interface", + mode => 0755, owner => root, group => 0; + } +} diff --git a/manifests/openvpn/interface.pp b/manifests/openvpn/interface.pp new file mode 100644 index 0000000..60c61e2 --- /dev/null +++ b/manifests/openvpn/interface.pp @@ -0,0 +1,10 @@ +# this configures a specific tun interface for the given subnet +define virtual::openvpn::interface($subnet) { + # create and setup the interface if it doesn't exist already + # this is a "bit" coarse grained but works for me + ifupdown::manual { + $name: + up => "/var/lib/puppet/modules/virtual/openvpn/create_interface ${name} ${subnet}", + down => "/var/lib/puppet/modules/virtual/openvpn/destroy_interface ${name} ${subnet}" + } +} diff --git a/manifests/openvpn/server.pp b/manifests/openvpn/server.pp new file mode 100644 index 0000000..b31f80b --- /dev/null +++ b/manifests/openvpn/server.pp @@ -0,0 +1,10 @@ +# actually setup the openvpn server within a vserver +define virtual::openvpn::server($config) { + include virtual::openvpn::base + file { + "/etc/openvpn/${name}.conf": + ensure => present, content => $config, + mode => 0644, owner => root, group => 0, + notify => Service['openvpn']; + } +} |