aboutsummaryrefslogtreecommitdiff
path: root/manifests/openvpn.pp
blob: ecdb8a78c9969ec11ad8d4b3bbd4ca1dc4582efe (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# openvpn.pp -- create a "virtual" OpenVPN Server within a vserver
# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
# See LICENSE for the full license granted to you.

# configures the specified vserver for openvpn hosting
# see also http://oldwiki.linux-vserver.org/some_hints_from_john
# and http://linux-vserver.org/Frequently_Asked_Questions#Can_I_run_an_OpenVPN_Server_in_a_guest.3F

class virtual::openvpn::base {
	include openvpn
	modules_dir { "virtual/openvpn": }
}

class virtual::openvpn::host_base inherits virtual::openvpn::base {
	file {
		"/var/lib/puppet/modules/virtual/openvpn/create_interface":
			source => "puppet://$servername/virtual/create_openvpn_interface",
			mode => 0755, owner => root, group => 0;
		"/var/lib/puppet/modules/virtual/openvpn/destroy_interface":
			source => "puppet://$servername/virtual/destroy_openvpn_interface",
			mode => 0755, owner => root, group => 0;
	}
}

define virtual::openvpn::host() {
	include virtual::openvpn::host_base
	exec { "mktun for ${name}":
		command => "./MAKEDEV tun",
		cwd => "/etc/vservers/${name}/vdir/dev",
		creates => "/etc/vservers/${name}/vdir/dev/net/tun";
	}
}

# this configures a specific tun interface for the given subnet
define virtual::openvpn::interface($subnet) {
	# create and setup the interface if it doesn't exist already
	# this is a "bit" coarse grained but works for me
	ifupdown::manual {
		$name:
			up => "/var/lib/puppet/modules/virtual/openvpn/create_interface ${name} ${subnet}",
			down => "/var/lib/puppet/modules/virtual/openvpn/destroy_interface ${name} ${subnet}" 
	}
}

# actually setup the openvpn server within a vserver
define virtual::openvpn::server($config) {
	include virtual::openvpn::base
	file {
		"/etc/openvpn/${name}.conf":
			ensure => present, content => $config,
			mode => 0644, owner => root, group => 0,
			notify => Service['openvpn'];
	}
}