1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
# openvpn.pp -- create a "virtual" OpenVPN Server within a vserver
# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
# See LICENSE for the full license granted to you.
# configures the specified vserver for openvpn hosting
# see also http://oldwiki.linux-vserver.org/some_hints_from_john
# and http://linux-vserver.org/Frequently_Asked_Questions#Can_I_run_an_OpenVPN_Server_in_a_guest.3F
class virtual::openvpn::base {
include openvpn
module_dir { "virtual/openvpn": }
}
class virtual::openvpn::host_base inherits virtual::openvpn::base {
file {
"/var/lib/puppet/modules/virtual/openvpn/create_interface":
source => "puppet:///modules/virtual/create_openvpn_interface",
mode => 0755, owner => root, group => 0;
"/var/lib/puppet/modules/virtual/openvpn/destroy_interface":
source => "puppet:///modules/virtual/destroy_openvpn_interface",
mode => 0755, owner => root, group => 0;
}
}
define virtual::openvpn::host() {
include virtual::openvpn::host_base
exec { "mktun for ${name}":
command => "./MAKEDEV tun",
cwd => "/etc/vservers/${name}/vdir/dev",
creates => "/etc/vservers/${name}/vdir/dev/net/tun";
}
}
# this configures a specific tun interface for the given subnet
define virtual::openvpn::interface($subnet) {
# create and setup the interface if it doesn't exist already
# this is a "bit" coarse grained but works for me
ifupdown::manual {
$name:
up => "/var/lib/puppet/modules/virtual/openvpn/create_interface ${name} ${subnet}",
down => "/var/lib/puppet/modules/virtual/openvpn/destroy_interface ${name} ${subnet}"
}
}
# actually setup the openvpn server within a vserver
define virtual::openvpn::server($config) {
include virtual::openvpn::base
file {
"/etc/openvpn/${name}.conf":
ensure => present, content => $config,
mode => 0644, owner => root, group => 0,
notify => Service['openvpn'];
}
}
|
