Puppet Class: openvpn

Defined in:
manifests/init.pp

Summary

This module installs the openvpn service, configures vpn endpoints, generates client certificates, and generates client config files

Overview

Examples:

class { 'openvpn':
  autostart_all => true,
}

Parameters:

  • autostart_all (Boolean)

    Whether openvpn instances should be started automatically on boot.

  • manage_service (Boolean)

    Whether the openvpn service should be managed by puppet.

  • etc_directory (Stdlib::Absolutepath)

    Path of the configuration directory.

  • group (String[1])

    File group of the generated config files.

  • link_openssl_cnf (Boolean)

    Link easy-rsa/openssl.cnf to easy-rsa/openssl-1.0.0.cnf

  • pam_module_path (Optional[Stdlib::Absolutepath])

    Path to openvpn-auth-pam.so

  • namespecific_rclink (Boolean)

    Enable namespecific rclink’s (BSD-style)

  • default_easyrsa_ver (Pattern[/^[23]\.0$/])

    Expected version of easyrsa.

  • easyrsa_source (Stdlib::Unixpath)

    Location of easyrsa.

  • additional_packages (Variant[String[1], Array[String[1]]])

    Additional packages

  • ldap_auth_plugin_location (Optional[Stdlib::Absolutepath])

    Path to the ldap auth pam module

  • client_defaults (Hash) (defaults to: {})

    Hash of defaults for clients passed to openvpn::client defined type.

  • clients (Hash) (defaults to: {})

    Hash of clients passed to openvpn::client defined type.

  • client_specific_config_defaults (Hash) (defaults to: {})

    Hash of defaults for client specific configurations passed to openvpn::client_specific_config defined type.

  • client_specific_configs (Hash) (defaults to: {})

    Hash of client specific configurations passed to openvpn::client_specific_config defined type.

  • revoke_defaults (Hash) (defaults to: {})

    Hash of defaults for revokes passed to openvpn::revoke defined type.

  • revokes (Hash) (defaults to: {})

    Hash of revokes passed to openvpn::revoke defined type.

  • server_defaults (Hash) (defaults to: {})

    Hash of defaults for servers passed to openvpn::server defined type.

  • servers (Hash) (defaults to: {})

    Hash of servers passed to openvpn::server defined type.

  • server_directory (Optional[Stdlib::Absolutepath])

    Path of the server configuration. This is usually ‘/etc_directory/openvpn`, but RHEL/CentOS 8 uses `/etc_directory/openvpn/server`

  • server_service_name (String[1])

    Name of the openvpn server service. This is usually ‘openvpn`, but RHEL/CentOS 8 uses `openvpn-server`.



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'manifests/init.pp', line 31

class openvpn (
  Boolean                              $autostart_all,
  Boolean                              $manage_service,
  Stdlib::Absolutepath                 $etc_directory,
  String[1]                            $group,
  Boolean                              $link_openssl_cnf,
  Optional[Stdlib::Absolutepath]       $pam_module_path,
  Boolean                              $namespecific_rclink,
  Pattern[/^[23]\.0$/]                 $default_easyrsa_ver,
  Stdlib::Unixpath                     $easyrsa_source,
  Variant[String[1], Array[String[1]]] $additional_packages,
  Optional[Stdlib::Absolutepath]       $ldap_auth_plugin_location,
  String[1]                            $server_service_name,
  Optional[Stdlib::Absolutepath]       $server_directory,

  Hash                                 $client_defaults                 = {},
  Hash                                 $clients                         = {},
  Hash                                 $client_specific_config_defaults = {},
  Hash                                 $client_specific_configs         = {},
  Hash                                 $revoke_defaults                 = {},
  Hash                                 $revokes                         = {},
  Hash                                 $server_defaults                 = {},
  Hash                                 $servers                         = {},
) {
  $easyrsa_version = $facts['easyrsa'] ? {
    undef   => $default_easyrsa_ver,
    default => $facts['easyrsa'],
  }

  include openvpn::install
  include openvpn::config

  Class['openvpn::install']
  -> Class['openvpn::config']
  -> Class['openvpn']

  if $facts['service_provider'] != 'systemd' {
    class { 'openvpn::service':
      subscribe => [Class['openvpn::config'], Class['openvpn::install']],
    }

    if empty($servers) {
      Class['openvpn::service'] -> Class['openvpn']
    }
  }

  $clients.each |$name, $params| {
    openvpn::client {
      default:
        * => $client_defaults;
      $name:
        * => $params;
    }
  }

  $client_specific_configs.each |$name, $params| {
    openvpn::client_specific_config {
      default:
        * => $client_specific_config_defaults;
      $name:
        * => $params;
    }
  }

  $revokes.each |$name, $params| {
    openvpn::revoke {
      default:
        * => $revoke_defaults;
      $name:
        * => $params;
    }
  }

  $servers.each |$name, $params| {
    openvpn::server {
      default:
        * => $server_defaults;
      $name:
        * => $params;
    }
  }
}