Added openvpn management policy

3 files changed, 70 insertions, 0 deletions

diff --git a/services/applications.cf b/services/applications.cf
index a9910b9..84b1938 100644
--- a/services/applications.cf
+++ b/services/applications.cf
@@ -7,6 +7,7 @@ body file control
         "services/applications/nagios.cf",
         "services/applications/nginx.cf",
         "services/applications/nrpe.cf",
+        "services/applications/openvpn.cf",
         "services/applications/php56.cf",
         "services/applications/sshd.cf",
     };
diff --git a/services/applications/openvpn.cf b/services/applications/openvpn.cf
new file mode 100644
index 0000000..597318f
--- /dev/null
+++ b/services/applications/openvpn.cf
@@ -0,0 +1,57 @@
+bundle agent openvpn
+{
+    vars:
+        any::
+            "tunnels" slist => getindices("g.host_data[tunnels]");
+    classes:
+        any::
+            "$(tunnels)_needs_restart" or => { "openvpn_common_key_repaired", "linux.openvpn_$(tunnels)_conf_repaired" };
+    files:
+        any::
+            "/etc/openvpn/common.key"
+                create => "true",
+                edit_defaults => empty,
+                perms => system_owned("440"),
+                edit_template => "$(sys.inputdir)/templates/openvpn/common.key.cftpl",
+                classes => if_repaired("openvpn_common_key_repaired");
+    methods:
+        any::
+            "any" usebundle => install_package("$(this.bundle)", "openvpn");
+            "any" usebundle => openvpn_tunnel("$(tunnels)");
+    services:
+        linux::
+            "openvpn@$(tunnels)"
+                service_policy => "start",
+                classes => if_repaired("tunnel_$(tunnels)_service_repaired");
+    commands:
+        any::
+            "/usr/sbin/service openvpn@$(tunnels) restart" classes => if_repaired("tunnel_$(tunnels)_service_repaired"), ifvarclass => "$(tunnels)_needs_restart";
+    reports:
+        any::
+            "$(this.bundle): common.key repaired" ifvarclass => "openvpn_common_key_repaired";
+            "$(this.bundle): $(tunnels) service repaired" ifvarclass => "tunnel_$(tunnels)_service_repaired";
+}
+
+bundle agent openvpn_tunnel(tunnel)
+{
+    classes:
+        any::
+            "$(tunnel)_needs_restart" or => { "openvpn_common_key_repaired", "linux.openvpn_$(tunnel)_conf_repaired" };
+            "has_remote" and => { isvariable("g.host_data[tunnels][$(tunnel)][remote_host]"), isvariable("g.host_data[tunnels][$(tunnel)][remote_port]") };
+    files:
+        any::
+            "/etc/openvpn/$(tunnel).conf"
+                create => "true",
+                edit_defaults => empty,
+                perms => system_owned("440"),
+                edit_template => "$(sys.inputdir)/templates/openvpn/tunnel.conf.cftpl",
+                template_method => "cfengine",
+                classes => if_repaired("openvpn_$(tunnel)_conf_repaired");
+    commands:
+        any::
+            "/usr/sbin/service openvpn@$(tunnel) restart" classes => if_repaired("tunnel_$(tunnel)_service_repaired"), ifvarclass => "$(tunnel)_needs_restart";
+    reports:
+        any::
+            "$(this.bundle): $(tunnel).conf repaired" ifvarclass => "openvpn_$(tunnel)_conf_repaired";
+            "$(this.bundle): $(tunnel) service repaired" ifvarclass => "tunnel_$(tunnel)_service_repaired";
+}
diff --git a/services/main.cf b/services/main.cf
index 786524e..51a1fcb 100644
--- a/services/main.cf
+++ b/services/main.cf
@@ -45,9 +45,21 @@ bundle common classify
             };
 }
 
+bundle common g
+{
+    vars:
+        has_host_data::
+            "host_data" data => readyaml("$(sys.inputdir)/cmdb/hosts/$(sys.host).yaml", 100k);
+    classes:
+        any::
+            "has_host_data" expression => fileexists("$(sys.inputdir)/cmdb/hosts/$(sys.host).yaml");
+}
+
 bundle agent main
 {
     methods:
+        andromeda|collab_jde::
+            "andromeda" usebundle => openvpn;
         nagios::
             "nagios"  usebundle => nagios;
 }