From f6e0c851b219885e1e829514f214510a31e19a52 Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Thu, 15 Mar 2018 12:57:15 +0100 Subject: Added openvpn management policy --- services/applications/openvpn.cf | 57 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 services/applications/openvpn.cf (limited to 'services/applications') diff --git a/services/applications/openvpn.cf b/services/applications/openvpn.cf new file mode 100644 index 0000000..597318f --- /dev/null +++ b/services/applications/openvpn.cf @@ -0,0 +1,57 @@ +bundle agent openvpn +{ + vars: + any:: + "tunnels" slist => getindices("g.host_data[tunnels]"); + classes: + any:: + "$(tunnels)_needs_restart" or => { "openvpn_common_key_repaired", "linux.openvpn_$(tunnels)_conf_repaired" }; + files: + any:: + "/etc/openvpn/common.key" + create => "true", + edit_defaults => empty, + perms => system_owned("440"), + edit_template => "$(sys.inputdir)/templates/openvpn/common.key.cftpl", + classes => if_repaired("openvpn_common_key_repaired"); + methods: + any:: + "any" usebundle => install_package("$(this.bundle)", "openvpn"); + "any" usebundle => openvpn_tunnel("$(tunnels)"); + services: + linux:: + "openvpn@$(tunnels)" + service_policy => "start", + classes => if_repaired("tunnel_$(tunnels)_service_repaired"); + commands: + any:: + "/usr/sbin/service openvpn@$(tunnels) restart" classes => if_repaired("tunnel_$(tunnels)_service_repaired"), ifvarclass => "$(tunnels)_needs_restart"; + reports: + any:: + "$(this.bundle): common.key repaired" ifvarclass => "openvpn_common_key_repaired"; + "$(this.bundle): $(tunnels) service repaired" ifvarclass => "tunnel_$(tunnels)_service_repaired"; +} + +bundle agent openvpn_tunnel(tunnel) +{ + classes: + any:: + "$(tunnel)_needs_restart" or => { "openvpn_common_key_repaired", "linux.openvpn_$(tunnel)_conf_repaired" }; + "has_remote" and => { isvariable("g.host_data[tunnels][$(tunnel)][remote_host]"), isvariable("g.host_data[tunnels][$(tunnel)][remote_port]") }; + files: + any:: + "/etc/openvpn/$(tunnel).conf" + create => "true", + edit_defaults => empty, + perms => system_owned("440"), + edit_template => "$(sys.inputdir)/templates/openvpn/tunnel.conf.cftpl", + template_method => "cfengine", + classes => if_repaired("openvpn_$(tunnel)_conf_repaired"); + commands: + any:: + "/usr/sbin/service openvpn@$(tunnel) restart" classes => if_repaired("tunnel_$(tunnel)_service_repaired"), ifvarclass => "$(tunnel)_needs_restart"; + reports: + any:: + "$(this.bundle): $(tunnel).conf repaired" ifvarclass => "openvpn_$(tunnel)_conf_repaired"; + "$(this.bundle): $(tunnel) service repaired" ifvarclass => "tunnel_$(tunnel)_service_repaired"; +} -- cgit v1.2.3