From f6e0c851b219885e1e829514f214510a31e19a52 Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Thu, 15 Mar 2018 12:57:15 +0100 Subject: Added openvpn management policy --- services/applications.cf | 1 + services/applications/openvpn.cf | 57 ++++++++++++++++++++++++++++++++++++++++ services/main.cf | 12 +++++++++ 3 files changed, 70 insertions(+) create mode 100644 services/applications/openvpn.cf (limited to 'services') diff --git a/services/applications.cf b/services/applications.cf index a9910b9..84b1938 100644 --- a/services/applications.cf +++ b/services/applications.cf @@ -7,6 +7,7 @@ body file control "services/applications/nagios.cf", "services/applications/nginx.cf", "services/applications/nrpe.cf", + "services/applications/openvpn.cf", "services/applications/php56.cf", "services/applications/sshd.cf", }; diff --git a/services/applications/openvpn.cf b/services/applications/openvpn.cf new file mode 100644 index 0000000..597318f --- /dev/null +++ b/services/applications/openvpn.cf @@ -0,0 +1,57 @@ +bundle agent openvpn +{ + vars: + any:: + "tunnels" slist => getindices("g.host_data[tunnels]"); + classes: + any:: + "$(tunnels)_needs_restart" or => { "openvpn_common_key_repaired", "linux.openvpn_$(tunnels)_conf_repaired" }; + files: + any:: + "/etc/openvpn/common.key" + create => "true", + edit_defaults => empty, + perms => system_owned("440"), + edit_template => "$(sys.inputdir)/templates/openvpn/common.key.cftpl", + classes => if_repaired("openvpn_common_key_repaired"); + methods: + any:: + "any" usebundle => install_package("$(this.bundle)", "openvpn"); + "any" usebundle => openvpn_tunnel("$(tunnels)"); + services: + linux:: + "openvpn@$(tunnels)" + service_policy => "start", + classes => if_repaired("tunnel_$(tunnels)_service_repaired"); + commands: + any:: + "/usr/sbin/service openvpn@$(tunnels) restart" classes => if_repaired("tunnel_$(tunnels)_service_repaired"), ifvarclass => "$(tunnels)_needs_restart"; + reports: + any:: + "$(this.bundle): common.key repaired" ifvarclass => "openvpn_common_key_repaired"; + "$(this.bundle): $(tunnels) service repaired" ifvarclass => "tunnel_$(tunnels)_service_repaired"; +} + +bundle agent openvpn_tunnel(tunnel) +{ + classes: + any:: + "$(tunnel)_needs_restart" or => { "openvpn_common_key_repaired", "linux.openvpn_$(tunnel)_conf_repaired" }; + "has_remote" and => { isvariable("g.host_data[tunnels][$(tunnel)][remote_host]"), isvariable("g.host_data[tunnels][$(tunnel)][remote_port]") }; + files: + any:: + "/etc/openvpn/$(tunnel).conf" + create => "true", + edit_defaults => empty, + perms => system_owned("440"), + edit_template => "$(sys.inputdir)/templates/openvpn/tunnel.conf.cftpl", + template_method => "cfengine", + classes => if_repaired("openvpn_$(tunnel)_conf_repaired"); + commands: + any:: + "/usr/sbin/service openvpn@$(tunnel) restart" classes => if_repaired("tunnel_$(tunnel)_service_repaired"), ifvarclass => "$(tunnel)_needs_restart"; + reports: + any:: + "$(this.bundle): $(tunnel).conf repaired" ifvarclass => "openvpn_$(tunnel)_conf_repaired"; + "$(this.bundle): $(tunnel) service repaired" ifvarclass => "tunnel_$(tunnel)_service_repaired"; +} diff --git a/services/main.cf b/services/main.cf index 786524e..51a1fcb 100644 --- a/services/main.cf +++ b/services/main.cf @@ -45,9 +45,21 @@ bundle common classify }; } +bundle common g +{ + vars: + has_host_data:: + "host_data" data => readyaml("$(sys.inputdir)/cmdb/hosts/$(sys.host).yaml", 100k); + classes: + any:: + "has_host_data" expression => fileexists("$(sys.inputdir)/cmdb/hosts/$(sys.host).yaml"); +} + bundle agent main { methods: + andromeda|collab_jde:: + "andromeda" usebundle => openvpn; nagios:: "nagios" usebundle => nagios; } -- cgit v1.2.3