bundle agent openvpn { vars: any:: "tunnels" slist => getindices("g.host_data[tunnels]"); classes: any:: "$(tunnels)_needs_restart" or => { "openvpn_common_key_repaired", "linux.openvpn_$(tunnels)_conf_repaired" }; files: any:: "/etc/openvpn/common.key" create => "true", edit_defaults => empty, perms => system_owned("440"), edit_template => "$(sys.inputdir)/templates/openvpn/common.key.cftpl", classes => if_repaired("openvpn_common_key_repaired"); methods: any:: "any" usebundle => install_package("$(this.bundle)", "openvpn"); "any" usebundle => openvpn_tunnel("$(tunnels)"); services: linux:: "openvpn@$(tunnels)" service_policy => "start", classes => if_repaired("tunnel_$(tunnels)_service_repaired"); commands: any:: "/usr/sbin/service openvpn@$(tunnels) restart" classes => if_repaired("tunnel_$(tunnels)_service_repaired"), ifvarclass => "$(tunnels)_needs_restart"; reports: any:: "$(this.bundle): common.key repaired" ifvarclass => "openvpn_common_key_repaired"; "$(this.bundle): $(tunnels) service repaired" ifvarclass => "tunnel_$(tunnels)_service_repaired"; } bundle agent openvpn_tunnel(tunnel) { classes: any:: "$(tunnel)_needs_restart" or => { "openvpn_common_key_repaired", "linux.openvpn_$(tunnel)_conf_repaired" }; "has_remote" and => { isvariable("g.host_data[tunnels][$(tunnel)][remote_host]"), isvariable("g.host_data[tunnels][$(tunnel)][remote_port]") }; files: any:: "/etc/openvpn/$(tunnel).conf" create => "true", edit_defaults => empty, perms => system_owned("440"), edit_template => "$(sys.inputdir)/templates/openvpn/tunnel.conf.cftpl", template_method => "cfengine", classes => if_repaired("openvpn_$(tunnel)_conf_repaired"); commands: any:: "/usr/sbin/service openvpn@$(tunnel) restart" classes => if_repaired("tunnel_$(tunnel)_service_repaired"), ifvarclass => "$(tunnel)_needs_restart"; reports: any:: "$(this.bundle): $(tunnel).conf repaired" ifvarclass => "openvpn_$(tunnel)_conf_repaired"; "$(this.bundle): $(tunnel) service repaired" ifvarclass => "tunnel_$(tunnel)_service_repaired"; }