- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with openvpn
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
This module installs, configures and manages the OpenVPN service.
This module handles installing, configuring and running OpenVPN across a range of operating systems and distributions.
- openvpn package.
- openvpn configuration file.
- openvpn service.
- Puppet >= 3.0
- Facter >= 1.6
- Extlib module
- Stdlib module
Install openvpn with the default parameters (No configuration files will be changed).
class { 'openvpn': }Install openvpn with the recommended parameters.
class { 'openvpn':
config_file_template => 'openvpn/common/etc/openvpn/openvpn.conf.erb',
config_file_hash => {
'openvpn' => {
config_file_path => '/etc/default/openvpn',
config_file_template => 'openvpn/common/etc/default/openvpn.erb',
},
},
key_country => 'DE',
key_province => 'NRW',
key_city => 'Muenster',
server_subnet => '192.168.57.0 255.255.255.0',
}Update the openvpn package.
class { 'openvpn':
package_ensure => 'latest',
}Remove the openvpn package.
class { 'openvpn':
package_ensure => 'absent',
}Purge the openvpn package (All configuration files will be removed).
class { 'openvpn':
package_ensure => 'purged',
}Deploy the configuration files from source directory.
class { 'openvpn':
config_dir_source => 'puppet:///modules/openvpn/common/etc/openvpn',
}Deploy the configuration files from source directory (Unmanaged configuration files will be removed).
class { 'openvpn':
config_dir_purge => true,
config_dir_source => 'puppet:///modules/openvpn/common/etc/openvpn',
}Deploy the configuration file from source.
class { 'openvpn':
config_file_source => 'puppet:///modules/openvpn/common/etc/openvpn/openvpn.conf',
}Deploy the configuration file from string.
class { 'openvpn':
config_file_string => '# THIS FILE IS MANAGED BY PUPPET',
}Deploy the configuration file from template.
class { 'openvpn':
config_file_template => 'openvpn/common/etc/openvpn/openvpn.conf.erb',
}Deploy the configuration file from custom template (Additional parameters can be defined).
class { 'openvpn':
config_file_template => 'openvpn/common/etc/openvpn/openvpn.conf.erb',
config_file_options_hash => {
'key' => 'value',
},
}Deploy additional configuration files from source, string or template.
class { 'openvpn':
config_file_hash => {
'openvpn.2nd.conf' => {
config_file_path => '/etc/openvpn/openvpn.2nd.conf',
config_file_source => 'puppet:///modules/openvpn/common/etc/openvpn/openvpn.2nd.conf',
},
'openvpn.3rd.conf' => {
config_file_path => '/etc/openvpn/openvpn.3rd.conf',
config_file_string => '# THIS FILE IS MANAGED BY PUPPET',
},
'openvpn.4th.conf' => {
config_file_path => '/etc/openvpn/openvpn.4th.conf',
config_file_template => 'openvpn/common/etc/openvpn/openvpn.4th.conf.erb',
},
},
}Disable the openvpn service.
class { 'openvpn':
service_ensure => 'stopped',
}- openvpn: Main class, includes all other classes.
- openvpn::install: Handles the packages.
- openvpn::config: Handles the configuration file.
- openvpn::service: Handles the service.
Determines if the package should be installed. Valid values are 'present', 'latest', 'absent' and 'purged'. Defaults to 'present'.
Determines the name of package to manage. Defaults to 'openvpn'.
Determines if additional packages should be managed. Defaults to 'undef'.
Determines if the configuration directory should be present. Valid values are 'absent' and 'directory'. Defaults to 'directory'.
Determines if the configuration directory should be managed. Defaults to '/etc/openvpn'
Determines if unmanaged configuration files should be removed. Valid values are 'true' and 'false'. Defaults to 'false'.
Determines if the configuration directory should be recursively managed. Valid values are 'true' and 'false'. Defaults to 'true'.
Determines the source of a configuration directory. Defaults to 'undef'.
Determines if the configuration file should be present. Valid values are 'absent' and 'present'. Defaults to 'present'.
Determines if the configuration file should be managed. Defaults to '/etc/openvpn/openvpn.conf'
Determines which user should own the configuration file. Defaults to 'root'.
Determines which group should own the configuration file. Defaults to 'root'.
Determines the desired permissions mode of the configuration file. Defaults to '0644'.
Determines the source of a configuration file. Defaults to 'undef'.
Determines the content of a configuration file. Defaults to 'undef'.
Determines the content of a configuration file. Defaults to 'undef'.
Determines if the service should be restarted after configuration changes. Defaults to 'Service[openvpn]'.
Determines which package a configuration file depends on. Defaults to 'Package[openvpn]'.
Determines which configuration files should be managed via openvpn::define.
Defaults to '{}'.
Determines which parameters should be passed to an ERB template. Defaults to '{}'.
Determines if the service should be running or not. Valid values are 'running' and 'stopped'. Defaults to 'running'.
Determines the name of service to manage. Defaults to 'openvpn'.
Determines if the service should be enabled at boot. Valid values are 'true' and 'false'. Defaults to 'true'.
Determines the number of days to certify the CA certificate for. Defaults to '3650'.
Determines the number of days to certify the server certificate for. Defaults to '3650'.
Determines the length of SSL keys (in bits) generated by this module. Defaults to '1024'.
Determines the country to be used for the SSL certificate, mandatory for server mode. Defaults to 'undef'.
Determines the province to be used for the SSL certificate, mandatory for server mode. Defaults to 'undef'.
Determines the city to be used for the SSL certificate, mandatory for server mode. Defaults to 'undef'.
Determines the organization to be used for the SSL certificate, mandatory for server mode. Defaults to "$::domain".
Determines the email to be used for the SSL certificate, mandatory for server mode. Defaults to "admin@${::domain}".
Determines the value for commonName_default variable in openssl.cnf and KEY_CN in vars. Defaults to ''.
Determines the value for name_default variable in openssl.cnf and KEY_NAME in vars. Defaults to ''.
Determines the value for organizationalUnitName_default variable in openssl.cnf and KEY_OU in vars. Defaults to ''.
Determines the port the openvpn server service is running on. Defaults to '1194'.
Determines which IP protocol should be used. Defaults to 'udp'.
Determines which virtual network device should be used. Defaults to 'tun'.
Determines the network to assign client addresses out of. Defaults to 'undef'.
Determines options to push out to the client. For example routes, DNS servers, DNS search domains and many more. Defaults to 'undef'.
Determines if compression should be enabled. Defaults to 'true'.
Determines if privileges should be dropped to user 'nobody' after startup. Defaults to 'true'.
Determines if privileges should be dropped to group 'nogroup' after startup. Defaults to 'true'.
Determines the log mute level. Defaults to 'undef'.
Determines if duplicate packet warnings should be silenced. Valid values are 'true' and 'false'. Defaults to 'false'.
This module has been tested on:
- Debian 6/7/8
- Ubuntu 12.04/14.04
If you find a bug, have trouble following the documentation or have a question about this module - please create an issue.
If you are able to patch the bug or add the feature yourself - please make a pull request.
The list of contributors can be found at: https://github.com/dhoppe/puppet-openvpn/graphs/contributors