Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

OpenVPN NextGen module

  • Loading branch information...
commit 768b25e6470d49beeb547a0f28c56e18fb11ca52 0 parents
@alvagante alvagante authored
11 Modulefile
@@ -0,0 +1,11 @@
+name 'lab42-openvpn'
+version '2.0.7'
+author 'Alessandro Franceschi'
+license 'Apache2'
+project_page 'http://www.example42.com'
+source 'https://github.com/example42/puppet-openvpn'
+summary 'Puppet module for openvpn'
+description 'This module installs and manages openvpn. Check README.rdoc for details. Puppi is required for some common functions: you can install them without using the whole module. Monitor and firewall dependencies are needed only if the relevant features are enabled'
+dependency 'lab42/puppi', '>= 2.0.0'
+dependency 'lab42/monitor', '>= 2.0.0'
+dependency 'lab42/firewall', '>= 2.0.0'
105 README.rdoc
@@ -0,0 +1,105 @@
+= Puppet module: openvpn
+
+This is a Puppet module for openvpn based on the second generation layout ("NextGen") of Example42 Puppet Modules.
+
+Made by Alessandro Franceschi / Lab42
+
+Official site: http://www.example42.com
+
+Official git repository: http://github.com/example42/puppet-openvpn
+
+Released under the terms of Apache 2 License.
+
+This module requires functions provided by the Example42 Puppi module (you need it even if you don't use and install Puppi)
+
+For detailed info about the logic and usage patterns of Example42 modules check the DOCS directory on Example42 main modules set.
+
+== USAGE - Basic management
+
+* Install openvpn with default settings
+
+ class { 'openvpn': }
+
+* Install a specific version of openvpn package
+
+ class { 'openvpn':
+ version => '1.0.1',
+ }
+
+* Disable openvpn service.
+
+ class { 'openvpn':
+ disable => true
+ }
+
+* Remove openvpn package
+
+ class { 'openvpn':
+ absent => true
+ }
+
+* Enable auditing without without making changes on existing openvpn configuration files
+
+ class { 'openvpn':
+ audit_only => true
+ }
+
+
+== USAGE - Overrides and Customizations
+* Use custom sources for main config file
+
+ class { 'openvpn':
+ source => [ "puppet:///modules/lab42/openvpn/openvpn.conf-${hostname}" , "puppet:///modules/lab42/openvpn/openvpn.conf" ],
+ }
+
+
+* Use custom source directory for the whole configuration dir
+
+ class { 'openvpn':
+ source_dir => 'puppet:///modules/lab42/openvpn/conf/',
+ source_dir_purge => false, # Set to true to purge any existing file not present in $source_dir
+ }
+
+* Use custom template for main config file. Note that template and source arguments are alternative.
+
+ class { 'openvpn':
+ template => 'example42/openvpn/openvpn.conf.erb',
+ }
+
+* Automatically include a custom subclass
+
+ class { 'openvpn':
+ my_class => 'openvpn::example42',
+ }
+
+
+== USAGE - Example42 extensions management
+* Activate puppi (recommended, but disabled by default)
+
+ class { 'openvpn':
+ puppi => true,
+ }
+
+* Activate puppi and use a custom puppi_helper template (to be provided separately with a puppi::helper define ) to customize the output of puppi commands
+
+ class { 'openvpn':
+ puppi => true,
+ puppi_helper => 'myhelper',
+ }
+
+* Activate automatic monitoring (recommended, but disabled by default). This option requires the usage of Example42 monitor and relevant monitor tools modules
+
+ class { 'openvpn':
+ monitor => true,
+ monitor_tool => [ 'nagios' , 'monit' , 'munin' ],
+ }
+
+* Activate automatic firewalling. This option requires the usage of Example42 firewall and relevant firewall tools modules
+
+ class { 'openvpn':
+ firewall => true,
+ firewall_tool => 'iptables',
+ firewall_src => '10.42.0.0/24',
+ firewall_dst => $ipaddress_eth0,
+ }
+
9 Rakefile
@@ -0,0 +1,9 @@
+require 'rake'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:test) do |t|
+ t.rspec_opts = ["--format", "doc", "--color"]
+ t.pattern = 'spec/*/*_spec.rb'
+end
+
+task :default => :test
441 manifests/init.pp
@@ -0,0 +1,441 @@
+# = Class: openvpn
+#
+# This is the main openvpn class
+#
+#
+# == Parameters
+#
+# Standard class parameters
+# Define the general class behaviour and customizations
+#
+# [*my_class*]
+# Name of a custom class to autoload to manage module's customizations
+# If defined, openvpn class will automatically "include $my_class"
+# Can be defined also by the (top scope) variable $openvpn_myclass
+#
+# [*source*]
+# Sets the content of source parameter for main configuration file
+# If defined, openvpn main config file will have the param: source => $source
+# Can be defined also by the (top scope) variable $openvpn_source
+#
+# [*source_dir*]
+# If defined, the whole openvpn configuration directory content is retrieved
+# recursively from the specified source
+# (source => $source_dir , recurse => true)
+# Can be defined also by the (top scope) variable $openvpn_source_dir
+#
+# [*source_dir_purge*]
+# If set to true (default false) the existing configuration directory is
+# mirrored with the content retrieved from source_dir
+# (source => $source_dir , recurse => true , purge => true)
+# Can be defined also by the (top scope) variable $openvpn_source_dir_purge
+#
+# [*template*]
+# Sets the path to the template to use as content for main configuration file
+# If defined, openvpn main config file has: content => content("$template")
+# Note source and template parameters are mutually exclusive: don't use both
+# Can be defined also by the (top scope) variable $openvpn_template
+#
+# [*options*]
+# An hash of custom options to be used in templates for arbitrary settings.
+# Can be defined also by the (top scope) variable $openvpn_options
+#
+# [*service_autorestart*]
+# Automatically restarts the openvpn service when there is a change in
+# configuration files. Default: true, Set to false if you don't want to
+# automatically restart the service.
+#
+# [*version*]
+# The package version, used in the ensure parameter of package type.
+# Default: present. Can be 'latest' or a specific version number.
+# Note that if the argument absent (see below) is set to true, the
+# package is removed, whatever the value of version parameter.
+#
+# [*absent*]
+# Set to 'true' to remove package(s) installed by module
+# Can be defined also by the (top scope) variable $openvpn_absent
+#
+# [*disable*]
+# Set to 'true' to disable service(s) managed by module
+# Can be defined also by the (top scope) variable $openvpn_disable
+#
+# [*disableboot*]
+# Set to 'true' to disable service(s) at boot, without checks if it's running
+# Use this when the service is managed by a tool like a cluster software
+# Can be defined also by the (top scope) variable $openvpn_disableboot
+#
+# [*monitor*]
+# Set to 'true' to enable monitoring of the services provided by the module
+# Can be defined also by the (top scope) variables $openvpn_monitor
+# and $monitor
+#
+# [*monitor_tool*]
+# Define which monitor tools (ad defined in Example42 monitor module)
+# you want to use for openvpn checks
+# Can be defined also by the (top scope) variables $openvpn_monitor_tool
+# and $monitor_tool
+#
+# [*monitor_target*]
+# The Ip address or hostname to use as a target for monitoring tools.
+# Default is the fact $ipaddress
+# Can be defined also by the (top scope) variables $openvpn_monitor_target
+# and $monitor_target
+#
+# [*puppi*]
+# Set to 'true' to enable creation of module data files that are used by puppi
+# Can be defined also by the (top scope) variables $openvpn_puppi and $puppi
+#
+# [*puppi_helper*]
+# Specify the helper to use for puppi commands. The default for this module
+# is specified in params.pp and is generally a good choice.
+# You can customize the output of puppi commands for this module using another
+# puppi helper. Use the define puppi::helper to create a new custom helper
+# Can be defined also by the (top scope) variables $openvpn_puppi_helper
+# and $puppi_helper
+#
+# [*firewall*]
+# Set to 'true' to enable firewalling of the services provided by the module
+# Can be defined also by the (top scope) variables $openvpn_firewall
+# and $firewall
+#
+# [*firewall_tool*]
+# Define which firewall tool(s) (ad defined in Example42 firewall module)
+# you want to use to open firewall for openvpn port(s)
+# Can be defined also by the (top scope) variables $openvpn_firewall_tool
+# and $firewall_tool
+#
+# [*firewall_src*]
+# Define which source ip/net allow for firewalling openvpn. Default: 0.0.0.0/0
+# Can be defined also by the (top scope) variables $openvpn_firewall_src
+# and $firewall_src
+#
+# [*firewall_dst*]
+# Define which destination ip to use for firewalling. Default: $ipaddress
+# Can be defined also by the (top scope) variables $openvpn_firewall_dst
+# and $firewall_dst
+#
+# [*debug*]
+# Set to 'true' to enable modules debugging
+# Can be defined also by the (top scope) variables $openvpn_debug and $debug
+#
+# [*audit_only*]
+# Set to 'true' if you don't intend to override existing configuration files
+# and want to audit the difference between existing files and the ones
+# managed by Puppet.
+# Can be defined also by the (top scope) variables $openvpn_audit_only
+# and $audit_only
+#
+# Default class params - As defined in openvpn::params.
+# Note that these variables are mostly defined and used in the module itself,
+# overriding the default values might not affected all the involved components.
+# Set and override them only if you know what you're doing.
+# Note also that you can't override/set them via top scope variables.
+#
+# [*package*]
+# The name of openvpn package
+#
+# [*service*]
+# The name of openvpn service
+#
+# [*service_status*]
+# If the openvpn service init script supports status argument
+#
+# [*process*]
+# The name of openvpn process
+#
+# [*process_args*]
+# The name of openvpn arguments. Used by puppi and monitor.
+# Used only in case the openvpn process name is generic (java, ruby...)
+#
+# [*process_user*]
+# The name of the user openvpn runs with. Used by puppi and monitor.
+#
+# [*config_dir*]
+# Main configuration directory. Used by puppi
+#
+# [*config_file*]
+# Main configuration file path
+#
+# [*config_file_mode*]
+# Main configuration file path mode
+#
+# [*config_file_owner*]
+# Main configuration file path owner
+#
+# [*config_file_group*]
+# Main configuration file path group
+#
+# [*config_file_init*]
+# Path of configuration file sourced by init script
+#
+# [*pid_file*]
+# Path of pid file. Used by monitor
+#
+# [*data_dir*]
+# Path of application data directory. Used by puppi
+#
+# [*log_dir*]
+# Base logs directory. Used by puppi
+#
+# [*log_file*]
+# Log file(s). Used by puppi
+#
+# [*port*]
+# The listening port, if any, of the service.
+# This is used by monitor, firewall and puppi (optional) components
+# Note: This doesn't necessarily affect the service configuration file
+# Can be defined also by the (top scope) variable $openvpn_port
+#
+# [*protocol*]
+# The protocol used by the the service.
+# This is used by monitor, firewall and puppi (optional) components
+# Can be defined also by the (top scope) variable $openvpn_protocol
+#
+#
+# == Examples
+#
+# You can use this class in 2 ways:
+# - Set variables (at top scope level on in a ENC) and "include openvpn"
+# - Call openvpn as a parametrized class
+#
+# See README for details.
+#
+#
+# == Author
+# Alessandro Franceschi <al@lab42.it/>
+#
+class openvpn (
+ $my_class = params_lookup( 'my_class' ),
+ $source = params_lookup( 'source' ),
+ $source_dir = params_lookup( 'source_dir' ),
+ $source_dir_purge = params_lookup( 'source_dir_purge' ),
+ $template = params_lookup( 'template' ),
+ $service_autorestart = params_lookup( 'service_autorestart' , 'global' ),
+ $options = params_lookup( 'options' ),
+ $version = params_lookup( 'version' ),
+ $absent = params_lookup( 'absent' ),
+ $disable = params_lookup( 'disable' ),
+ $disableboot = params_lookup( 'disableboot' ),
+ $monitor = params_lookup( 'monitor' , 'global' ),
+ $monitor_tool = params_lookup( 'monitor_tool' , 'global' ),
+ $monitor_target = params_lookup( 'monitor_target' , 'global' ),
+ $puppi = params_lookup( 'puppi' , 'global' ),
+ $puppi_helper = params_lookup( 'puppi_helper' , 'global' ),
+ $firewall = params_lookup( 'firewall' , 'global' ),
+ $firewall_tool = params_lookup( 'firewall_tool' , 'global' ),
+ $firewall_src = params_lookup( 'firewall_src' , 'global' ),
+ $firewall_dst = params_lookup( 'firewall_dst' , 'global' ),
+ $debug = params_lookup( 'debug' , 'global' ),
+ $audit_only = params_lookup( 'audit_only' , 'global' ),
+ $package = params_lookup( 'package' ),
+ $service = params_lookup( 'service' ),
+ $service_status = params_lookup( 'service_status' ),
+ $process = params_lookup( 'process' ),
+ $process_args = params_lookup( 'process_args' ),
+ $process_user = params_lookup( 'process_user' ),
+ $config_dir = params_lookup( 'config_dir' ),
+ $config_file = params_lookup( 'config_file' ),
+ $config_file_mode = params_lookup( 'config_file_mode' ),
+ $config_file_owner = params_lookup( 'config_file_owner' ),
+ $config_file_group = params_lookup( 'config_file_group' ),
+ $config_file_init = params_lookup( 'config_file_init' ),
+ $pid_file = params_lookup( 'pid_file' ),
+ $data_dir = params_lookup( 'data_dir' ),
+ $log_dir = params_lookup( 'log_dir' ),
+ $log_file = params_lookup( 'log_file' ),
+ $port = params_lookup( 'port' ),
+ $protocol = params_lookup( 'protocol' )
+ ) inherits openvpn::params {
+
+ $bool_source_dir_purge=any2bool($source_dir_purge)
+ $bool_service_autorestart=any2bool($service_autorestart)
+ $bool_absent=any2bool($absent)
+ $bool_disable=any2bool($disable)
+ $bool_disableboot=any2bool($disableboot)
+ $bool_monitor=any2bool($monitor)
+ $bool_puppi=any2bool($puppi)
+ $bool_firewall=any2bool($firewall)
+ $bool_debug=any2bool($debug)
+ $bool_audit_only=any2bool($audit_only)
+
+ ### Definition of some variables used in the module
+ $manage_package = $openvpn::bool_absent ? {
+ true => 'absent',
+ false => $openvpn::version,
+ }
+
+ $manage_service_enable = $openvpn::bool_disableboot ? {
+ true => false,
+ default => $openvpn::bool_disable ? {
+ true => false,
+ default => $openvpn::bool_absent ? {
+ true => false,
+ false => true,
+ },
+ },
+ }
+
+ $manage_service_ensure = $openvpn::bool_disable ? {
+ true => 'stopped',
+ default => $openvpn::bool_absent ? {
+ true => 'stopped',
+ default => 'running',
+ },
+ }
+
+ $manage_service_autorestart = $openvpn::bool_service_autorestart ? {
+ true => Service[openvpn],
+ false => undef,
+ }
+
+ $manage_file = $openvpn::bool_absent ? {
+ true => 'absent',
+ default => 'present',
+ }
+
+ if $openvpn::bool_absent == true
+ or $openvpn::bool_disable == true
+ or $openvpn::bool_disableboot == true {
+ $manage_monitor = false
+ } else {
+ $manage_monitor = true
+ }
+
+ if $openvpn::bool_absent == true
+ or $openvpn::bool_disable == true {
+ $manage_firewall = false
+ } else {
+ $manage_firewall = true
+ }
+
+ $manage_audit = $openvpn::bool_audit_only ? {
+ true => 'all',
+ false => undef,
+ }
+
+ $manage_file_replace = $openvpn::bool_audit_only ? {
+ true => false,
+ false => true,
+ }
+
+ $manage_file_source = $openvpn::source ? {
+ '' => undef,
+ default => $openvpn::source,
+ }
+
+ $manage_file_content = $openvpn::template ? {
+ '' => undef,
+ default => template($openvpn::template),
+ }
+
+ ### Managed resources
+ package { 'openvpn':
+ ensure => $openvpn::manage_package,
+ name => $openvpn::package,
+ }
+
+ service { 'openvpn':
+ ensure => $openvpn::manage_service_ensure,
+ name => $openvpn::service,
+ enable => $openvpn::manage_service_enable,
+ hasstatus => $openvpn::service_status,
+ pattern => $openvpn::process,
+ require => Package['openvpn'],
+ }
+
+ file { 'openvpn.conf':
+ ensure => $openvpn::manage_file,
+ path => $openvpn::config_file,
+ mode => $openvpn::config_file_mode,
+ owner => $openvpn::config_file_owner,
+ group => $openvpn::config_file_group,
+ require => Package['openvpn'],
+ notify => $openvpn::manage_service_autorestart,
+ source => $openvpn::manage_file_source,
+ content => $openvpn::manage_file_content,
+ replace => $openvpn::manage_file_replace,
+ audit => $openvpn::manage_audit,
+ }
+
+ # The whole openvpn configuration directory can be recursively overriden
+ if $openvpn::source_dir {
+ file { 'openvpn.dir':
+ ensure => directory,
+ path => $openvpn::config_dir,
+ require => Package['openvpn'],
+ notify => $openvpn::manage_service_autorestart,
+ source => $openvpn::source_dir,
+ recurse => true,
+ purge => $openvpn::source_dir_purge,
+ replace => $openvpn::manage_file_replace,
+ audit => $openvpn::manage_audit,
+ }
+ }
+
+
+ ### Include custom class if $my_class is set
+ if $openvpn::my_class {
+ include $openvpn::my_class
+ }
+
+
+ ### Provide puppi data, if enabled ( puppi => true )
+ if $openvpn::bool_puppi == true {
+ $classvars=get_class_args()
+ puppi::ze { 'openvpn':
+ ensure => $openvpn::manage_file,
+ variables => $classvars,
+ helper => $openvpn::puppi_helper,
+ }
+ }
+
+
+ ### Service monitoring, if enabled ( monitor => true )
+ if $openvpn::bool_monitor == true {
+ monitor::port { "openvpn_${openvpn::protocol}_${openvpn::port}":
+ protocol => $openvpn::protocol,
+ port => $openvpn::port,
+ target => $openvpn::monitor_target,
+ tool => $openvpn::monitor_tool,
+ enable => $openvpn::manage_monitor,
+ }
+ monitor::process { 'openvpn_process':
+ process => $openvpn::process,
+ service => $openvpn::service,
+ pidfile => $openvpn::pid_file,
+ user => $openvpn::process_user,
+ argument => $openvpn::process_args,
+ tool => $openvpn::monitor_tool,
+ enable => $openvpn::manage_monitor,
+ }
+ }
+
+
+ ### Firewall management, if enabled ( firewall => true )
+ if $openvpn::bool_firewall == true {
+ firewall { "openvpn_${openvpn::protocol}_${openvpn::port}":
+ source => $openvpn::firewall_src,
+ destination => $openvpn::firewall_dst,
+ protocol => $openvpn::protocol,
+ port => $openvpn::port,
+ action => 'allow',
+ direction => 'input',
+ tool => $openvpn::firewall_tool,
+ enable => $openvpn::manage_firewall,
+ }
+ }
+
+
+ ### Debugging, if enabled ( debug => true )
+ if $openvpn::bool_debug == true {
+ file { 'debug_openvpn':
+ ensure => $openvpn::manage_file,
+ path => "${settings::vardir}/debug-openvpn",
+ mode => '0640',
+ owner => 'root',
+ group => 'root',
+ content => inline_template('<%= scope.to_hash.reject { |k,v| k.to_s =~ /(uptime.*|path|timestamp|free|.*password.*|.*psk.*|.*key)/ }.to_yaml %>'),
+ }
+ }
+
+}
113 manifests/params.pp
@@ -0,0 +1,113 @@
+# Class: openvpn::params
+#
+# This class defines default parameters used by the main module class openvpn
+# Operating Systems differences in names and paths are addressed here
+#
+# == Variables
+#
+# Refer to openvpn class for the variables defined here.
+#
+# == Usage
+#
+# This class is not intended to be used directly.
+# It may be imported or inherited by other classes
+#
+class openvpn::params {
+
+ ### Application related parameters
+
+ $package = $::operatingsystem ? {
+ default => 'openvpn',
+ }
+
+ $service = $::operatingsystem ? {
+ default => 'openvpn',
+ }
+
+ $service_status = $::operatingsystem ? {
+ default => true,
+ }
+
+ $process = $::operatingsystem ? {
+ default => 'openvpn',
+ }
+
+ $process_args = $::operatingsystem ? {
+ default => '',
+ }
+
+ $process_user = $::operatingsystem ? {
+ default => 'openvpn',
+ }
+
+ $config_dir = $::operatingsystem ? {
+ default => '/etc/openvpn',
+ }
+
+ $config_file = $::operatingsystem ? {
+ default => '/etc/openvpn/openvpn.conf',
+ }
+
+ $config_file_mode = $::operatingsystem ? {
+ default => '0644',
+ }
+
+ $config_file_owner = $::operatingsystem ? {
+ default => 'root',
+ }
+
+ $config_file_group = $::operatingsystem ? {
+ default => 'root',
+ }
+
+ $config_file_init = $::operatingsystem ? {
+ /(?i:Debian|Ubuntu|Mint)/ => '/etc/default/openvpn',
+ default => '/etc/sysconfig/openvpn',
+ }
+
+ $pid_file = $::operatingsystem ? {
+ default => '/var/run/openvpn.pid',
+ }
+
+ $data_dir = $::operatingsystem ? {
+ default => '/etc/openvpn',
+ }
+
+ $log_dir = $::operatingsystem ? {
+ default => '/var/log/openvpn',
+ }
+
+ $log_file = $::operatingsystem ? {
+ default => '/var/log/openvpn/openvpn.log',
+ }
+
+ $port = '1194'
+ $protocol = 'tcp'
+
+ # General Settings
+ $my_class = ''
+ $source = ''
+ $source_dir = ''
+ $source_dir_purge = 'false'
+ $template = ''
+ $options = ''
+ $service_autorestart = true
+ $version = 'present'
+ $absent = false
+ $disable = false
+ $disableboot = false
+
+ ### General module variables that can have a site or per module default
+ $monitor = false
+ $monitor_tool = ''
+ $monitor_target = $::ipaddress
+ $firewall = false
+ $firewall_tool = ''
+ $firewall_src = '0.0.0.0/0'
+ $firewall_dst = $::ipaddress
+ $puppi = false
+ $puppi_helper = 'standard'
+ $debug = false
+ $audit_only = false
+
+}
22 manifests/spec.pp
@@ -0,0 +1,22 @@
+# Class: openvpn::spec
+#
+# This class is used only for rpsec-puppet tests
+# Can be taken as an example on how to do custom classes but should not
+# be modified.
+#
+# == Usage
+#
+# This class is not intended to be used directly.
+# Use it as reference
+#
+class openvpn::spec inherits openvpn {
+
+ # This just a test to override the arguments of an existing resource
+ # Note that you can achieve this same result with just:
+ # class { "openvpn": template => "openvpn/spec.erb" }
+
+ File['openvpn.conf'] {
+ content => template('openvpn/spec.erb'),
+ }
+
+}
230 spec/classes/openvpn_spec.rb
@@ -0,0 +1,230 @@
+require "#{File.join(File.dirname(__FILE__),'..','spec_helper.rb')}"
+
+describe 'openvpn' do
+
+ let(:title) { 'openvpn' }
+ let(:node) { 'rspec.example42.com' }
+ let(:facts) { { :ipaddress => '10.42.42.42' } }
+
+ describe 'Test standard installation' do
+ it { should contain_package('openvpn').with_ensure('present') }
+ it { should contain_service('openvpn').with_ensure('running') }
+ it { should contain_service('openvpn').with_enable('true') }
+ it { should contain_file('openvpn.conf').with_ensure('present') }
+ end
+
+ describe 'Test installation of a specific version' do
+ let(:params) { {:version => '1.0.42' } }
+ it { should contain_package('openvpn').with_ensure('1.0.42') }
+ end
+
+ describe 'Test standard installation with monitoring and firewalling' do
+ let(:params) { {:monitor => true , :firewall => true, :port => '42', :protocol => 'tcp' } }
+
+ it { should contain_package('openvpn').with_ensure('present') }
+ it { should contain_service('openvpn').with_ensure('running') }
+ it { should contain_service('openvpn').with_enable('true') }
+ it { should contain_file('openvpn.conf').with_ensure('present') }
+ it 'should monitor the process' do
+ content = catalogue.resource('monitor::process', 'openvpn_process').send(:parameters)[:enable]
+ content.should == true
+ end
+ it 'should place a firewall rule' do
+ content = catalogue.resource('firewall', 'openvpn_tcp_42').send(:parameters)[:enable]
+ content.should == true
+ end
+ end
+
+ describe 'Test decommissioning - absent' do
+ let(:params) { {:absent => true, :monitor => true , :firewall => true, :port => '42', :protocol => 'tcp'} }
+
+ it 'should remove Package[openvpn]' do should contain_package('openvpn').with_ensure('absent') end
+ it 'should stop Service[openvpn]' do should contain_service('openvpn').with_ensure('stopped') end
+ it 'should not enable at boot Service[openvpn]' do should contain_service('openvpn').with_enable('false') end
+ it 'should remove openvpn configuration file' do should contain_file('openvpn.conf').with_ensure('absent') end
+ it 'should not monitor the process' do
+ content = catalogue.resource('monitor::process', 'openvpn_process').send(:parameters)[:enable]
+ content.should == false
+ end
+ it 'should remove a firewall rule' do
+ content = catalogue.resource('firewall', 'openvpn_tcp_42').send(:parameters)[:enable]
+ content.should == false
+ end
+ end
+
+ describe 'Test decommissioning - disable' do
+ let(:params) { {:disable => true, :monitor => true , :firewall => true, :port => '42', :protocol => 'tcp'} }
+
+ it { should contain_package('openvpn').with_ensure('present') }
+ it 'should stop Service[openvpn]' do should contain_service('openvpn').with_ensure('stopped') end
+ it 'should not enable at boot Service[openvpn]' do should contain_service('openvpn').with_enable('false') end
+ it { should contain_file('openvpn.conf').with_ensure('present') }
+ it 'should not monitor the process' do
+ content = catalogue.resource('monitor::process', 'openvpn_process').send(:parameters)[:enable]
+ content.should == false
+ end
+ it 'should remove a firewall rule' do
+ content = catalogue.resource('firewall', 'openvpn_tcp_42').send(:parameters)[:enable]
+ content.should == false
+ end
+ end
+
+ describe 'Test decommissioning - disableboot' do
+ let(:params) { {:disableboot => true, :monitor => true , :firewall => true, :port => '42', :protocol => 'tcp'} }
+
+ it { should contain_package('openvpn').with_ensure('present') }
+ it { should_not contain_service('openvpn').with_ensure('present') }
+ it { should_not contain_service('openvpn').with_ensure('absent') }
+ it 'should not enable at boot Service[openvpn]' do should contain_service('openvpn').with_enable('false') end
+ it { should contain_file('openvpn.conf').with_ensure('present') }
+ it 'should not monitor the process locally' do
+ content = catalogue.resource('monitor::process', 'openvpn_process').send(:parameters)[:enable]
+ content.should == false
+ end
+ it 'should keep a firewall rule' do
+ content = catalogue.resource('firewall', 'openvpn_tcp_42').send(:parameters)[:enable]
+ content.should == true
+ end
+ end
+
+ describe 'Test customizations - template' do
+ let(:params) { {:template => "openvpn/spec.erb" , :options => { 'opt_a' => 'value_a' } } }
+
+ it 'should generate a valid template' do
+ content = catalogue.resource('file', 'openvpn.conf').send(:parameters)[:content]
+ content.should match "fqdn: rspec.example42.com"
+ end
+ it 'should generate a template that uses custom options' do
+ content = catalogue.resource('file', 'openvpn.conf').send(:parameters)[:content]
+ content.should match "value_a"
+ end
+
+ end
+
+ describe 'Test customizations - source' do
+ let(:params) { {:source => "puppet://modules/openvpn/spec" , :source_dir => "puppet://modules/openvpn/dir/spec" , :source_dir_purge => true } }
+
+ it 'should request a valid source ' do
+ content = catalogue.resource('file', 'openvpn.conf').send(:parameters)[:source]
+ content.should == "puppet://modules/openvpn/spec"
+ end
+ it 'should request a valid source dir' do
+ content = catalogue.resource('file', 'openvpn.dir').send(:parameters)[:source]
+ content.should == "puppet://modules/openvpn/dir/spec"
+ end
+ it 'should purge source dir if source_dir_purge is true' do
+ content = catalogue.resource('file', 'openvpn.dir').send(:parameters)[:purge]
+ content.should == true
+ end
+ end
+
+ describe 'Test customizations - custom class' do
+ let(:params) { {:my_class => "openvpn::spec" } }
+ it 'should automatically include a custom class' do
+ content = catalogue.resource('file', 'openvpn.conf').send(:parameters)[:content]
+ content.should match "fqdn: rspec.example42.com"
+ end
+ end
+
+ describe 'Test service autorestart', :broken => true do
+ it 'should automatically restart the service, by default' do
+ content = catalogue.resource('file', 'openvpn.conf').send(:parameters)[:notify]
+ content.should == 'Service[openvpn]{:name=>"openvpn"}'
+ end
+ end
+
+ describe 'Test service autorestart' do
+ let(:params) { {:service_autorestart => "no" } }
+
+ it 'should not automatically restart the service, when service_autorestart => false' do
+ content = catalogue.resource('file', 'openvpn.conf').send(:parameters)[:notify]
+ content.should be_nil
+ end
+ end
+
+ describe 'Test Puppi Integration' do
+ let(:params) { {:puppi => true, :puppi_helper => "myhelper"} }
+
+ it 'should generate a puppi::ze define' do
+ content = catalogue.resource('puppi::ze', 'openvpn').send(:parameters)[:helper]
+ content.should == "myhelper"
+ end
+ end
+
+ describe 'Test Monitoring Tools Integration' do
+ let(:params) { {:monitor => true, :monitor_tool => "puppi" } }
+
+ it 'should generate monitor defines' do
+ content = catalogue.resource('monitor::process', 'openvpn_process').send(:parameters)[:tool]
+ content.should == "puppi"
+ end
+ end
+
+ describe 'Test Firewall Tools Integration' do
+ let(:params) { {:firewall => true, :firewall_tool => "iptables" , :protocol => "tcp" , :port => "42" } }
+
+ it 'should generate correct firewall define' do
+ content = catalogue.resource('firewall', 'openvpn_tcp_42').send(:parameters)[:tool]
+ content.should == "iptables"
+ end
+ end
+
+ describe 'Test OldGen Module Set Integration' do
+ let(:params) { {:monitor => "yes" , :monitor_tool => "puppi" , :firewall => "yes" , :firewall_tool => "iptables" , :puppi => "yes" , :port => "42" , :protocol => 'tcp' } }
+
+ it 'should generate monitor resources' do
+ content = catalogue.resource('monitor::process', 'openvpn_process').send(:parameters)[:tool]
+ content.should == "puppi"
+ end
+ it 'should generate firewall resources' do
+ content = catalogue.resource('firewall', 'openvpn_tcp_42').send(:parameters)[:tool]
+ content.should == "iptables"
+ end
+ it 'should generate puppi resources ' do
+ content = catalogue.resource('puppi::ze', 'openvpn').send(:parameters)[:ensure]
+ content.should == "present"
+ end
+ end
+
+ describe 'Test params lookup' do
+ let(:facts) { { :monitor => true , :ipaddress => '10.42.42.42' } }
+ let(:params) { { :port => '42' } }
+
+ it 'should honour top scope global vars' do
+ content = catalogue.resource('monitor::process', 'openvpn_process').send(:parameters)[:enable]
+ content.should == true
+ end
+ end
+
+ describe 'Test params lookup' do
+ let(:facts) { { :openvpn_monitor => true , :ipaddress => '10.42.42.42' } }
+ let(:params) { { :port => '42' } }
+
+ it 'should honour module specific vars' do
+ content = catalogue.resource('monitor::process', 'openvpn_process').send(:parameters)[:enable]
+ content.should == true
+ end
+ end
+
+ describe 'Test params lookup' do
+ let(:facts) { { :monitor => false , :openvpn_monitor => true , :ipaddress => '10.42.42.42' } }
+ let(:params) { { :port => '42' } }
+
+ it 'should honour top scope module specific over global vars' do
+ content = catalogue.resource('monitor::process', 'openvpn_process').send(:parameters)[:enable]
+ content.should == true
+ end
+ end
+
+ describe 'Test params lookup' do
+ let(:facts) { { :monitor => false , :ipaddress => '10.42.42.42' } }
+ let(:params) { { :monitor => true , :firewall => true, :port => '42' } }
+
+ it 'should honour passed params over global vars' do
+ content = catalogue.resource('monitor::process', 'openvpn_process').send(:parameters)[:enable]
+ content.should == true
+ end
+ end
+
+end
+
25 spec/spec_helper.rb
@@ -0,0 +1,25 @@
+# Based on https://github.com/puppetlabs/puppetlabs-ntp/blob/master/spec/spec_helper.rb
+# Thanks to Ken Barber for advice about http://projects.puppetlabs.com/issues/11191
+require 'puppet'
+require 'rspec-puppet'
+require 'tmpdir'
+
+RSpec.configure do |c|
+ c.before :each do
+ # Create a temporary puppet confdir area and temporary site.pp so
+ # when rspec-puppet runs we don't get a puppet error.
+ @puppetdir = Dir.mktmpdir("openvpn")
+ manifestdir = File.join(@puppetdir, "manifests")
+ Dir.mkdir(manifestdir)
+ FileUtils.touch(File.join(manifestdir, "site.pp"))
+ Puppet[:confdir] = @puppetdir
+ end
+
+ c.filter_run_excluding :broken => true
+
+ c.after :each do
+ FileUtils.remove_entry_secure(@puppetdir)
+ end
+
+ c.module_path = File.join(File.dirname(__FILE__), '../../')
+end
8 templates/spec.erb
@@ -0,0 +1,8 @@
+# This is a template used only for rspec tests
+
+# Yaml of the whole scope
+<%= scope.to_hash.reject { |k,v| !( k.is_a?(String) && v.is_a?(String) ) }.to_yaml %>
+
+# Custom Options
+<%= options['opt_a'] %>
+<%= options['opt_b'] %>
Please sign in to comment.
Something went wrong with that request. Please try again.