forked from chef-boneyard/cookbooks
-
Notifications
You must be signed in to change notification settings - Fork 1
/
metadata.json
115 lines (100 loc) · 5.29 KB
/
metadata.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
{
"providing": {
},
"attributes": {
"openvpn/type": {
"required": "optional",
"calculated": false,
"choice": [
],
"default": "server",
"type": "string",
"recipes": [
],
"description": "Server or server-bridge",
"display_name": "OpenVPN Type"
},
"openvpn/proto": {
"required": "optional",
"calculated": false,
"choice": [
],
"default": "udp",
"type": "string",
"recipes": [
],
"description": "UDP or TCP",
"display_name": "OpenVPN Protocol"
},
"openvpn/netmask": {
"required": "optional",
"calculated": false,
"choice": [
],
"default": "255.255.0.0",
"type": "string",
"recipes": [
],
"description": "Netmask for clients",
"display_name": "OpenVPN Netmask"
},
"openvpn/subnet": {
"required": "optional",
"calculated": false,
"choice": [
],
"default": "10.8.0.0",
"type": "string",
"recipes": [
],
"description": "Subnet to hand out to clients",
"display_name": "OpenVPN Subnet"
},
"openvpn/local": {
"required": "optional",
"calculated": false,
"choice": [
],
"default": "ipaddress",
"type": "string",
"recipes": [
],
"description": "Local interface (ip) to listen on",
"display_name": "OpenVPN Local"
}
},
"replacing": {
},
"dependencies": {
},
"groupings": {
},
"recommendations": {
},
"platforms": {
"debian": [
],
"fedora": [
],
"centos": [
],
"ubuntu": [
],
"redhat": [
]
},
"license": "Apache 2.0",
"version": "0.8.2",
"maintainer": "Opscode, Inc.",
"suggestions": {
},
"recipes": {
"openvpn": "Installs and configures openvpn"
},
"maintainer_email": "cookbooks@opscode.com",
"name": "openvpn",
"conflicting": {
},
"description": "Installs and configures openvpn and includes rake tasks for managing certs",
"long_description": "= DESCRIPTION:\n\nInstalls OpenVPN and sets up a fairly basic configuration. Since OpenVPN is very complex, we provide a baseline, but your site will need probably need to customize.\n\n= REQUIREMENTS:\n\n== Platform:\n\nTested on Ubuntu 8.10, but should work anywhere that has a package for OpenVPN.\n\n== Cookbooks:\n\nNo other cookbooks are required.\n\n= ATTRIBUTES: \n\nThese attributes are set by the cookbook by default. \n\n* openvpn[:local] - IP to listen on, defaults to node[:ipaddress]\n* openvpn[:proto] - Valid values are 'udp' or 'tcp', defaults to 'udp'.\n* openvpn[:type] - Valid values are 'server' or 'server-bridge'. Default is 'server' and it will create a routed IP tunnel, and use the 'tun' device. 'server-bridge' will create an ethernet bridge and requires a tap0 device bridged with the ethernet interface, and is beyond the scope of the cookbook at this time.\n* openvpn[:subnet] - Used for server mode to configure a VPN subnet to draw client addresses. Default is 10.8.0.0, which is what the sample OpenVPN config package uses.\n* openvpn[:netmask] - Netmask for the subnet, default is 255.255.0.0.\n\n= USAGE:\n\nOpenVPN uses SSL certificates for authentication. We provide a Rakefile to make it easier to set everything up. The rake tasks need to be run before deploying the cookbook so the configured server has the proper certificate files. These tasks wrap around the easy-rsa scripts provided with OpenVPN.\n\nBe sure to edit the 'vars' file, files/default/easy-rsa/vars, to set site-specific SSL certificate parameters.\n\nThis cookbook also provides an 'up' script that runs when OpenVPN is started. This script is for setting up firewall rules and kernel networking parameters as needed for your environment. For example, you'll probably want to enable IP forwarding (sample Linux setting is commented out).\n\n== Server:\n\nUse the rake task from the easy-rsa directory in this cookbook.\n\n cd files/default/easy-rsa\n . vars \n rake server\n \nThis will create the certificates in files/default/keys.\n\n== Client:\n\nFor security reasons, certificates should be generated on a per-user basis. The client task requires two variables, the username and the VPN gateway hostname.\n\n cd files/default/easy-rsa\n . vars\n rake client name=\"username\" gateway=\"vpn_gateway.example.com\"\n \nThis will create a ZIP file, /tmp/\"username\".zip. This file should be sent to the user and removed from the server where generated.\n\n= LICENSE and AUTHOR:\n \nAuthor:: Joshua Timberman (<joshua@opscode.com>)\n\nCopyright:: 2009, Opscode, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n"
}