Merge pull request #180 from dennisdegreef/freebsd-compatability-reba…

…sed-again Freebsd compatability rebased again
voxpupuli · Oct 28, 2015 · b797389 · b797389
2 parents d38b0a1 + 33654ea
commit b797389
Show file tree

Hide file tree

Showing 13 changed files with 206 additions and 125 deletions.
diff --git a/manifests/ca.pp b/manifests/ca.pp
@@ -117,87 +117,89 @@
     group => $group_to_set,
   }
 
+  $etc_directory = $::openvpn::params::etc_directory
+
   exec { "copy easy-rsa to openvpn config folder ${name}":
-    command => "/bin/cp -r ${openvpn::params::easyrsa_source} /etc/openvpn/${name}/easy-rsa",
-    creates => "/etc/openvpn/${name}/easy-rsa",
-    require => File["/etc/openvpn/${name}"],
+    command => "/bin/cp -r ${openvpn::params::easyrsa_source} ${etc_directory}/openvpn/${name}/easy-rsa",
+    creates => "${etc_directory}/openvpn/${name}/easy-rsa",
+    require => File["${etc_directory}/openvpn/${name}"],
   }
 
   file { [
-    "/etc/openvpn/${name}/easy-rsa/clean-all",
-    "/etc/openvpn/${name}/easy-rsa/build-dh",
-    "/etc/openvpn/${name}/easy-rsa/pkitool",
+    "${etc_directory}/openvpn/${name}/easy-rsa/clean-all",
+    "${etc_directory}/openvpn/${name}/easy-rsa/build-dh",
+    "${etc_directory}/openvpn/${name}/easy-rsa/pkitool",
   ]:
     ensure  => file,
     mode    => '0550',
     require => Exec["copy easy-rsa to openvpn config folder ${name}"],
   }
 
-  file { "/etc/openvpn/${name}/easy-rsa/revoked":
+  file { "${etc_directory}/openvpn/${name}/easy-rsa/revoked":
     ensure  => directory,
     mode    => '0750',
     recurse => true,
     require => Exec["copy easy-rsa to openvpn config folder ${name}"],
   }
 
-  file { "/etc/openvpn/${name}/easy-rsa/vars":
+  file { "${etc_directory}/openvpn/${name}/easy-rsa/vars":
     ensure  => file,
     mode    => '0550',
     content => template('openvpn/vars.erb'),
     require => Exec["copy easy-rsa to openvpn config folder ${name}"],
   }
 
-  file { "/etc/openvpn/${name}/easy-rsa/openssl.cnf":
+  file { "${etc_directory}/openvpn/${name}/easy-rsa/openssl.cnf":
     require => Exec["copy easy-rsa to openvpn config folder ${name}"],
   }
 
   if $openvpn::params::link_openssl_cnf == true {
-    File["/etc/openvpn/${name}/easy-rsa/openssl.cnf"] {
+    File["${etc_directory}/openvpn/${name}/easy-rsa/openssl.cnf"] {
       ensure => link,
-      target => "/etc/openvpn/${name}/easy-rsa/openssl-1.0.0.cnf",
+      target => "${etc_directory}/openvpn/${name}/easy-rsa/openssl-1.0.0.cnf",
       before => Exec["initca ${name}"],
     }
   }
 
   exec { "generate dh param ${name}":
     command  => '. ./vars && ./clean-all && ./build-dh',
-    cwd      => "/etc/openvpn/${name}/easy-rsa",
-    creates  => "/etc/openvpn/${name}/easy-rsa/keys/dh${ssl_key_size}.pem",
+    cwd      => "${etc_directory}/openvpn/${name}/easy-rsa",
+    creates  => "${etc_directory}/openvpn/${name}/easy-rsa/keys/dh${ssl_key_size}.pem",
     provider => 'shell',
-    require  => File["/etc/openvpn/${name}/easy-rsa/vars"],
+    require  => File["${etc_directory}/openvpn/${name}/easy-rsa/vars"],
   }
 
   exec { "initca ${name}":
     command  => '. ./vars && ./pkitool --initca',
-    cwd      => "/etc/openvpn/${name}/easy-rsa",
-    creates  => "/etc/openvpn/${name}/easy-rsa/keys/ca.key",
+    cwd      => "${etc_directory}/openvpn/${name}/easy-rsa",
+    creates  => "${etc_directory}/openvpn/${name}/easy-rsa/keys/ca.key",
     provider => 'shell',
     require  => Exec["generate dh param ${name}"],
   }
 
   exec { "generate server cert ${name}":
     command  => ". ./vars && ./pkitool --server ${common_name}",
-    cwd      => "/etc/openvpn/${name}/easy-rsa",
-    creates  => "/etc/openvpn/${name}/easy-rsa/keys/${common_name}.key",
+    cwd      => "${etc_directory}/openvpn/${name}/easy-rsa",
+    creates  => "${etc_directory}/openvpn/${name}/easy-rsa/keys/${common_name}.key",
     provider => 'shell',
     require  => Exec["initca ${name}"],
   }
 
-  file { "/etc/openvpn/${name}/keys":
+  file { "${etc_directory}/openvpn/${name}/keys":
     ensure  => link,
-    target  => "/etc/openvpn/${name}/easy-rsa/keys",
+    target  => "${etc_directory}/openvpn/${name}/easy-rsa/keys",
     require => Exec["copy easy-rsa to openvpn config folder ${name}"],
   }
 
   exec { "create crl.pem on ${name}":
-    command  => ". ./vars && KEY_CN='' KEY_OU='' KEY_NAME='' KEY_ALTNAMES='' openssl ca -gencrl -out /etc/openvpn/${name}/crl.pem -config /etc/openvpn/${name}/easy-rsa/openssl.cnf",
-    cwd      => "/etc/openvpn/${name}/easy-rsa",
-    creates  => "/etc/openvpn/${name}/crl.pem",
+    command  => ". ./vars && KEY_CN='' KEY_OU='' KEY_NAME='' KEY_ALTNAMES='' openssl ca -gencrl -out ${etc_directory}/openvpn/${name}/crl.pem -config ${etc_directory}/openvpn/${name}/easy-rsa/openssl.cnf",
+    cwd      => "${etc_directory}/openvpn/${name}/easy-rsa",
+    creates  => "${etc_directory}/openvpn/${name}/crl.pem",
     provider => 'shell',
     require  => Exec["generate server cert ${name}"],
   }
 
-  file { "/etc/openvpn/${name}/crl.pem":
+  file { "${etc_directory}/openvpn/${name}/crl.pem":
     mode    => '0640',
     group   =>  $group_to_set,
     require => Exec["create crl.pem on ${name}"],
@@ -206,16 +208,16 @@
   if $tls_auth {
     exec { "generate tls key for ${name}":
       command  => 'openvpn --genkey --secret keys/ta.key',
-      cwd      => "/etc/openvpn/${name}/easy-rsa",
-      creates  => "/etc/openvpn/${name}/easy-rsa/keys/ta.key",
+      cwd      => "${etc_directory}/openvpn/${name}/easy-rsa",
+      creates  => "${etc_directory}/openvpn/${name}/easy-rsa/keys/ta.key",
       provider => 'shell',
       require  => Exec["generate server cert ${name}"],
     }
   }
 
-  file { "/etc/openvpn/${name}/easy-rsa/keys/crl.pem":
+  file { "${etc_directory}/openvpn/${name}/easy-rsa/keys/crl.pem":
     ensure  => link,
-    target  => "/etc/openvpn/${name}/crl.pem",
+    target  => "${etc_directory}/openvpn/${name}/crl.pem",
     require => Exec["create crl.pem on ${name}"],
   }
 

diff --git a/manifests/client.pp b/manifests/client.pp
@@ -219,6 +219,8 @@
   Openvpn::Ca[$ca_name] ->
   Openvpn::Client[$name]
 
+  $etc_directory = $::openvpn::params::etc_directory
+
   if $expire {
     if is_integer($expire){
       $env_expire = "KEY_EXPIRE=${expire}"
@@ -231,50 +233,50 @@
 
   exec { "generate certificate for ${name} in context of ${ca_name}":
     command  => ". ./vars && ${env_expire} ./pkitool ${name}",
-    cwd      => "/etc/openvpn/${ca_name}/easy-rsa",
-    creates  => "/etc/openvpn/${ca_name}/easy-rsa/keys/${name}.crt",
+    cwd      => "${etc_directory}/openvpn/${ca_name}/easy-rsa",
+    creates  => "${etc_directory}/openvpn/${ca_name}/easy-rsa/keys/${name}.crt",
     provider => 'shell';
   }
 
-  file { [ "/etc/openvpn/${server}/download-configs/${name}",
-          "/etc/openvpn/${server}/download-configs/${name}/keys",
-          "/etc/openvpn/${server}/download-configs/${name}/keys/${name}" ]:
+  file { [ "${etc_directory}/openvpn/${server}/download-configs/${name}",
+          "${etc_directory}/openvpn/${server}/download-configs/${name}/keys",
+          "${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}" ]:
     ensure  => directory,
   }
 
-  file { "/etc/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.crt":
+  file { "${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.crt":
     ensure  => link,
-    target  => "/etc/openvpn/${ca_name}/easy-rsa/keys/${name}.crt",
+    target  => "${etc_directory}/openvpn/${ca_name}/easy-rsa/keys/${name}.crt",
     require => Exec["generate certificate for ${name} in context of ${ca_name}"],
   }
 
-  file { "/etc/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.key":
+  file { "${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.key":
     ensure  => link,
-    target  => "/etc/openvpn/${ca_name}/easy-rsa/keys/${name}.key",
+    target  => "${etc_directory}/openvpn/${ca_name}/easy-rsa/keys/${name}.key",
     require => Exec["generate certificate for ${name} in context of ${ca_name}"],
   }
 
-  file { "/etc/openvpn/${server}/download-configs/${name}/keys/${name}/ca.crt":
+  file { "${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}/ca.crt":
     ensure  => link,
-    target  => "/etc/openvpn/${ca_name}/easy-rsa/keys/ca.crt",
+    target  => "${etc_directory}/openvpn/${ca_name}/easy-rsa/keys/ca.crt",
     require => Exec["generate certificate for ${name} in context of ${ca_name}"],
   }
 
   if $tls_auth {
-    file { "/etc/openvpn/${server}/download-configs/${name}/keys/${name}/ta.key":
+    file { "${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}/ta.key":
       ensure  => link,
-      target  => "/etc/openvpn/${server}/easy-rsa/keys/ta.key",
+      target  => "${etc_directory}/openvpn/${server}/easy-rsa/keys/ta.key",
       require => Exec["generate certificate for ${name} in context of ${server}"],
       before  => [
         Exec["tar the thing ${server} with ${name}"],
-        Concat["/etc/openvpn/${server}/download-configs/${name}.ovpn"],
+        Concat["${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn"],
       ],
       notify  => Exec["tar the thing ${server} with ${name}"],
     }
   }
 
   if $readme {
-    file {"/etc/openvpn/${server}/download-configs/${name}/README":
+    file {"${etc_directory}/openvpn/${server}/download-configs/${name}/README":
       ensure  => file,
       owner   => root,
       group   => root,
@@ -285,127 +287,127 @@
   }
 
   file {
-    "/etc/openvpn/${server}/download-configs/${name}.tblk":
+    "${etc_directory}/openvpn/${server}/download-configs/${name}.tblk":
       ensure  => directory;
 
-    "/etc/openvpn/${server}/download-configs/${name}.tblk/${name}.ovpn":
+    "${etc_directory}/openvpn/${server}/download-configs/${name}.tblk/${name}.ovpn":
       ensure  => link,
-      target  => "/etc/openvpn/${server}/download-configs/${name}.ovpn",
+      target  => "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn",
       require => [
-        Concat["/etc/openvpn/${server}/download-configs/${name}.ovpn"],
-        File["/etc/openvpn/${server}/download-configs/${name}.tblk"]
+        Concat["${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn"],
+        File["${etc_directory}/openvpn/${server}/download-configs/${name}.tblk"],
       ],
       before =>  Exec["tar the thing ${server} with ${name}"];
   }
 
-  file { "/etc/openvpn/${server}/download-configs/${name}/${name}.conf":
+  file { "${etc_directory}/openvpn/${server}/download-configs/${name}/${name}.conf":
     owner   => root,
-    group   => root,
+    group   => $::openvpn::params::root_group,
     mode    => '0444',
     content => template('openvpn/client.erb'),
   }
 
   exec { "tar the thing ${server} with ${name}":
-    cwd         => "/etc/openvpn/${server}/download-configs/",
+    cwd         => "${etc_directory}/openvpn/${server}/download-configs/",
     command     => "/bin/rm ${name}.tar.gz; tar --exclude=\\*.conf.d -chzvf ${name}.tar.gz ${name} ${name}.tblk",
     refreshonly => true,
     require     => [
-      File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"],
-      File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}/ca.crt"],
-      File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.key"],
-      File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.crt"],
-      Concat["/etc/openvpn/${server}/download-configs/${name}.ovpn"],
-      File["/etc/openvpn/${server}/download-configs/${name}.tblk"],
-      File["/etc/openvpn/${server}/download-configs/${name}.tblk/${name}.ovpn"],
+      File["${etc_directory}/openvpn/${server}/download-configs/${name}/${name}.conf"],
+      File["${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}/ca.crt"],
+      File["${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.key"],
+      File["${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.crt"],
+      Concat["${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn"],
+      File["${etc_directory}/openvpn/${server}/download-configs/${name}.tblk"],
+      File["${etc_directory}/openvpn/${server}/download-configs/${name}.tblk/${name}.ovpn"],
     ],
   }
 
-  concat { "/etc/openvpn/${server}/download-configs/${name}.ovpn":
+  concat { "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn":
     mode    => '0400',
     notify  => Exec["tar the thing ${server} with ${name}"],
     require => [
-      File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"],
-      File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}/ca.crt"],
-      File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.key"],
-      File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.crt"],
+      File["${etc_directory}/openvpn/${server}/download-configs/${name}/${name}.conf"],
+      File["${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}/ca.crt"],
+      File["${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.key"],
+      File["${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.crt"],
     ],
   }
 
-  concat::fragment { "/etc/openvpn/${server}/download-configs/${name}.ovpn/client_config":
-    target  => "/etc/openvpn/${server}/download-configs/${name}.ovpn",
-    source  => "/etc/openvpn/${server}/download-configs/${name}/${name}.conf",
-    order   => '01'
+  concat::fragment { "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn/client_config":
+    target => "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn",
+    source => "${etc_directory}/openvpn/${server}/download-configs/${name}/${name}.conf",
+    order  => '01'
   }
 
-  concat::fragment { "/etc/openvpn/${server}/download-configs/${name}.ovpn/ca_open_tag":
-    target  => "/etc/openvpn/${server}/download-configs/${name}.ovpn",
+  concat::fragment { "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn/ca_open_tag":
+    target  => "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn",
     content => "<ca>\n",
     order   => '02'
   }
 
-  concat::fragment { "/etc/openvpn/${server}/download-configs/${name}.ovpn/ca":
-    target  => "/etc/openvpn/${server}/download-configs/${name}.ovpn",
-    source  => "/etc/openvpn/${server}/download-configs/${name}/keys/${name}/ca.crt",
-    order   => '03'
+  concat::fragment { "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn/ca":
+    target => "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn",
+    source => "${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}/ca.crt",
+    order  => '03'
   }
 
-  concat::fragment { "/etc/openvpn/${server}/download-configs/${name}.ovpn/ca_close_tag":
-    target  => "/etc/openvpn/${server}/download-configs/${name}.ovpn",
+  concat::fragment { "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn/ca_close_tag":
+    target  => "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn",
     content => "</ca>\n",
     order   => '04'
   }
 
-  concat::fragment { "/etc/openvpn/${server}/download-configs/${name}.ovpn/key_open_tag":
-    target  => "/etc/openvpn/${server}/download-configs/${name}.ovpn",
+  concat::fragment { "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn/key_open_tag":
+    target  => "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn",
     content => "<key>\n",
     order   => '05'
   }
 
-  concat::fragment { "/etc/openvpn/${server}/download-configs/${name}.ovpn/key":
-    target  => "/etc/openvpn/${server}/download-configs/${name}.ovpn",
-    source  => "/etc/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.key",
-    order   => '06'
+  concat::fragment { "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn/key":
+    target => "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn",
+    source => "${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.key",
+    order  => '06'
   }
 
-  concat::fragment { "/etc/openvpn/${server}/download-configs/${name}.ovpn/key_close_tag":
-    target  => "/etc/openvpn/${server}/download-configs/${name}.ovpn",
+  concat::fragment { "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn/key_close_tag":
+    target  => "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn",
     content => "</key>\n",
     order   => '07'
   }
 
-  concat::fragment { "/etc/openvpn/${server}/download-configs/${name}.ovpn/cert_open_tag":
-    target  => "/etc/openvpn/${server}/download-configs/${name}.ovpn",
+  concat::fragment { "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn/cert_open_tag":
+    target  => "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn",
     content => "<cert>\n",
     order   => '08'
   }
 
-  concat::fragment { "/etc/openvpn/${server}/download-configs/${name}.ovpn/cert":
-    target  => "/etc/openvpn/${server}/download-configs/${name}.ovpn",
-    source  => "/etc/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.crt",
-    order   => '09'
+  concat::fragment { "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn/cert":
+    target => "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn",
+    source => "${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}/${name}.crt",
+    order  => '09'
   }
 
-  concat::fragment { "/etc/openvpn/${server}/download-configs/${name}.ovpn/cert_close_tag":
-    target  => "/etc/openvpn/${server}/download-configs/${name}.ovpn",
+  concat::fragment { "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn/cert_close_tag":
+    target  => "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn",
     content => "</cert>\n",
     order   => '10'
   }
 
   if $tls_auth {
     concat::fragment { "/etc/openvpn/${server}/download-configs/${name}.ovpn/tls_auth_open_tag":
-      target  => "/etc/openvpn/${server}/download-configs/${name}.ovpn",
+      target  => "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn",
       content => "<tls-auth>\n",
       order   => '11'
     }
 
-    concat::fragment { "/etc/openvpn/${server}/download-configs/${name}.ovpn/tls_auth":
-      target  => "/etc/openvpn/${server}/download-configs/${name}.ovpn",
-      source  => "/etc/openvpn/${server}/download-configs/${name}/keys/${name}/ta.key",
+    concat::fragment { "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn/tls_auth":
+      target  => "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn",
+      source  => "${etc_directory}/openvpn/${server}/download-configs/${name}/keys/${name}/ta.key",
       order   => '12'
     }
 
-    concat::fragment { "/etc/openvpn/${server}/download-configs/${name}.ovpn/tls_auth_close_tag":
-      target  => "/etc/openvpn/${server}/download-configs/${name}.ovpn",
+    concat::fragment { "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn/tls_auth_close_tag":
+      target  => "${etc_directory}/openvpn/${server}/download-configs/${name}.ovpn",
       content => "</tls-auth>\n",
       order   => '13'
     }