Add Debian 12 support

Valantin · Valantin · commit 540a692c9825 · 2025-04-29T10:30:32.000+02:00
diff --git a/data/family/Debian.yaml b/data/family/Debian.yaml
@@ -2,8 +2,10 @@ openvpn::etc_directory: '/etc'
 openvpn::group: 'nogroup'
 openvpn::link_openssl_cnf: true
 openvpn::namespecific_rclink: false
-openvpn::default_easyrsa_ver: '2.0'
+openvpn::default_easyrsa_ver: '3.0'
 openvpn::additional_packages: ['easy-rsa','openvpn-auth-ldap']
 openvpn::easyrsa_source: '/usr/share/easy-rsa/'
 openvpn::ldap_auth_plugin_location: '/usr/lib/openvpn/openvpn-auth-ldap.so'
 openvpn::pam_module_path: '/usr/lib/openvpn/openvpn-plugin-auth-pam.so'
+openvpn::server_directory: '/etc/openvpn/server'
+openvpn::server_service_name: 'openvpn-server'
diff --git a/lib/facter/easyrsa.rb b/lib/facter/easyrsa.rb
@@ -14,7 +14,7 @@
       binaryv3 = '/usr/share/easy-rsa/3/easyrsa'
     when %r{Ubuntu|Debian}
       case operatingsystemrelease
-      when %r{9|10|11|18.04|20.04|22.04}
+      when %r{|11|12|18.04|20.04|22.04}
         binaryv2 = '/usr/share/easy-rsa/pkitool'
         binaryv3 = '/usr/share/easy-rsa/easyrsa'
       else
diff --git a/manifests/ca.pp b/manifests/ca.pp
@@ -182,7 +182,7 @@
       }
 
       exec { "initca ${name}":
-        command     => './easyrsa --batch init-pki && ./easyrsa --batch build-ca nopass',
+        command     => "./easyrsa --batch --pki-dir=${server_directory}/${name}/easy-rsa/keys init-pki && ./easyrsa --batch build-ca nopass",
         cwd         => "${server_directory}/${name}/easy-rsa",
         creates     => "${server_directory}/${name}/easy-rsa/keys/ca.crt",
         environment => $_initca_environment,
diff --git a/metadata.json b/metadata.json
@@ -19,7 +19,8 @@
     {
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
-        "11"
+        "11",
+        "12"
       ]
     },
     {
diff --git a/spec/acceptance/openvpn_spec.rb b/spec/acceptance/openvpn_spec.rb
@@ -14,10 +14,10 @@
   easy_rsa_version = '3.0'
   renew_crl_cmd = "cd #{server_directory}/test_openvpn_server/easy-rsa && . ./vars && EASYRSA_REQ_CN='' EASYRSA_REQ_OU='' openssl ca -gencrl -out #{server_directory}/test_openvpn_server/crl.pem -config #{server_directory}/test_openvpn_server/easy-rsa/openssl.cnf"
 when 'Debian'
-  server_directory = '/etc/openvpn'
-  client_directory = '/etc/openvpn'
+  server_directory = '/etc/openvpn/server'
+  client_directory = '/etc/openvpn/client'
   client_service = 'openvpn'
-  if fact('os.release.major') =~ %r{10|11|20.04|22.04}
+  if fact('os.release.major') =~ %r{11|12|20.04|22.04}
     server_crt = "#{server_directory}/test_openvpn_server/easy-rsa/keys/issued/server.crt"
     key_path = "#{server_directory}/test_openvpn_server/easy-rsa/keys/private"
     crt_path = "#{server_directory}/test_openvpn_server/easy-rsa/keys/issued"
diff --git a/spec/defines/openvpn_ca_spec.rb b/spec/defines/openvpn_ca_spec.rb
@@ -112,7 +112,7 @@
 
           # Execs to working with certificates
 
-          if facts[:os]['release']['major'] =~ %r{10|11|20.04|22.04}
+          if facts[:os]['release']['major'] =~ %r{11|12|20.04|22.04}
             it { is_expected.to contain_exec('generate dh param test_server').with_creates("#{server_directory}/test_server/easy-rsa/keys/dh.pem") }
           else
             it { is_expected.to contain_exec('generate dh param test_server').with_creates("#{server_directory}/test_server/easy-rsa/keys/dh2048.pem") }
@@ -122,7 +122,7 @@
           it { is_expected.to contain_exec('create crl.pem on test_server') }
           it { is_expected.not_to contain_exec('update crl.pem on test_server') }
 
-          if facts[:os]['release']['major'] =~ %r{10|11|20.04|22.04}
+          if facts[:os]['release']['major'] =~ %r{11|12|20.04|22.04}
             it { is_expected.to contain_file("#{server_directory}/test_server/easy-rsa/vars").with_content(%r{^export EASYRSA_CA_EXPIRE=3650$}) }
             it { is_expected.to contain_file("#{server_directory}/test_server/easy-rsa/vars").with_content(%r{^export EASYRSA_CERT_EXPIRE=3650$}) }
             it { is_expected.not_to contain_file("#{server_directory}/test_server/easy-rsa/vars").with_content(%r{^export EASYRSA_REQ_CN"$}) }
@@ -157,7 +157,7 @@
             }
           end
 
-          if facts[:os]['release']['major'] =~ %r{10|11|20.04|22.04}
+          if facts[:os]['release']['major'] =~ %r{11|12|20.04|22.04}
             it { is_expected.to contain_file("#{server_directory}/test_server/easy-rsa/vars").with_content(%r{^export EASYRSA_DN="cn_only"$}) }
             it { is_expected.to contain_file("#{server_directory}/test_server/easy-rsa/vars").with_content(%r{^export EASYRSA_CA_EXPIRE=365$}) }
             it { is_expected.to contain_file("#{server_directory}/test_server/easy-rsa/vars").with_content(%r{^export EASYRSA_CERT_EXPIRE=365$}) }
@@ -172,7 +172,7 @@
             it { is_expected.to contain_file("#{server_directory}/test_server/easy-rsa/vars").with_content(%r{^export KEY_OU="NSA"$}) }
           end
 
-          if facts[:os]['release']['major'] =~ %r{10|11|20.04|22.04}
+          if facts[:os]['release']['major'] =~ %r{11|12|20.04|22.04}
             it { is_expected.to contain_exec('generate dh param test_server').with_creates("#{server_directory}/test_server/easy-rsa/keys/dh.pem") }
           else
             it { is_expected.to contain_exec('generate dh param test_server').with_creates("#{server_directory}/test_server/easy-rsa/keys/dh2048.pem") }
@@ -190,7 +190,7 @@
             }
           end
 
-          if facts[:os]['release']['major'] =~ %r{10|11|20.04|22.04}
+          if facts[:os]['release']['major'] =~ %r{11|12|20.04|22.04}
             it {
               is_expected.to contain_file("#{server_directory}/test_server/easy-rsa/openssl.cnf").with(
                 'ensure' => 'link',
diff --git a/spec/defines/openvpn_client_spec.rb b/spec/defines/openvpn_client_spec.rb
@@ -37,7 +37,7 @@
 
       case facts[:os]['family']
       when 'Ubuntu', 'Debian'
-        if facts[:os]['release']['major'] =~ %r{10|11|20.04|22.04}
+        if facts[:os]['release']['major'] =~ %r{11|12|20.04|22.04}
           context 'system with easyrsa3' do
             it {
               is_expected.to contain_file("#{server_directory}/test_server/download-configs/test_client/keys/test_client/test_client.crt").with(
@@ -261,7 +261,7 @@
 
         case facts[:os]['family']
         when 'Ubuntu', 'Debian'
-          if facts[:os]['release']['major'] =~ %r{10|11|20.04|22.04}
+          if facts[:os]['release']['major'] =~ %r{11|12|20.04|22.04}
             context 'system with easyrsa3' do
               it {
                 is_expected.to contain_file("#{server_directory}/test_server/download-configs/test_client/keys/test_client/test_client.crt").with(

Original file line number	Diff line number	Diff line change
`@@ -182,7 +182,7 @@`
`182`	`182`	`}`
`183`	`183`
`184`	`184`	`exec { "initca ${name}":`
`185`		`- command => './easyrsa --batch init-pki && ./easyrsa --batch build-ca nopass',`
	`185`	`+ command => "./easyrsa --batch --pki-dir=${server_directory}/${name}/easy-rsa/keys init-pki && ./easyrsa --batch build-ca nopass",`
`186`	`186`	`cwd => "${server_directory}/${name}/easy-rsa",`
`187`	`187`	`creates => "${server_directory}/${name}/easy-rsa/keys/ca.crt",`
`188`	`188`	`environment => $_initca_environment,`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,8 @@`
`19`	`19`	`{`
`20`	`20`	`"operatingsystem": "Debian",`
`21`	`21`	`"operatingsystemrelease": [`
`22`		`- "11"`
	`22`	`+ "11",`
	`23`	`+ "12"`
`23`	`24`	`]`
`24`	`25`	`},`
`25`	`26`	`{`