Skip to content

Commit bd2301d

Browse files
ValantinValantin
committed
Fix Archlinux support
1 parent 58f4130 commit bd2301d

File tree

6 files changed

+64
-4
lines changed

6 files changed

+64
-4
lines changed

data/family/Archlinux.yaml

+8-4
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,12 @@
11
openvpn::etc_directory: '/etc'
22
openvpn::additional_packages: ['easy-rsa']
3-
openvpn::easyrsa_source: '/usr/share/easy-rsa/'
4-
openvpn::group: 'nobody'
3+
openvpn::easyrsa_source: '/etc/easy-rsa/'
4+
openvpn::group: 'network'
55
openvpn::ldap_auth_plugin_location: ~
6-
openvpn::pam_module_path: ~
7-
openvpn::link_openssl_cnf: true
6+
openvpn::pam_module_path: /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
7+
openvpn::link_openssl_cnf: false
88
openvpn::namespecific_rclink: false
9+
openvpn::server_directory: '/etc/openvpn/server'
10+
openvpn::server_service_name: 'openvpn-server'
11+
openvpn::server::user: 'openvpn'
12+
openvpn::server::group: 'network'

manifests/ca.pp

+40
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,14 @@
8686
require => File["${server_directory}/${name}/easy-rsa"],
8787
}
8888

89+
if $facts['os']['family'] == 'Archlinux' {
90+
file { "${server_directory}/${name}/easy-rsa/easyrsa":
91+
ensure => link,
92+
target => '/bin/easyrsa',
93+
require => File["${server_directory}/${name}/easy-rsa"],
94+
}
95+
}
96+
8997
case $openvpn::easyrsa_version {
9098
'3.0': {
9199
file { "${server_directory}/${name}/easy-rsa/vars":
@@ -173,6 +181,38 @@
173181
creates => "${server_directory}/${name}/crl.pem",
174182
provider => 'shell',
175183
}
184+
185+
if $facts['os']['family'] == 'Archlinux' {
186+
file { [
187+
"${server_directory}/${name}/easy-rsa/keys/issued",
188+
"${server_directory}/${name}/easy-rsa/keys/issued/${common_name}.crt",
189+
]:
190+
mode => '0640',
191+
owner => 'openvpn',
192+
group => $openvpn::group,
193+
require => Exec["generate server cert ${name}"],
194+
}
195+
196+
file { [
197+
"${server_directory}/${name}/easy-rsa/keys/private",
198+
"${server_directory}/${name}/easy-rsa/keys/private/${common_name}.key",
199+
]:
200+
mode => '0640',
201+
owner => 'openvpn',
202+
group => $openvpn::group,
203+
require => Exec["generate server cert ${name}"],
204+
}
205+
206+
file { [
207+
"${server_directory}/${name}/easy-rsa/keys",
208+
"${server_directory}/${name}/easy-rsa/keys/dh.pem",
209+
]:
210+
mode => '0640',
211+
owner => 'openvpn',
212+
group => $openvpn::group,
213+
require => Exec["generate dh param ${name}"],
214+
}
215+
}
176216
}
177217
default: {
178218
fail("unexepected value for EasyRSA version, got '${openvpn::easyrsa_version}', expect 3.0.")

manifests/install.pp

+7
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,13 @@
99
ensure_packages($openvpn::additional_packages)
1010
}
1111

12+
if $facts['os']['family'] == 'Archlinux' {
13+
File {
14+
owner => $openvpn::server::user,
15+
group => $openvpn::server::group,
16+
}
17+
}
18+
1219
file {
1320
["${openvpn::etc_directory}/openvpn", "${openvpn::etc_directory}/openvpn/keys", '/var/log/openvpn',]:
1421
ensure => directory,

manifests/server.pp

+6
Original file line numberDiff line numberDiff line change
@@ -469,6 +469,12 @@
469469
# Template might need script directory
470470
$_script_dir = "${server_directory}/${name}/scripts"
471471

472+
if $facts['os']['family'] == 'Archlinux' {
473+
$set_user_group = false
474+
} else {
475+
$set_user_group = true
476+
}
477+
472478
file { "${server_directory}/${name}.conf":
473479
owner => root,
474480
group => 0,

spec/acceptance/openvpn_spec.rb

+1
Original file line numberDiff line numberDiff line change
@@ -335,6 +335,7 @@
335335
scp_to(hosts_as('vpnclienta'), "#{server_name}-vpnclienta.tar.gz", '/tmp')
336336
on(hosts_as('vpnclienta'), "tar xvfz /tmp/#{server_name}-vpnclienta.tar.gz -C #{client_directory}")
337337
on(hosts_as('vpnclienta'), "cp -a #{client_directory}/#{server_name}-vpnclienta/* #{client_directory}/")
338+
on(hosts_as('vpnclienta'), "chown openvpn:network -R #{client_directory}/client/vpnclienta") if default[:platform].start_with?('archlinux')
338339
on(hosts_as('vpnclienta'), "systemctl enable #{client_service}@#{server_name}-vpnclienta")
339340
on(hosts_as('vpnclienta'), "systemctl restart #{client_service}@#{server_name}-vpnclienta")
340341
end

templates/server.erb

+2
Original file line numberDiff line numberDiff line change
@@ -74,8 +74,10 @@ tls-client
7474
<% if @compression -%>
7575
<%= @compression %>
7676
<% end -%>
77+
<% if @set_user_group %>
7778
group <%= @group_to_set %>
7879
user <%= @user %>
80+
<% end -%>
7981
<% if @logfile -%>
8082
log-append <%= @logfile %>
8183
<% end -%>

0 commit comments

Comments
 (0)