2 # Cookbook Name:: openvpn
5 # Copyright 2012, OpenStreetMap Foundation
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # http://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
23 action [:enable, :start]
24 supports :status => true, :restart => true, :reload => true
28 node[:openvpn][:tunnels].each do |name, details|
29 if peer = search(:node, "fqdn:#{details[:peer][:host]}").first
30 if peer[:openvpn] && !details[:peer][:address]
31 node.default[:openvpn][:tunnels][name][:peer][:address] = peer[:openvpn][:address]
34 node.default[:openvpn][:tunnels][name][:peer][:networks] = peer.interfaces(:role => :internal).collect do |interface|
35 { :address => interface[:network], :netmask => interface[:netmask] }
38 node.default[:openvpn][:tunnels][name][:peer][:networks] = []
41 if details[:mode] == "client"
42 execute "openvpn-genkey-#{name}" do
43 command "openvpn --genkey --secret /etc/openvpn/#{name}.key"
46 creates "/etc/openvpn/#{name}.key"
49 if File.exist?("/etc/openvpn/#{name}.key")
50 node.set[:openvpn][:keys][name] = IO.read("/etc/openvpn/#{name}.key")
52 elsif peer && peer[:openvpn]
53 file "/etc/openvpn/#{name}.key" do
57 content peer[:openvpn][:keys][name]
61 if node[:openvpn][:tunnels][name][:peer][:address]
62 template "/etc/openvpn/#{name}.conf" do
63 source "tunnel.conf.erb"
67 variables :name => name,
68 :address => node[:openvpn][:address],
69 :port => node[:openvpn][:tunnels][name][:port],
70 :mode => node[:openvpn][:tunnels][name][:mode],
71 :peer => node[:openvpn][:tunnels][name][:peer]
72 notifies :restart, "service[openvpn]"
75 file "/etc/openvpn/#{name}.conf" do