class OpenvpnPlugin::OpenvpnServerCreate

Public Instance Methods

ask_for_cert_config() click to toggle source
# File lib/chef/knife/openvpn.rb, line 281
def ask_for_cert_config
  cert_config = {}
  strings_prompt_default = [
    ['C', 'Country Name', 'RU'],
    ['ST', 'State or Province Name', 'MSK'],
    ['L', 'Locality Name', 'Moscow'],
    ['O', 'Organization Name', 'Express 42'],
    ['OU', 'Organizational Unit Name', 'OPS'],
    ['mail', 'Email', 'ops@example.com']
  ]
  numeric_prompt_default = [
    ['rsa_keysize', 'RSA key size (1024/2048/4096)', '2048'],
    ['dh_keysize', 'DH key size (1024/2048/4096)', '1024'],
    ['years_to_expire', 'Expiration (in years from now)', '5']
  ]
  strings_prompt_default.each { |entry| cert_config[entry[0]] = read_with_prompt_and_default(entry[1], entry[2]) }
  numeric_prompt_default.each { |entry| cert_config[entry[0]] = read_with_prompt_and_default(entry[1], entry[2]).to_i }
  %w(rsa_keysize dh_keysize).each do |keysize|
    unless [1024, 2048, 4096].include? cert_config[keysize]
      fail_with "Wrong value for #{keysize}, must be one of 1024/2048/4096"
    end
  end
  cert_config
end
check_arguments() click to toggle source
# File lib/chef/knife/openvpn.rb, line 256
def check_arguments
  fail_with 'Specify NAME of new openvpn server!' unless name_args.size == 1
end
create_databag_dir(server_name) click to toggle source
# File lib/chef/knife/openvpn.rb, line 260
def create_databag_dir(server_name)
  databag_path = get_databag_path server_name
  Dir.mkdir(databag_path, 0755)
  databag_path
end
create_new_server(vpn_server_name) click to toggle source
# File lib/chef/knife/openvpn.rb, line 236
def create_new_server(vpn_server_name)
  now = Time.at(Time.now.to_i)
  cert_config = ask_for_cert_config
  ca_subject = make_name 'CA', cert_config
  ca_cert, ca_key = generate_cert_and_key ca_subject, cert_config, true
  server_subject = make_name vpn_server_name, cert_config
  server_cert, server_key = generate_cert_and_key server_subject, cert_config, false, ca_cert, ca_key
  dh_params = make_dh_params cert_config
  crl = issue_crl([], 1, now, now + 3600, [], ca_cert, ca_key, OpenSSL::Digest::SHA256.new)
  databag_path = get_databag_path vpn_server_name
  ui.info "Creating data bag directory at #{databag_path}"
  create_databag_dir vpn_server_name
  save_databag_item('openvpn-config', vpn_server_name, cert_config)
  save_databag_item('openvpn-ca', vpn_server_name, 'cert' => ca_cert.to_pem, 'key' => ca_key.to_pem)
  save_databag_item('openvpn-crl', vpn_server_name, 'crl' => crl.to_pem, 'revoke_info' => [])

  save_databag_item('openvpn-server', vpn_server_name, 'cert' => server_cert.to_pem, 'key' => server_key.to_pem)
  save_databag_item('openvpn-dh', vpn_server_name, 'dh' => dh_params.to_pem)
end
make_dh_params(cert_config) click to toggle source
# File lib/chef/knife/openvpn.rb, line 275
def make_dh_params(cert_config)
  keysize = cert_config['dh_keysize']
  dh_params = OpenSSL::PKey::DH.new keysize
  dh_params
end
read_with_prompt_and_default(prompt, default) click to toggle source
# File lib/chef/knife/openvpn.rb, line 266
def read_with_prompt_and_default(prompt, default)
  answer = Readline.readline("#{prompt} [#{default}]: ").strip
  if answer.empty?
    default
  else
    answer
  end
end
run() click to toggle source
# File lib/chef/knife/openvpn.rb, line 228
def run
  check_arguments
  vpn_server_name = name_args.first
  check_existing_databag vpn_server_name, true
  check_databag_secret
  create_new_server vpn_server_name
end