class OpenvpnPlugin::OpenvpnServerCreate
Public Instance Methods
ask_for_cert_config()
click to toggle source
# File lib/chef/knife/openvpn.rb, line 281 def ask_for_cert_config cert_config = {} strings_prompt_default = [ ['C', 'Country Name', 'RU'], ['ST', 'State or Province Name', 'MSK'], ['L', 'Locality Name', 'Moscow'], ['O', 'Organization Name', 'Express 42'], ['OU', 'Organizational Unit Name', 'OPS'], ['mail', 'Email', 'ops@example.com'] ] numeric_prompt_default = [ ['rsa_keysize', 'RSA key size (1024/2048/4096)', '2048'], ['dh_keysize', 'DH key size (1024/2048/4096)', '1024'], ['years_to_expire', 'Expiration (in years from now)', '5'] ] strings_prompt_default.each { |entry| cert_config[entry[0]] = read_with_prompt_and_default(entry[1], entry[2]) } numeric_prompt_default.each { |entry| cert_config[entry[0]] = read_with_prompt_and_default(entry[1], entry[2]).to_i } %w(rsa_keysize dh_keysize).each do |keysize| unless [1024, 2048, 4096].include? cert_config[keysize] fail_with "Wrong value for #{keysize}, must be one of 1024/2048/4096" end end cert_config end
check_arguments()
click to toggle source
# File lib/chef/knife/openvpn.rb, line 256 def check_arguments fail_with 'Specify NAME of new openvpn server!' unless name_args.size == 1 end
create_databag_dir(server_name)
click to toggle source
# File lib/chef/knife/openvpn.rb, line 260 def create_databag_dir(server_name) databag_path = get_databag_path server_name Dir.mkdir(databag_path, 0755) databag_path end
create_new_server(vpn_server_name)
click to toggle source
# File lib/chef/knife/openvpn.rb, line 236 def create_new_server(vpn_server_name) now = Time.at(Time.now.to_i) cert_config = ask_for_cert_config ca_subject = make_name 'CA', cert_config ca_cert, ca_key = generate_cert_and_key ca_subject, cert_config, true server_subject = make_name vpn_server_name, cert_config server_cert, server_key = generate_cert_and_key server_subject, cert_config, false, ca_cert, ca_key dh_params = make_dh_params cert_config crl = issue_crl([], 1, now, now + 3600, [], ca_cert, ca_key, OpenSSL::Digest::SHA256.new) databag_path = get_databag_path vpn_server_name ui.info "Creating data bag directory at #{databag_path}" create_databag_dir vpn_server_name save_databag_item('openvpn-config', vpn_server_name, cert_config) save_databag_item('openvpn-ca', vpn_server_name, 'cert' => ca_cert.to_pem, 'key' => ca_key.to_pem) save_databag_item('openvpn-crl', vpn_server_name, 'crl' => crl.to_pem, 'revoke_info' => []) save_databag_item('openvpn-server', vpn_server_name, 'cert' => server_cert.to_pem, 'key' => server_key.to_pem) save_databag_item('openvpn-dh', vpn_server_name, 'dh' => dh_params.to_pem) end
make_dh_params(cert_config)
click to toggle source
# File lib/chef/knife/openvpn.rb, line 275 def make_dh_params(cert_config) keysize = cert_config['dh_keysize'] dh_params = OpenSSL::PKey::DH.new keysize dh_params end
read_with_prompt_and_default(prompt, default)
click to toggle source
# File lib/chef/knife/openvpn.rb, line 266 def read_with_prompt_and_default(prompt, default) answer = Readline.readline("#{prompt} [#{default}]: ").strip if answer.empty? default else answer end end
run()
click to toggle source
# File lib/chef/knife/openvpn.rb, line 228 def run check_arguments vpn_server_name = name_args.first check_existing_databag vpn_server_name, true check_databag_secret create_new_server vpn_server_name end