class OpenvpnPlugin::OpenvpnUserExport
Public Instance Methods
check_arguments()
click to toggle source
# File lib/chef/knife/openvpn.rb, line 442 def check_arguments unless name_args.size == 2 fail_with 'Specify SERVERNAME and USERNAME for new openvpn user!' end end
export_file(file_path, content)
click to toggle source
# File lib/chef/knife/openvpn.rb, line 400 def export_file(file_path, content) File.write file_path, content FileUtils.chmod 'u=wr,go-wr', file_path end
export_user(server_name, user_name)
click to toggle source
# File lib/chef/knife/openvpn.rb, line 364 def export_user(server_name, user_name) databag_name = get_databag_name server_name ca_item = load_databag_item(databag_name, 'openvpn-ca') ca_cert, _ca_key = load_cert_and_key ca_item['cert'], ca_item['key'] ta_key = '' begin ta_item = load_databag_item(databag_name, 'openvpn-ta') ta_key = ta_item['ta'] rescue Net::HTTPServerException ui.warn 'Unable to load openvpn-ta, proceding without it. (Ignore unless you use tls-auth)' end user_item = load_databag_item(databag_name, user_name) user_cert, _user_key = load_cert_and_key user_item['cert'], user_item['key'] tmpdir = Dir.mktmpdir begin user_dir = "#{tmpdir}/#{user_name}-vpn" Dir.mkdir user_dir export_file "#{user_dir}/ca.crt", ca_cert.to_pem export_file "#{user_dir}/#{user_name}.crt", user_cert.to_pem export_file "#{user_dir}/#{user_name}.key", user_item['key'].to_s export_file "#{user_dir}/ta.key", ta_key unless ta_key.empty? config_content = generate_client_config server_name, user_name export_file "#{user_dir}/#{user_name}.ovpn", config_content exitcode = system("cd #{tmpdir} && tar cfz /tmp/#{user_name}-vpn.tar.gz *") if exitcode ui.info "Done, archive at /tmp/#{user_name}-vpn.tar.gz" else ui.error "Something went wrong, cant create archive at /tmp/#{user_name}-vpn.tar.gz" end ensure FileUtils.rm_rf(tmpdir) end end
generate_client_config(server_name, user_name)
click to toggle source
# File lib/chef/knife/openvpn.rb, line 405 def generate_client_config(server_name, user_name) query = "openvpn_server_name:#{server_name}" query_nodes = Chef::Search::Query.new search_result = query_nodes.search('node', query)[0] if search_result.empty? fail_with "Cant find vpn server named '#{server_name}', chef search for node with attribute openvpn.server_name:#{server_name} return no result" end config_content = '' newline = "\n" node = search_result[0] config = Chef::Mixin::DeepMerge.merge(node['openvpn']['default'].to_hash, node['openvpn'][server_name].to_hash) config_content << 'client' << newline config_content << "dev #{config['dev']}" << newline config_content << "proto #{config['proto']}" << newline search_result.each do |result| if result['openvpn'][server_name]['remote'].nil? config_content << "remote #{result['openvpn'][server_name]['remote_host']} " config_content << config['port'].to_s << newline else result['openvpn'][server_name]['remote'].each do |remote| config_content << "remote #{remote}" << newline end end end config_content << "verb #{config['verb']}" << newline config_content << 'comp-lzo' << newline config_content << 'ca ca.crt' << newline config_content << "cert #{user_name}.crt" << newline config_content << "key #{user_name}.key" << newline config_content << 'tls-auth ta.key 1' << newline if config['use_tls_auth'] config_content << 'ns-cert-type server' << newline config_content << 'nobind' << newline config_content << 'persist-key' << newline config_content << 'persist-tun' << newline config_content end
run()
click to toggle source
# File lib/chef/knife/openvpn.rb, line 355 def run check_arguments server_name = name_args[0] user_name = name_args[1] check_existing_databag server_name, false check_databag_secret export_user server_name, user_name end