example42 · lermit · Dec 18, 2013 · Dec 19, 2013 · Dec 19, 2013 · Dec 19, 2013
diff --git a/manifests/tunnel.pp b/manifests/tunnel.pp
@@ -40,6 +40,19 @@
 # [*push*]
 #   Push parameter
 #
+# [*compress*]
+#   Active comp-lzo (default false)
+#
+# [*keepalive]
+#   Active keepalive (default true).
+#   On client this parameter can be push by server
+#
+# [*keepalive_freq*]
+#   Keepalive test frequency (default 10s)
+#
+# [*keepalive_timeout*]
+#   Keepalive time before restart (default 60s)
+#
 # [*template*]
 #   Template to be used for the tunnel configuration.
 #   Default is openvpn/server.conf.erb
@@ -59,22 +72,28 @@
 #  }
 #
 define openvpn::tunnel (
-  $auth_type    = 'tls-server',
-  $mode         = 'server',
-  $remote       = '',
-  $port         = '1194',
-  $auth_key     = '',
-  $proto        = 'tcp',
-  $dev          = 'tun',
-  $server       = '10.8.0.0 255.255.255.0',
-  $route        = '',
-  $push         = '',
-  $template     = '',
-  $enable       = true ) {
+  $auth_type         = 'tls-server',
+  $mode              = 'server',
+  $remote            = '',
+  $port              = '1194',
+  $auth_key          = '',
+  $proto             = 'tcp',
+  $dev               = 'tun',
+  $server            = '10.8.0.0 255.255.255.0',
+  $route             = '',
+  $push              = '',
+  $template          = '',
+  $compress          = false,
+  $keepalive         = true,
+  $keepalive_freq    = "10",
+  $keepalive_timeout = "60",
+  $enable            = true ) {
 
   include openvpn
 
   $bool_enable=any2bool($enable)
+  $bool_compress=any2bool($compress)
+  $bool_keepalive=any2bool($keepalive)
 
   $manage_file = $bool_enable ? {
     true    => 'present',

diff --git a/spec/classes/openvpn_spec.rb b/spec/classes/openvpn_spec.rb
@@ -20,7 +20,7 @@
   describe 'Test decommissioning - absent' do
     let(:params) { {:absent => true, :monitor => true , :firewall => true, :port => '42', :protocol => 'tcp'} }
 
-    it 'should remove Package[openvpn]' do should contain_package('openvpn').with_ensure('absent') end 
+    it 'should remove Package[openvpn]' do should contain_package('openvpn').with_ensure('absent') end
     it 'should stop Service[openvpn]' do should contain_service('openvpn').with_ensure('stopped') end
     it 'should not enable at boot Service[openvpn]' do should contain_service('openvpn').with_enable('false') end
   end
@@ -35,23 +35,21 @@
 
   describe 'Test decommissioning - disableboot' do
     let(:params) { {:disableboot => true, :monitor => true , :firewall => true, :port => '42', :protocol => 'tcp'} }
-  
+
     it { should contain_package('openvpn').with_ensure('present') }
     it { should_not contain_service('openvpn').with_ensure('present') }
     it { should_not contain_service('openvpn').with_ensure('absent') }
     it 'should not enable at boot Service[openvpn]' do should contain_service('openvpn').with_enable('false') end
-  end 
+  end
 
   describe 'Test customizations - template' do
     let(:params) { {:template => "openvpn/spec.erb" , :options => { 'opt_a' => 'value_a' } } }
 
     it 'should generate a valid template' do
-      content = catalogue.resource('file', 'openvpn.conf').send(:parameters)[:content]
-      content.should match "fqdn: rspec.example42.com"
+      should contain_file('openvpn.conf').with_content(/fqdn: rspec\.example42\.com/)
     end
     it 'should generate a template that uses custom options' do
-      content = catalogue.resource('file', 'openvpn.conf').send(:parameters)[:content]
-      content.should match "value_a"
+      should contain_file('openvpn.conf').with_content(/value_a/)
     end
 
   end
@@ -60,16 +58,13 @@
     let(:params) { {:source => "puppet://modules/openvpn/spec" , :source_dir => "puppet://modules/openvpn/dir/spec" , :source_dir_purge => true } }
 
     it 'should request a valid source ' do
-      content = catalogue.resource('file', 'openvpn.conf').send(:parameters)[:source]
-      content.should == "puppet://modules/openvpn/spec"
+      should contain_file('openvpn.conf').with_source('puppet://modules/openvpn/spec')
     end
     it 'should request a valid source dir' do
-      content = catalogue.resource('file', 'openvpn.dir').send(:parameters)[:source]
-      content.should == "puppet://modules/openvpn/dir/spec"
+      should contain_file('openvpn.dir').with_source('puppet://modules/openvpn/dir/spec')
     end
     it 'should purge source dir if source_dir_purge is true' do
-      content = catalogue.resource('file', 'openvpn.dir').send(:parameters)[:purge]
-      content.should == true
+      should contain_file('openvpn.dir').with_purge(true)
     end
   end
 
@@ -82,17 +77,15 @@
     let(:params) { {:service_autorestart => "no" , :source => 'real' } }
 
     it 'should not automatically restart the service, when service_autorestart => false' do
-      content = catalogue.resource('file', 'openvpn.conf').send(:parameters)[:notify]
-      content.should be_nil
+      should contain_file('openvpn.conf').with_notify(nil)
     end
   end
 
   describe 'Test Puppi Integration' do
     let(:params) { {:puppi => true, :puppi_helper => "myhelper"} }
 
     it 'should generate a puppi::ze define' do
-      content = catalogue.resource('puppi::ze', 'openvpn').send(:parameters)[:helper]
-      content.should == "myhelper"
+      should contain_puppi__ze('openvpn').with_helper('myhelper')
     end
   end
 

diff --git a/spec/defines/openvpn_tunnel_spec.rb b/spec/defines/openvpn_tunnel_spec.rb
@@ -20,40 +20,72 @@
       should contain_file('openvpn_mytunnel.conf').with_ensure('present')
     end
     it 'should populate correctly the openvpn::tunnel configuration file' do
-      content = catalogue.resource('file', 'openvpn_mytunnel.conf').send(:parameters)[:content]
-      content.should match "secret /etc/openvpn/mytunnel.key "
+      should contain_file('openvpn_mytunnel.conf').with_content(/secret \/etc\/openvpn\/mytunnel\.key/)
     end
     it 'should create a key file when auth_key is provided' do
-      content = catalogue.resource('file', 'openvpn_mytunnel.key').send(:parameters)[:source]
-      content.should match "mykey"
+      should contain_file('openvpn_mytunnel.key').with_source(/mykey/)
     end
   end
 
   describe 'Test many remote configuration' do
-    let(:params) { { 
+    let(:params) { {
       :name   => 'mytunnel',
       :mode   => 'client',
       :port   => '1150',
       :remote => ['vpn1.example42.com','vpn2.example42.com'],
     } }
     it { should contain_file('openvpn_mytunnel.conf').with_content(/remote vpn1.example42.com 1150\nremote vpn2.example42.com 1150/) }
   end
-
+
+  describe 'Test Monitoring Tools Integration' do
+    let(:facts) { {:monitor => true, :monitor_tool => "puppi", :monitor_target => "2.2.2.2" } }
+
+    it 'should generate monitor defines' do
+      should contain_monitor__process('openvpn_mytunnel_process').with_tool('puppi')
+    end
+  end
+
+  describe 'Test client compress configuration' do
+    let(:params) { {
+      :name     => 'mytunnel',
+      :mode     => 'client',
+      :compress => true,
+    } }
+    it { should contain_file('openvpn_mytunnel.conf').with_content(/comp-lzo/) }
+  end
+
+  describe 'Test Monitoring Tools Integration' do
+    let(:facts) { {:monitor => true, :monitor_tool => "puppi", :monitor_target => "2.2.2.2" } }
+
+    it 'should generate monitor defines' do
+      should contain_monitor__process('openvpn_mytunnel_process').with_tool('puppi')
+    end
+  end
+
+  describe 'Test client keepalive configuration' do
+    let(:params) { {
+      :name              => 'mytunnel',
+      :mode              => 'client',
+      :keepalive         => true,
+      :keepalive_freq    => '42',
+      :keepalive_timeout => '4242',
+    } }
+    it { should contain_file('openvpn_mytunnel.conf').with_content(/keepalive 42 4242/) }
+  end
+
   describe 'Test Monitoring Tools Integration' do
     let(:facts) { {:monitor => true, :monitor_tool => "puppi", :monitor_target => "2.2.2.2" } }
 
     it 'should generate monitor defines' do
-      content = catalogue.resource('monitor::process', 'openvpn_mytunnel_process').send(:parameters)[:tool]
-      content.should == "puppi"
+      should contain_monitor__process('openvpn_mytunnel_process').with_tool('puppi')
     end
   end
 
   describe 'Test Firewall Tools Integration' do
     let(:facts) { {:firewall => true, :firewall_tool => "iptables" } }
 
     it 'should generate correct firewall define' do
-      content = catalogue.resource('firewall', 'openvpn_mytunnel_tcp_1150').send(:parameters)[:tool]
-      content.should == "iptables"
+      should contain_firewall('openvpn_mytunnel_tcp_1150').with_tool('iptables')
     end
   end
 

diff --git a/templates/client.conf.erb b/templates/client.conf.erb
@@ -24,19 +24,22 @@ tls-client
 ca ca.crt
 cert <%= @hostname %>.crt
 key <%= @hostname %>.key
-tls-client
 pull
 <% end -%>
 
 ns-cert-type server
 verb 3
 ;mute 20
 user <%= scope.lookupvar("openvpn::process_user") %>
-group <%= scope.lookupvar("openvpn::process_user") %>
+group <%= scope.lookupvar("openvpn::process_group") %>
 
-keepalive 10 60
+<% if @bool_compress -%>
+comp-lzo
+<% end -%>
+<% if @bool_keepalive -%>
+keepalive <%= @keepalive_freq %> <%= @keepalive_timeout %>
+<% end -%>
 inactive 0
 # cipher x
-# comp-lzo # Compress data
 # client-connect /etc/openvpn/script/client_connect
 # client-disconnect /etc/openvpn/script/client_disconnect