(openvpnas) openvpnas module install tests

dtapiacl · dtapiacl · commit 8c30c2b40176 · 2025-10-07T17:11:49.000-03:00
diff --git a/Puppetfile b/Puppetfile
@@ -30,6 +30,7 @@ mod 'lsst/java_artisanal', '3.4.1'
 mod 'lsst/kubectl', '1.2.0'
 mod 'lsst/maven', '3.1.0'
 mod 'lsst/nm', '0.3.0'
+mod 'lsst/openvpnas', git: 'https://github.com/lsst-it/puppet-openvpnas', ref: '026a9c4'
 mod 'lsst/pi', '1.0.0'
 mod 'lsst/powertop', '0.1.2'
 mod 'lsst/rke', '2.1.0'
diff --git a/hieradata/role/openvpnas.yaml b/hieradata/role/openvpnas.yaml
@@ -0,0 +1,6 @@
+---
+classes:
+  - "profile::core::common"
+  - "profile::core::openvpnas"
+
+profile::core::openvpnas::version: "3.0.1_84b60e70"
diff --git a/site/profile/manifests/core/openvpnas.pp b/site/profile/manifests/core/openvpnas.pp
@@ -0,0 +1,45 @@
+# @summary
+#   Installs OpenVPN Access Server.
+#
+# @param version
+#   Sets version lock for OpenVPN package.
+#
+# @param bind_pw
+#   Optional. LDAP bind password for OpenVPN Access Server.
+#
+class profile::core::openvpnas (
+  String[1] $version,
+  Optional[String[1]] $bind_pw = undef,
+) {
+  # include profile::core::letsencrypt
+
+  class { 'openvpnas':
+    # Repository and package management
+    manage_repo         => true,
+    version             => $version,
+    versionlock_enable  => true,
+    versionlock_release => '1.el9',
+
+    # Service management
+    manage_service      => true,
+
+    # Configuration
+    config              => {
+      'auth.ldap.0.add_req'           => 'memberOf=cn=vpn,cn=groups,cn=accounts,dc=lsst,dc=cloud',
+      'auth.module.type'              => 'ldap',
+      'auth.ldap.0.server.0.host'     => 'ipa1.cp.lsst.org',
+      'auth.ldap.0.server.1.host'     => 'ipa1.ls.lsst.org',
+      'auth.ldap.0.bind_dn'           => 'uid=svc_openvpnas,cn=users,cn=accounts,dc=lsst,dc=cloud',
+      'auth.ldap.0.bind_pw'           => $bind_pw,
+      'auth.ldap.0.enable'            => 'true',
+      'auth.ldap.0.users_base_dn'     => 'cn=accounts,dc=lsst,dc=cloud',
+      'auth.ldap.0.use_ssl'           => 'never',
+      'auth.ldap.0.ssl_verify'        => 'internal',
+      'auth.ldap.0.timeout'           => '4',
+      'auth.ldap.0.name'              => 'Rubin LDAP Servers',
+      'auth.ldap.0.uname_attr'        => 'uid',
+      'auth.ldap.0.user_exists_check' => 'true',
+      'auth.local.0.enable'           => 'false',
+    },
+  }
+}
