Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

ocserv (3) Versions 0.1.2

Installs/Configures OpenConnect VPN Server

Policyfile
Berkshelf
Knife
cookbook 'ocserv', '~> 0.1.2', :supermarket
cookbook 'ocserv', '~> 0.1.2'
knife supermarket install ocserv
knife supermarket download ocserv
README
Dependencies
Quality 0%

ocserv Cookbook

Build Status

Installs and configures ocserv, the OpenConnect server.

Requirements

Platforms

CentOS 6.8+, 7.2+ x86_64.

Chef

Chef 12+, preferably 12.5.1+ but older with compat-resource should work.

Cookbooks

Depends on the following cookbooks
* firewalld (the disable recipe is run on CentOS 7)
* line
* simple_iptables

Attributes

  • One of the following attributes must be populated or the service will not start:
    • node['ocserv']['config']['ipv4-network']: The pool of addresses that leases will be given from. If the leases are given via Radius, or via the explicit-ip? per-user config option then these network values should contain a network with at least a single address that will remain under the full control of ocserv (that is to be able to assign the local part of the tun device address). CIDR notation.
    • node['ocserv']['config']['ipv6-network']: The pool of addresses that leases will be given from. If the leases are given via Radius, or via the explicit-ip? per-user config option then these network values should contain a network with at least a single address that will remain under the full control of ocserv (that is to be able to assign the local part of the tun device address). IPv6 CIDR notation.

Attributes

ocserv::default

<table>
<tr>
<th>Key</th>
<th>Type</th>
<th>Description</th>
<th>Default</th>
</tr>
<tr>
<td><tt>['ocserv']['config']['ipv4-network']</tt></td>
<td>String</td>
<td>The pool of addresses that leases will be given from. If the leases are given via Radius, or via the explicit-ip? per-user config option then these network values should contain a network with at least a single address that will remain under the full control of ocserv (that is to be able to assign the local part of the tun device address). CIDR notation.</td>
<td><tt>nil</tt></td>
</tr>
<tr>
<td><tt>['ocserv']['config']['ipv6-network']</tt></td>
<td>String</td>
<td>IPv6 version of the above.</td>
<td><tt>nil</tt></td>
</tr>
<tr>
<td><tt>['ocserv']['config']['tcp-port']</tt></td>
<td>Integer</td>
<td>The TCP port that ocserv will use for TLS.</td>
<td><tt>443</tt></td>
</tr>
<tr>
<td><tt>['ocserv']['config']['udp-port']</tt></td>
<td>Integer</td>
<td>The UDP port that ocserv will use for DTLS.</td>
<td><tt>443</tt></td>
</tr>
<tr>
<td><tt>['ocserv']['config'][...]</tt></td>
<td>Object</td>
<td>Additional configuration key/value pairs can be set as attributes under node['ocserv']['config'] to change their defaults in the main configuration file.</td>
<td><tt>NA</tt></td>
</tr>
</table>

Recipes

ocserv::default

This recipe includes yum-epel::default and then installs the ocserv package from EPEL. If either or both of node['ocserv']['config']['ipv4-network'] or node['ocserv']['config']['ipv6-network'] are set, the ocserv service will be enabled and started. On CentOS 7.x firewalld is replaced with iptables. Any configuration key/values added to node['ocserv']['config'] will be set in the ocserv configuration file and iptables rules are created to allow traffic to the ports specified in node['ocserv']['config']['tcp-port'] and node['ocserv']['config']['udp-port'] (both default to 443).

ocserv::install_ocserv

If you'd prefer a less comprehensive solution this recipe will only install epel-release and ocserv and enable/start the service when a network is defined.

Custom Resources

ocserv_config

The custom resource ocserv_config is available for use to change a configuration item without setting node attributes. It is also used internally by the default recipe to apply configuration values specified in node['ocserv']['config']. See the ocserv manual for all options. This resource does not ensure that the keys or values you provide make any sense, but it will accurately replace existing values. An example:

ocserv_config 'dpd' do
  value '180'
end

would change the dpd configuration from the default (90) to 180.

The value property must be a string and is required.

Reading through the manual you will notice that some things are wrapped in double quotes. You'd be wise to follow suit, such as:

ocserv_config 'auth' do
  value '"plain[passwd=./sample.passwd,otp=./sample.otp]"'
end

Also, when replacing existing values, the new value gets moved to the bottom of the file.

Notes

Currently the ocserv package in epel-7 is broken. Since past package versions in EPEL are hard to find, this cookbook currently includes the most recent working x86_64 RPM for RHEL 7. Once bug 1400693 is resolved this will no longer be the case.

Contributing

  1. Fork the repository on BitBucket
  2. Create a named feature branch (like add_component_x)
  3. Write your change
  4. Write tests for your change (if applicable). Both ChefSpec and Serverspec tests exist.
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request.

License and Authors

Authors:

License: Apache 2.0

Dependent cookbooks

firewalld >= 0.0.0
yum-epel >= 0.0.0
simple_iptables >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Collaborator Number Metric
            

0.1.2 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

0.1.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

0.1.2 failed this metric

FC066: Ensure chef_version is set in metadata: ocserv/metadata.rb:1
FC069: Ensure standardized license defined in metadata: ocserv/metadata.rb:1
FC070: Ensure supports metadata defines valid platforms: ocserv/metadata.rb:1
FC072: Metadata should not contain "attribute" keyword: ocserv/metadata.rb:1
FC108: Resource should not define a property named 'name': ocserv/resources/config.rb:2
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric
            

0.1.2 failed this metric

Failure: Cookbook should not contain binaries. Found:
ocserv/files/default/ocserv-0.11.5-1.el7.x86_64.rpm

Testing File Metric
            

0.1.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.1.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number