cookbook 'ocserv', '~> 0.1.2'
ocserv (3) Versions 0.1.2 Follow0
Installs/Configures OpenConnect VPN Server
cookbook 'ocserv', '~> 0.1.2', :supermarket
knife supermarket install ocserv
knife supermarket download ocserv
ocserv Cookbook
Installs and configures ocserv, the OpenConnect server.
Requirements
Platforms
CentOS 6.8+, 7.2+ x86_64.
Chef
Chef 12+, preferably 12.5.1+ but older with compat-resource
should work.
Cookbooks
Depends on the following cookbooks
* firewalld (the disable
recipe is run on CentOS 7)
* line
* simple_iptables
Attributes
- One of the following attributes must be populated or the service will not start:
-
node['ocserv']['config']['ipv4-network']
: The pool of addresses that leases will be given from. If the leases are given via Radius, or via the explicit-ip? per-user config option then these network values should contain a network with at least a single address that will remain under the full control of ocserv (that is to be able to assign the local part of the tun device address). CIDR notation. -
node['ocserv']['config']['ipv6-network']
: The pool of addresses that leases will be given from. If the leases are given via Radius, or via the explicit-ip? per-user config option then these network values should contain a network with at least a single address that will remain under the full control of ocserv (that is to be able to assign the local part of the tun device address). IPv6 CIDR notation.
-
Attributes
ocserv::default
<table>
<tr>
<th>Key</th>
<th>Type</th>
<th>Description</th>
<th>Default</th>
</tr>
<tr>
<td><tt>['ocserv']['config']['ipv4-network']</tt></td>
<td>String</td>
<td>The pool of addresses that leases will be given from. If the leases are given via Radius, or via the explicit-ip? per-user config option then these network values should contain a network with at least a single address that will remain under the full control of ocserv (that is to be able to assign the local part of the tun device address). CIDR notation.</td>
<td><tt>nil</tt></td>
</tr>
<tr>
<td><tt>['ocserv']['config']['ipv6-network']</tt></td>
<td>String</td>
<td>IPv6 version of the above.</td>
<td><tt>nil</tt></td>
</tr>
<tr>
<td><tt>['ocserv']['config']['tcp-port']</tt></td>
<td>Integer</td>
<td>The TCP port that ocserv will use for TLS.</td>
<td><tt>443</tt></td>
</tr>
<tr>
<td><tt>['ocserv']['config']['udp-port']</tt></td>
<td>Integer</td>
<td>The UDP port that ocserv will use for DTLS.</td>
<td><tt>443</tt></td>
</tr>
<tr>
<td><tt>['ocserv']['config'][...]</tt></td>
<td>Object</td>
<td>Additional configuration key/value pairs can be set as attributes under node['ocserv']['config']
to change their defaults in the main configuration file.</td>
<td><tt>NA</tt></td>
</tr>
</table>
Recipes
ocserv::default
This recipe includes yum-epel::default
and then installs the ocserv
package from EPEL. If either or both of node['ocserv']['config']['ipv4-network']
or node['ocserv']['config']['ipv6-network']
are set, the ocserv service will be enabled and started. On CentOS 7.x firewalld is replaced with iptables. Any configuration key/values added to node['ocserv']['config']
will be set in the ocserv configuration file and iptables rules are created to allow traffic to the ports specified in node['ocserv']['config']['tcp-port']
and node['ocserv']['config']['udp-port']
(both default to 443).
ocserv::install_ocserv
If you'd prefer a less comprehensive solution this recipe will only install epel-release
and ocserv
and enable/start the service when a network is defined.
Custom Resources
ocserv_config
The custom resource ocserv_config
is available for use to change a configuration item without setting node attributes. It is also used internally by the default recipe to apply configuration values specified in node['ocserv']['config']
. See the ocserv manual for all options. This resource does not ensure that the keys or values you provide make any sense, but it will accurately replace existing values. An example:
ocserv_config 'dpd' do
value '180'
end
would change the dpd
configuration from the default (90) to 180.
The value
property must be a string and is required.
Reading through the manual you will notice that some things are wrapped in double quotes. You'd be wise to follow suit, such as:
ocserv_config 'auth' do
value '"plain[passwd=./sample.passwd,otp=./sample.otp]"'
end
Also, when replacing existing values, the new value gets moved to the bottom of the file.
Notes
Currently the ocserv package in epel-7 is broken. Since past package versions in EPEL are hard to find, this cookbook currently includes the most recent working x86_64 RPM for RHEL 7. Once bug 1400693 is resolved this will no longer be the case.
Contributing
- Fork the repository on BitBucket
- Create a named feature branch (like
add_component_x
) - Write your change
- Write tests for your change (if applicable). Both ChefSpec and Serverspec tests exist.
- Run the tests, ensuring they all pass
- Submit a Pull Request.
License and Authors
Authors:
- David Schlenk dschlenk@convergeone.com
- Pete Wall
License: Apache 2.0
Dependent cookbooks
firewalld >= 0.0.0 |
yum-epel >= 0.0.0 |
simple_iptables >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
0.1.2 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.2 failed this metric
FC066: Ensure chef_version is set in metadata: ocserv/metadata.rb:1
FC069: Ensure standardized license defined in metadata: ocserv/metadata.rb:1
FC070: Ensure supports metadata defines valid platforms: ocserv/metadata.rb:1
FC072: Metadata should not contain "attribute" keyword: ocserv/metadata.rb:1
FC108: Resource should not define a property named 'name': ocserv/resources/config.rb:2
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.1.2 failed this metric
Failure: Cookbook should not contain binaries. Found:
ocserv/files/default/ocserv-0.11.5-1.el7.x86_64.rpm
Testing File Metric
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.2 failed this metric
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.2 failed this metric
FC066: Ensure chef_version is set in metadata: ocserv/metadata.rb:1
FC069: Ensure standardized license defined in metadata: ocserv/metadata.rb:1
FC070: Ensure supports metadata defines valid platforms: ocserv/metadata.rb:1
FC072: Metadata should not contain "attribute" keyword: ocserv/metadata.rb:1
FC108: Resource should not define a property named 'name': ocserv/resources/config.rb:2
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.1.2 failed this metric
Failure: Cookbook should not contain binaries. Found:
ocserv/files/default/ocserv-0.11.5-1.el7.x86_64.rpm
Testing File Metric
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.2 failed this metric
FC069: Ensure standardized license defined in metadata: ocserv/metadata.rb:1
FC070: Ensure supports metadata defines valid platforms: ocserv/metadata.rb:1
FC072: Metadata should not contain "attribute" keyword: ocserv/metadata.rb:1
FC108: Resource should not define a property named 'name': ocserv/resources/config.rb:2
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.1.2 failed this metric
Failure: Cookbook should not contain binaries. Found:
ocserv/files/default/ocserv-0.11.5-1.el7.x86_64.rpm
Testing File Metric
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.2 failed this metric
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number