(install.pp) extend install features

dtapiacl · dtapiacl · commit b089a407ea51 · 2025-09-30T17:46:07.000-03:00
diff --git a/README.md b/README.md
@@ -10,6 +10,10 @@
 
 Puppet module to manage OpenVPN servers and clients.
 
+This module supports both:
+* **OpenVPN (community edition)** — the default package and service.
+* **OpenVPN Access Server (`openvpn-as`)** — installable by overriding parameters.
+
 ## Features
 
 * Client-specific rules and access policies
@@ -40,6 +44,26 @@ The supported Puppet versions are listed in the [metadata.json](metadata.json)
 
 Please see [REFERENCE.md](https://github.com/voxpupuli/puppet-openvpn/blob/master/REFERENCE.md) for more details.
 
+## Additional Parameters
+
+The following parameters were added to support OpenVPN Access Server
+and to make package/service management configurable:
+
+- `package_name` (String, default: `openvpn`)
+  Package name to install. Override with `openvpn-as` to install Access Server.
+
+- `package_ensure` (String, default: `present`)
+  Desired package state (e.g. `present`, `latest`, `absent`).
+
+- `service_name` (String, default: `openvpn`)
+  Name of the service resource to manage. Override with `openvpnas` for Access Server.
+
+- `service_enable` (Boolean, default: `true`)
+  Whether to enable the service at boot.
+
+- `service_ensure` (Enum: `running`|`stopped`, default: `running`)
+  Desired running state of the service.
+
 ## Example with hiera
 
 ```yaml
@@ -76,6 +100,16 @@ openvpn::revokes:
 
 Don't forget the sysctl directive ```net.ipv4.ip_forward```!
 
+## Example with OpenVPN Access Server (openvpn-as)
+
+```yaml
+---
+classes:
+  - openvpn
+
+openvpn::package_name: 'openvpn-as'
+openvpn::service_name: 'openvpnas'
+```
 ## Encryption Choices
 
 This module provides certain default parameters for the openvpn encryption settings.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -8,8 +8,9 @@
 
 * [`openvpn`](#openvpn): This module installs the openvpn service, configures vpn endpoints, generates client certificates, and generates client config files
 * [`openvpn::config`](#openvpn--config): This class sets up the openvpn enviornment as well as the default config file
-* [`openvpn::install`](#openvpn--install): This module installs the openvpn service, configures vpn endpoints, generates client certificates, and generates client config files
-* [`openvpn::service`](#openvpn--service): This class maintains the openvpn service.
+* [`openvpn::install`](#openvpn--install): This module installs and manages OpenVPN (community edition) or OpenVPN Access Server,
+* [`openvpn::service`](#openvpn--service): This class maintains the OpenVPN service (community edition) or
+the OpenVPN Access Server service if overridden.
 
 ### Defined types
 
@@ -60,6 +61,11 @@ The following parameters are available in the `openvpn` class:
 * [`servers`](#-openvpn--servers)
 * [`server_directory`](#-openvpn--server_directory)
 * [`server_service_name`](#-openvpn--server_service_name)
+* [`package_name`](#-openvpn--package_name)
+* [`package_ensure`](#-openvpn--package_ensure)
+* [`service_name`](#-openvpn--service_name)
+* [`service_enable`](#-openvpn--service_enable)
+* [`service_ensure`](#-openvpn--service_ensure)
 
 ##### <a name="-openvpn--autostart_all"></a>`autostart_all`
 
@@ -203,17 +209,117 @@ Data type: `String[1]`
 
 Name of the openvpn server service. This is usually `openvpn`, but RHEL/CentOS 8 uses `openvpn-server`.
 
+##### <a name="-openvpn--package_name"></a>`package_name`
+
+Data type: `String[1]`
+
+
+
+Default value: `'openvpn'`
+
+##### <a name="-openvpn--package_ensure"></a>`package_ensure`
+
+Data type: `String[1]`
+
+
+
+Default value: `'present'`
+
+##### <a name="-openvpn--service_name"></a>`service_name`
+
+Data type: `String[1]`
+
+
+
+Default value: `'openvpn'`
+
+##### <a name="-openvpn--service_enable"></a>`service_enable`
+
+Data type: `Boolean`
+
+
+
+Default value: `true`
+
+##### <a name="-openvpn--service_ensure"></a>`service_ensure`
+
+Data type: `Enum['running','stopped']`
+
+
+
+Default value: `'running'`
+
 ### <a name="openvpn--config"></a>`openvpn::config`
 
 This class sets up the openvpn enviornment as well as the default config file
 
 ### <a name="openvpn--install"></a>`openvpn::install`
 
-This module installs the openvpn service, configures vpn endpoints, generates client certificates, and generates client config files
+configures VPN endpoints, generates client certificates, and generates client config files.
+
+The name of the package to install (default: `openvpn`).
+
+The desired state of the package (default: `present`).
+
+#### Parameters
+
+The following parameters are available in the `openvpn::install` class:
+
+* [`package_name`](#-openvpn--install--package_name)
+* [`package_ensure`](#-openvpn--install--package_ensure)
+
+##### <a name="-openvpn--install--package_name"></a>`package_name`
+
+Data type: `String[1]`
+
+
+
+Default value: `'openvpn'`
+
+##### <a name="-openvpn--install--package_ensure"></a>`package_ensure`
+
+Data type: `String[1]`
+
+
+
+Default value: `'present'`
 
 ### <a name="openvpn--service"></a>`openvpn::service`
 
-This class maintains the openvpn service.
+This class maintains the OpenVPN service (community edition) or
+the OpenVPN Access Server service if overridden.
+
+#### Parameters
+
+The following parameters are available in the `openvpn::service` class:
+
+* [`service_name`](#-openvpn--service--service_name)
+* [`service_enable`](#-openvpn--service--service_enable)
+* [`service_ensure`](#-openvpn--service--service_ensure)
+
+##### <a name="-openvpn--service--service_name"></a>`service_name`
+
+Data type: `String[1]`
+
+
+
+Default value: `'openvpn'`
+
+##### <a name="-openvpn--service--service_enable"></a>`service_enable`
+
+Data type: `Boolean`
+
+
+
+Default value: `true`
+
+##### <a name="-openvpn--service--service_ensure"></a>`service_ensure`
+
+Data type: `Enum['running','stopped']`
+
+
+
+Default value: `'running'`
 
 ## Defined types
 
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -51,62 +51,60 @@
   Hash                                 $revokes                         = {},
   Hash                                 $server_defaults                 = {},
   Hash                                 $servers                         = {},
+
+  String[1]                            $package_name   = 'openvpn',
+  String[1]                            $package_ensure = 'present',
+  String[1]                            $service_name   = 'openvpn',
+  Boolean                              $service_enable = true,
+  Enum['running','stopped']            $service_ensure = 'running',
 ) {
   $easyrsa_version = $facts['easyrsa'] ? {
     undef   => $default_easyrsa_ver,
     default => $facts['easyrsa'],
   }
 
-  include openvpn::install
-  include openvpn::config
-
-  Class['openvpn::install']
-  -> Class['openvpn::config']
-  -> Class['openvpn']
+  # Install with params
+  class { 'openvpn::install':
+    package_name   => $package_name,
+    package_ensure => $package_ensure,
+  }
 
-  if $facts['service_provider'] != 'systemd' {
-    class { 'openvpn::service':
-      subscribe => [Class['openvpn::config'], Class['openvpn::install']],
-    }
+  class { 'openvpn::config': }
 
-    if empty($servers) {
-      Class['openvpn::service'] -> Class['openvpn']
-    }
+  # Service with params
+  class { 'openvpn::service':
+    service_name   => $service_name,
+    service_enable => $service_enable,
+    service_ensure => $service_ensure,
   }
 
+  # Ordering
+  Class['openvpn::install']
+  -> Class['openvpn::config']
+  ~> Class['openvpn::service']
+
+  # Existing loops unchanged
   $clients.each |$name, $params| {
-    openvpn::client {
-      default:
-        * => $client_defaults;
-      $name:
-        * => $params;
+    openvpn::client { $name:
+      * => merge($client_defaults, $params),
     }
   }
 
   $client_specific_configs.each |$name, $params| {
-    openvpn::client_specific_config {
-      default:
-        * => $client_specific_config_defaults;
-      $name:
-        * => $params;
+    openvpn::client_specific_config { $name:
+      * => merge($client_specific_config_defaults, $params),
     }
   }
 
   $revokes.each |$name, $params| {
-    openvpn::revoke {
-      default:
-        * => $revoke_defaults;
-      $name:
-        * => $params;
+    openvpn::revoke { $name:
+      * => merge($revoke_defaults, $params),
     }
   }
 
   $servers.each |$name, $params| {
-    openvpn::server {
-      default:
-        * => $server_defaults;
-      $name:
-        * => $params;
+    openvpn::server { $name:
+      * => merge($server_defaults, $params),
     }
   }
 }
diff --git a/manifests/install.pp b/manifests/install.pp
@@ -1,10 +1,21 @@
 #
-# @summary This module installs the openvpn service, configures vpn endpoints, generates client certificates, and generates client config files
+# @summary This module installs and manages OpenVPN (community edition) or OpenVPN Access Server, 
+# configures VPN endpoints, generates client certificates, and generates client config files.
 #
-class openvpn::install {
+# @param package_name
+# The name of the package to install (default: `openvpn`).
+#
+# @param package_ensure
+# The desired state of the package (default: `present`).
+#
+class openvpn::install (
+  String[1] $package_name   = 'openvpn',
+  String[1] $package_ensure = 'present',
+) {
   include openvpn
 
-  stdlib::ensure_packages(['openvpn'])
+  stdlib::ensure_packages([$package_name], { 'ensure' => $package_ensure })
+
   if $openvpn::additional_packages {
     stdlib::ensure_packages($openvpn::additional_packages)
   }
@@ -19,6 +30,6 @@
   file {
     ["${openvpn::etc_directory}/openvpn", "${openvpn::etc_directory}/openvpn/keys", '/var/log/openvpn',]:
       ensure  => directory,
-      require => Package['openvpn'];
+      require => Package[$package_name];
   }
 }
diff --git a/manifests/service.pp b/manifests/service.pp
@@ -1,11 +1,17 @@
 #
-# @summary This class maintains the openvpn service.
+# @summary
+#   This class maintains the OpenVPN service (community edition) or
+#   the OpenVPN Access Server service if overridden.
 #
-class openvpn::service {
+class openvpn::service (
+  String[1]                 $service_name   = 'openvpn',
+  Boolean                   $service_enable = true,
+  Enum['running','stopped'] $service_ensure = 'running',
+) {
   if $openvpn::manage_service and !$openvpn::namespecific_rclink {
-    service { 'openvpn':
-      ensure     => running,
-      enable     => true,
+    service { $service_name:
+      ensure     => $service_ensure,
+      enable     => $service_enable,
       hasrestart => true,
       hasstatus  => true,
     }
