Upstart_openvpn-connection.conf

1. author "Mariusz Kaczmarczyk <[email protected]>"
2. description "OpenVPN single connection instance"
3. usage "CONN=<connection_name>"
4. version "1.2"
5.  
6. instance $CONN
7.  
8. start on openvpn-init-connections
9. stop on openvpn-stop-connections
10.  
11. respawn
12. respawn limit 3 15
13.  
14. normal exit 0
15.  
16. console output
17.  
18. # defaults
19. env ARGFILE_DIR='/run/openvpn'
20. env ARGFILE_EXT='.args'
21. env ARGFILE_MODE='0600'
22. env CONFIG_DIR='/etc/openvpn'
23. env CONFIG_EXT='.conf'
24. env CONFIG_PROHIBIT_REGEXP='^[[:blank:]]*(daemon|group|syslog|user|writepid)([[:blank:]]|$)'
25. env DEFAULTS_FILE='/etc/default/openvpn'
26. env OMIT_SENDSIGS=0
27. env OMIT_SENDSIGS_DIR='/run/sendsigs.omit.d'
28. env OMIT_SENDSIGS_ARGS=''
29. env OPENVPN_EXEC='/usr/sbin/openvpn'
30. env OPENVPN_GID='openvpn'
31. env OPENVPN_UID='openvpn'
32. env OPT_ARGS=''
33. env PIDFILE_EXT='.pid'
34. env STATUS_ARGS=''
35. env STATUS_DIR='/run/openvpn'
36. env STATUS_DIR_MODE=0730
37. env STATUS_EXT='.status'
38. env STATUS_REFRESH=10
39. env STATUS_VERSION=3
40. env SYSLOG_ID='openvpn'
41.  
42. pre-start script
43.     # load global defaults file
44.     if [ -f "${DEFAULTS_FILE}" ]; then
45.         . "${DEFAULTS_FILE}"
46.     fi
47.     # load connection-specific defaults file
48.     CONN_DEFAULTS_FILE="${DEFAULTS_FILE}.d/${CONN}"
49.     if [ -f "${CONN_DEFAULTS_FILE}" ]; then
50.         . "${CONN_DEFAULTS_FILE}"
51.     fi
52.     # check if connection file exists
53.     CONN_FILE="${CONFIG_DIR}/${CONN}${CONFIG_EXT}"
54.     if ! [ -f "${CONN_FILE}" ]; then
55.         exit 2
56.     fi
57.     # check for prohibited stanzas in connection file
58.     CONFIG_PROHIBIT_MATCH=$(grep -E -i "${CONFIG_PROHIBIT_REGEXP}" "${CONN_FILE}" || true)
59.     if [ -n "${CONFIG_PROHIBIT_MATCH}" ]; then
60.         echo "OpenVPN: prohibited config directives in file: ${CONN_FILE}" >&2
61.         echo "${CONFIG_PROHIBIT_MATCH}" >&2
62.         exit 3
63.     fi
64.     # setup status file and refresh period
65.     if ! [ -d "${STATUS_DIR}" ]; then
66.         install -g "${OPENVPN_GID}" -m "${STATUS_DIR_MODE}" -d "${STATUS_DIR}"
67.     fi
68.     STATUS_FILE="${STATUS_DIR}/${CONN}${STATUS_EXT}"
69.     if [ -n "${STATUS_REFRESH}" ] && [ -d "${STATUS_DIR}" ] && [ "${STATUS_REFRESH}" -gt 0 ]; then
70.         STATUS_ARGS="--status ${STATUS_FILE} ${STATUS_REFRESH} --status-version ${STATUS_VERSION}"
71.     fi
72.     # avoid killing connections on shutdown if desired
73.     OMIT_SENDSIGS_PIDFILE="${OMIT_SENDSIGS_DIR}/openvpn.${CONN}${PIDFILE_EXT}"
74.     if [ "${OMIT_SENDSIGS}" -gt 0 ]; then
75.         OMIT_SENDSIGS_ARGS="--writepid ${OMIT_SENDSIGS_PIDFILE}"
76.     fi
77.     rm --force "${OMIT_SENDSIGS_PIDFILE}" 2>/dev/null || true
78.     # save arguments for exec to protected argfile
79.     # this is awkward but necessary workaround - Upstart's cannot pass variables between job phases
80.     echo "--cd ${CONFIG_DIR} --config ${CONN_FILE} ${SYSLOG_ID:+--syslog ${SYSLOG_ID}/${CONN}} ${OPENVPN_GID:+--group ${OPENVPN_GID}} ${OPENVPN_UID:+--user ${OPENVPN_UID}} ${OMIT_SENDSIGS_ARGS} ${STATUS_ARGS} ${OPT_ARGS}" >"${ARGFILE_DIR}/${CONN}${ARGFILE_EXT}"
81.     chmod --quiet "${ARGFILE_MODE}" "${ARGFILE_DIR}/${CONN}${ARGFILE_EXT}"
82. end script
83.  
84. script
85.     # ensure argfile exists
86.     if ! [ -f "${ARGFILE_DIR}/${CONN}${ARGFILE_EXT}" ]; then
87.         exit 1
88.     fi
89.     # ready to exec
90.     # run OpenVPN daemon with args from argfile
91.     exec "${OPENVPN_EXEC}" $(cat "${ARGFILE_DIR}/${CONN}${ARGFILE_EXT}")
92. end script