components/network/openvpn/files/openvpn.xml

   1 <?xml version="1.0" ?>
   2 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
   3 <!-- See the non-trivial-setup notes and recommendations for the OpenVPN SMF
   4      service integration in /usr/share/doc/openvpn/README.openindiana -->
   5 <service_bundle type="manifest" name="openvpn">
   6     <service name="network/openvpn" type="service" version="1">
   7         <dependency name="network" grouping="require_all" restart_on="error" type="service">
   8             <service_fmri value="svc:/milestone/network:default"/>
   9         </dependency>
  10
  11         <dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
  12             <service_fmri value="svc:/system/filesystem/local"/>
  13         </dependency>
  14
  15         <method_context working_directory='/etc/openvpn'>
  16             <!-- Some setups might need extra permissions for their OpenVPN
  17                  service, especially if reduced to run as a non-root -->
  18             <method_credential group='root' limit_privileges=':default'
  19                 privileges='basic,sys_iptun_config,sys_net_config,sys_devices,net_privaddr,net_rawaccess,net_icmpaccess,file_chown,file_owner,file_dac_write,proc_setid,proc_chroot'
  20                 supp_groups=':default' user='root'/>
  21             <method_environment>
  22                 <envvar name="PATH" value="/usr/bin:/usr/sbin"/>
  23             </method_environment>
  24         </method_context>
  25
  26         <exec_method type="method" name="start"
  27             exec="/usr/sbin/openvpn --log-append '/var/log/openvpn/%i.log' --daemon openvpn:%i --config '/etc/openvpn/%i.conf'"
  28             timeout_seconds="60"/>
  29
  30         <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>
  31
  32         <property_group name='general' type='framework'>
  33             <propval name='action_authorization' type='astring' value='solaris.smf.manage.openvpn'/>
  34             <propval name='value_authorization' type='astring' value='solaris.smf.value.openvpn'/>
  35         </property_group>
  36
  37         <property_group name="startd" type="framework">
  38             <propval name="duration" type="astring" value="contract"/>
  39             <propval name="ignore_error" type="astring" value="core,signal"/>
  40         </property_group>
  41
  42         <instance name='default' enabled='false'>
  43             <!-- Support legacy (upgraded) setups of single :default instance
  44                  just the way they were delivered earlier -->
  45             <exec_method type="method" name="start"
  46                 exec="/usr/sbin/openvpn --daemon openvpn --config '%{config/config_file}'"
  47                 timeout_seconds="60"/>
  48
  49             <property_group name='config' type='application'>
  50                 <!-- Full path to config file is required -->
  51                 <propval name="config_file" type='astring' value='/etc/openvpn/openvpn.conf'/>
  52                 <propval name='value_authorization' type='astring' value='solaris.smf.value.openvpn'/>
  53             </property_group>
  54         </instance>
  55
  56         <stability value="Evolving"/>
  57
  58         <template>
  59             <common_name>
  60                 <loctext xml:lang="C">OpenVPN</loctext>
  61             </common_name>
  62             <documentation>
  63                 <manpage title="openvpn" section="8" manpath="/usr/share/man"/>
  64                 <doc_link name="openvpn.net" uri="http://openvpn.net/index.php/manuals"/>
  65             </documentation>
  66         </template>
  67     </service>
  68 </service_bundle>