Remove openvpn::deploy

[jkroepke]

Pull Request (PR) description

Remove openvpn::deploy from this module.

The openvpn::deploy classes + facts introduced in (#261). The facts has a lot of outstanding issue in the history of this module.

The fact based approach has multiple issues:

• Warning: Fact value '...' with the value length: '5274' exceeds the value length limit: 4096 #409
• Fact openvpn exposes private keys #322
• Client configurations with the new Deferred function aren't working #421
• openvpn facts not generated on server #352

The first 2 issues should be a clear statement that returning to the fact based approch is not a option. Each default setup on puppet 7.10 and higher will emit a warning, if this module is in use.

A proposal to replace facts by deferred functions (#410) also never works

• Client configurations with the new Deferred function aren't working #421

I'm strongly recommend, if this functionality is needed to use a dedicated modules for this.

Example (but outdated):

• https://bitbucket.org/codacity/puppet-module-openvpn_client/

Major issue that I see: Even I'm not using the openvpn::deploy classes, the facts containing the private keys and published to puppetdb are NOT toggleable. If Foreman is used in the setup, all the private keys are exposed to the user base of Foreman.

By separate the logic into a dedicated puppet module, no sensitive facts are generated by default.

In general, use a Hashicorp Vault to exchange private keys in your setup, instead abuse puppet for it.

This Pull Request (PR) fixes the following issues

Fixes #352
Fixes #421

[jkroepke]

Any opinion here?

@root-expert

[root-expert]

+1 from me, but i'll leave it open to get some more eyes on it.

I also believe that puppet shouldn't be abused to distribute private keys.

[jkroepke]

@root-expert They are more eyes availible? 😄