On Tue, Sep 18, 2018 at 06:12:10AM +0200, Patrick Uiterwijk wrote:
> Hi all,
>
> For compatibility with openshift, we need openvpn to use tun1 on the openshift nodes.
> While this does happen automatically if openvpn starts after the openshift SDN pod,
> this is not always the case.
> Can I get +1s for the patches I rolled out to make sure this happens?
> (The second one was because I had the variable name wrong.)
>
>
> commit 8ad630412f6abd082d08a628260b408d88d99b21
> Author: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
> Date: Tue Sep 18 05:49:15 2018 +0200
>
> Make OpenVPN use tun1 for os-node's
>
> Signed-off-by: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
>
> diff --git a/roles/openvpn/client/tasks/main.yml b/roles/openvpn/client/tasks/main.yml
> index 27c150d16..1ed3d173b 100644
> --- a/roles/openvpn/client/tasks/main.yml
> +++ b/roles/openvpn/client/tasks/main.yml
> @@ -19,14 +19,24 @@
> - openvpn
> when: ansible_distribution_major_version|int > 7 and ansible_cmdline.ostree is not defined
>
> +- name: Install main config file (rhel7 and fedora)
> + template: src=client.conf
> + dest=/etc/openvpn/client/openvpn.conf
> + owner=root group=root mode=0644
> + tags:
> + - install
> + - openvpn
> +# notify:
> +# - restart openvpn (Fedora)
> +# - restart openvpn (RHEL7)
> +# - restart openvpn (RHEL6)
> + when: ( ansible_distribution_major_version|int != 6 and ansible_distribution_major_version|int != 24) and ansible_cmdline.ostree is not defined
> +
> - name: Install configuration files (rhel7 and fedora)
> copy: src={{ item.file }}
> dest={{ item.dest }}
> owner=root group=root mode={{ item.mode }}
> with_items:
> - - { file: client.conf,
> - dest: /etc/openvpn/client/openvpn.conf,
> - mode: '0644' }
> - { file: "{{ private }}/files/vpn/pki/issued/{{ inventory_hostname }}.crt",
> dest: "/etc/openvpn/client/client.crt",
> mode: '0600' }
> diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/templates/client.conf
> similarity index 70%
> rename from roles/openvpn/client/files/client.conf
> rename to roles/openvpn/client/templates/client.conf
> index 5042ed6e2..f398c9a39 100644
> --- a/roles/openvpn/client/files/client.conf
> +++ b/roles/openvpn/client/templates/client.conf
> @@ -1,6 +1,11 @@
> client
>
> +{% if hostname.startswith("os-node") %}
> +# OpenShift REALLY wants tun0. Let's make sure openvpn doesn't claim it
> +dev tun1
> +{% else %}
> dev tun
> +{% endif %}
>
> proto udp
>
>
>
> commit 325155810b8a0f0bbf929587316e1ae97d2b6565 (HEAD -> master, origin/master, origin/HEAD)
> Author: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
> Date: Tue Sep 18 05:51:46 2018 +0200
>
> Actually use the ansible hostname
>
> Signed-off-by: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
>
> diff --git a/roles/openvpn/client/templates/client.conf b/roles/openvpn/client/templates/client.conf
> index f398c9a39..11372910b 100644
> --- a/roles/openvpn/client/templates/client.conf
> +++ b/roles/openvpn/client/templates/client.conf
> @@ -1,6 +1,6 @@
> client
>
> -{% if hostname.startswith("os-node") %}
> +{% if ansible_hostname.startswith("os-node") %}
> # OpenShift REALLY wants tun0. Let's make sure openvpn doesn't claim it
> dev tun1
> {% else %}
+1 for me
Pierre
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
