On Tue, Sep 18, 2018 at 06:12:10AM +0200, Patrick Uiterwijk wrote: > Hi all, > > For compatibility with openshift, we need openvpn to use tun1 on the openshift nodes. > While this does happen automatically if openvpn starts after the openshift SDN pod, > this is not always the case. > Can I get +1s for the patches I rolled out to make sure this happens? > (The second one was because I had the variable name wrong.) > > > commit 8ad630412f6abd082d08a628260b408d88d99b21 > Author: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx> > Date: Tue Sep 18 05:49:15 2018 +0200 > > Make OpenVPN use tun1 for os-node's > > Signed-off-by: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx> > > diff --git a/roles/openvpn/client/tasks/main.yml b/roles/openvpn/client/tasks/main.yml > index 27c150d16..1ed3d173b 100644 > --- a/roles/openvpn/client/tasks/main.yml > +++ b/roles/openvpn/client/tasks/main.yml > @@ -19,14 +19,24 @@ > - openvpn > when: ansible_distribution_major_version|int > 7 and ansible_cmdline.ostree is not defined > > +- name: Install main config file (rhel7 and fedora) > + template: src=client.conf > + dest=/etc/openvpn/client/openvpn.conf > + owner=root group=root mode=0644 > + tags: > + - install > + - openvpn > +# notify: > +# - restart openvpn (Fedora) > +# - restart openvpn (RHEL7) > +# - restart openvpn (RHEL6) > + when: ( ansible_distribution_major_version|int != 6 and ansible_distribution_major_version|int != 24) and ansible_cmdline.ostree is not defined > + > - name: Install configuration files (rhel7 and fedora) > copy: src={{ item.file }} > dest={{ item.dest }} > owner=root group=root mode={{ item.mode }} > with_items: > - - { file: client.conf, > - dest: /etc/openvpn/client/openvpn.conf, > - mode: '0644' } > - { file: "{{ private }}/files/vpn/pki/issued/{{ inventory_hostname }}.crt", > dest: "/etc/openvpn/client/client.crt", > mode: '0600' } > diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/templates/client.conf > similarity index 70% > rename from roles/openvpn/client/files/client.conf > rename to roles/openvpn/client/templates/client.conf > index 5042ed6e2..f398c9a39 100644 > --- a/roles/openvpn/client/files/client.conf > +++ b/roles/openvpn/client/templates/client.conf > @@ -1,6 +1,11 @@ > client > > +{% if hostname.startswith("os-node") %} > +# OpenShift REALLY wants tun0. Let's make sure openvpn doesn't claim it > +dev tun1 > +{% else %} > dev tun > +{% endif %} > > proto udp > > > > commit 325155810b8a0f0bbf929587316e1ae97d2b6565 (HEAD -> master, origin/master, origin/HEAD) > Author: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx> > Date: Tue Sep 18 05:51:46 2018 +0200 > > Actually use the ansible hostname > > Signed-off-by: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx> > > diff --git a/roles/openvpn/client/templates/client.conf b/roles/openvpn/client/templates/client.conf > index f398c9a39..11372910b 100644 > --- a/roles/openvpn/client/templates/client.conf > +++ b/roles/openvpn/client/templates/client.conf > @@ -1,6 +1,6 @@ > client > > -{% if hostname.startswith("os-node") %} > +{% if ansible_hostname.startswith("os-node") %} > # OpenShift REALLY wants tun0. Let's make sure openvpn doesn't claim it > dev tun1 > {% else %} +1 for me Pierre
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx