Re: Post-FBR: Force openvpn to use tun1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 18, 2018 at 06:12:10AM +0200, Patrick Uiterwijk wrote:
> Hi all,
> 
> For compatibility with openshift, we need openvpn to use tun1 on the openshift nodes.
> While this does happen automatically if openvpn starts after the openshift SDN pod,
> this is not always the case.
> Can I get +1s for the patches I rolled out to make sure this happens?
> (The second one was because I had the variable name wrong.)
> 
> 
> commit 8ad630412f6abd082d08a628260b408d88d99b21
> Author: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
> Date:   Tue Sep 18 05:49:15 2018 +0200
> 
>     Make OpenVPN use tun1 for os-node's
>     
>     Signed-off-by: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
> 
> diff --git a/roles/openvpn/client/tasks/main.yml b/roles/openvpn/client/tasks/main.yml
> index 27c150d16..1ed3d173b 100644
> --- a/roles/openvpn/client/tasks/main.yml
> +++ b/roles/openvpn/client/tasks/main.yml
> @@ -19,14 +19,24 @@
>    - openvpn
>    when: ansible_distribution_major_version|int > 7 and ansible_cmdline.ostree is not defined
>  
> +- name: Install main config file (rhel7 and fedora)
> +  template: src=client.conf
> +            dest=/etc/openvpn/client/openvpn.conf
> +            owner=root group=root mode=0644
> +  tags:
> +  - install
> +  - openvpn
> +#  notify:
> +#  - restart openvpn (Fedora)
> +#  - restart openvpn (RHEL7)
> +#  - restart openvpn (RHEL6)
> +  when: ( ansible_distribution_major_version|int != 6 and ansible_distribution_major_version|int != 24) and ansible_cmdline.ostree is not defined
> +
>  - name: Install configuration files (rhel7 and fedora)
>    copy: src={{ item.file }}
>          dest={{ item.dest }}
>          owner=root group=root mode={{ item.mode }}
>    with_items:
> -  - { file: client.conf,
> -      dest: /etc/openvpn/client/openvpn.conf,
> -      mode: '0644' }
>    - { file: "{{ private }}/files/vpn/pki/issued/{{ inventory_hostname }}.crt",
>        dest: "/etc/openvpn/client/client.crt",
>        mode: '0600' }
> diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/templates/client.conf
> similarity index 70%
> rename from roles/openvpn/client/files/client.conf
> rename to roles/openvpn/client/templates/client.conf
> index 5042ed6e2..f398c9a39 100644
> --- a/roles/openvpn/client/files/client.conf
> +++ b/roles/openvpn/client/templates/client.conf
> @@ -1,6 +1,11 @@
>  client
>  
> +{% if hostname.startswith("os-node") %}
> +# OpenShift REALLY wants tun0. Let's make sure openvpn doesn't claim it
> +dev tun1
> +{% else %}
>  dev tun
> +{% endif %}
>  
>  proto udp
>  
> 
> 
> commit 325155810b8a0f0bbf929587316e1ae97d2b6565 (HEAD -> master, origin/master, origin/HEAD)
> Author: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
> Date:   Tue Sep 18 05:51:46 2018 +0200
> 
>     Actually use the ansible hostname
>     
>     Signed-off-by: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
> 
> diff --git a/roles/openvpn/client/templates/client.conf b/roles/openvpn/client/templates/client.conf
> index f398c9a39..11372910b 100644
> --- a/roles/openvpn/client/templates/client.conf
> +++ b/roles/openvpn/client/templates/client.conf
> @@ -1,6 +1,6 @@
>  client
>  
> -{% if hostname.startswith("os-node") %}
> +{% if ansible_hostname.startswith("os-node") %}
>  # OpenShift REALLY wants tun0. Let's make sure openvpn doesn't claim it
>  dev tun1
>  {% else %}

+1 for me


Pierre

Attachment: signature.asc
Description: PGP signature

_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux