Freeze break request: Switch back to bastion02 for now

Dennis Gilmore dennis at ausil.us
Fri Sep 16 19:30:36 UTC 2011 

On Friday, September 16, 2011 02:05:02 PM Kevin Fenzi wrote:
> To followup on myself and after an excellent suggestion from Seth...
> 
> Another way to do this is to just move vpn over to bastion02, don't
> change dns or email. 'gateway' and 'bastion' stay pointed at bastion03.
> 
> This means a change to the vpn client.conf on all machines, but we can
> push that out. It also means no DNS changes, which is good.
> We can also change back by just changing which machine is running
> openvpn server on it.
> 
> Here's the change for that:
> 
> diff --git a/manifests/nodes/bastion02.phx2.fedoraproject.org.pp
> b/manifests/nodes/bastion02.phx2.fe index 4018ec9..1a0ee7c 100644
> --- a/manifests/nodes/bastion02.phx2.fedoraproject.org.pp
> +++ b/manifests/nodes/bastion02.phx2.fedoraproject.org.pp
> @@ -1,6 +1,5 @@
>  node bastion02{
> -    # Moving openvpn over to bastion03
> -    $enable_openvpn = false
> +    $enable_openvpn = true
>      include phx
>      $syncFasAliases = true
>      include gateway
> diff --git a/manifests/nodes/bastion03.phx2.fedoraproject.org.pp
> b/manifests/nodes/bastion03.phx2.fe index 8c5fca9..b7b0f32 100644
> --- a/manifests/nodes/bastion03.phx2.fedoraproject.org.pp
> +++ b/manifests/nodes/bastion03.phx2.fedoraproject.org.pp
> @@ -3,7 +3,7 @@ node bastion03{
>      # comment out the line below when bastion02 is down or going to be
> down. # Under normal situations, only one bastion host should be
> running openvpn # or we'll end up with a split-brain problem in the
> network
> -    #$enable_openvpn = false
> +    $enable_openvpn = false
>      include phx
>      $syncFasAliases = true
>      include gateway
> diff --git a/modules/openvpn/files/client.conf
> b/modules/openvpn/files/client.conf index b1b2d95..d274e72 100644
> --- a/modules/openvpn/files/client.conf
> +++ b/modules/openvpn/files/client.conf
> @@ -6,7 +6,7 @@ proto udp
> 
>  # Specify multiple vpn servers here
>  remote gateway
> -remote bastion01
> +remote bastion02
> 
>  resolv-retry infinite
+1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20110916/31cfe9e8/attachment.bin

More information about the infrastructure mailing list