-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi all,
For compatibility with openshift, we need openvpn to use tun1 on the openshift nodes.
While this does happen automatically if openvpn starts after the openshift SDN pod,
this is not always the case.
Can I get +1s for the patches I rolled out to make sure this happens?
(The second one was because I had the variable name wrong.)
commit 8ad630412f6abd082d08a628260b408d88d99b21
Author: Patrick Uiterwijk <patrick(a)puiterwijk.org>
Date: Tue Sep 18 05:49:15 2018 +0200
Make OpenVPN use tun1 for os-node's
Signed-off-by: Patrick Uiterwijk <patrick(a)puiterwijk.org>
diff --git a/roles/openvpn/client/tasks/main.yml b/roles/openvpn/client/tasks/main.yml
index 27c150d16..1ed3d173b 100644
- --- a/roles/openvpn/client/tasks/main.yml
+++ b/roles/openvpn/client/tasks/main.yml
@@ -19,14 +19,24 @@
- openvpn
when: ansible_distribution_major_version|int > 7 and ansible_cmdline.ostree is not defined
+- name: Install main config file (rhel7 and fedora)
+ template: src=client.conf
+ dest=/etc/openvpn/client/openvpn.conf
+ owner=root group=root mode=0644
+ tags:
+ - install
+ - openvpn
+# notify:
+# - restart openvpn (Fedora)
+# - restart openvpn (RHEL7)
+# - restart openvpn (RHEL6)
+ when: ( ansible_distribution_major_version|int != 6 and ansible_distribution_major_version|int != 24) and ansible_cmdline.ostree is not defined
+
- name: Install configuration files (rhel7 and fedora)
copy: src={{ item.file }}
dest={{ item.dest }}
owner=root group=root mode={{ item.mode }}
with_items:
- - - { file: client.conf,
- - dest: /etc/openvpn/client/openvpn.conf,
- - mode: '0644' }
- { file: "{{ private }}/files/vpn/pki/issued/{{ inventory_hostname }}.crt",
dest: "/etc/openvpn/client/client.crt",
mode: '0600' }
diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/templates/client.conf
similarity index 70%
rename from roles/openvpn/client/files/client.conf
rename to roles/openvpn/client/templates/client.conf
index 5042ed6e2..f398c9a39 100644
- --- a/roles/openvpn/client/files/client.conf
+++ b/roles/openvpn/client/templates/client.conf
@@ -1,6 +1,11 @@
client
+{% if hostname.startswith("os-node") %}
+# OpenShift REALLY wants tun0. Let's make sure openvpn doesn't claim it
+dev tun1
+{% else %}
dev tun
+{% endif %}
proto udp
commit 325155810b8a0f0bbf929587316e1ae97d2b6565 (HEAD -> master, origin/master, origin/HEAD)
Author: Patrick Uiterwijk <patrick(a)puiterwijk.org>
Date: Tue Sep 18 05:51:46 2018 +0200
Actually use the ansible hostname
Signed-off-by: Patrick Uiterwijk <patrick(a)puiterwijk.org>
diff --git a/roles/openvpn/client/templates/client.conf b/roles/openvpn/client/templates/client.conf
index f398c9a39..11372910b 100644
- --- a/roles/openvpn/client/templates/client.conf
+++ b/roles/openvpn/client/templates/client.conf
@@ -1,6 +1,6 @@
client
- -{% if hostname.startswith("os-node") %}
+{% if ansible_hostname.startswith("os-node") %}
# OpenShift REALLY wants tun0. Let's make sure openvpn doesn't claim it
dev tun1
{% else %}
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJboHsaAAoJEIZXmA2atR5QJ1MP/Rm8T8GFuIznzGo80ypxb891
x310k+PrOkJ0kOxnY086dqCqNxPsFLVnFpGHWUAo3Y/8q/85HeJHHP/6iDuxYb37
/dghRacim8PIEsf4PAAMulqOhpGDKfZ/bMTJrQOp/eOSc8MQkdkabXYAPgH6RyrX
uJXrHn4Xx+REZEjOR5dbZJahqfeRbUpU84TNfVPgu5NCgCyYg/eGZr0MaV06Fxcp
T4m9VbN1MCxn/aX6I4yq7EO3QWhfe5iB3tNKa0emZYqkTTwYWImK6m+bEfA8FWzn
gyyeS1m2nPQm2vjPefp+k//oFo9JARUHCpR9HBJb+A3ctJVXiZAr3W0PgXhYdPNp
Ocrhd2TvHfQP62mOh7UwIrPuheFxxY3P8OPNWmkTyLtAfQN/5zSwaig/fX4A+XqP
4z/TXdMMWVBrq5a4pH8vn8jwDeI4Q4dgpH7Nj4WlAQ3TUFssiEki5MPiCLU8R6/B
xqvwVl4DqxERS1nUlB5TANTdyDYYTbpA4Tukr8qhQxXnbWD1VezeoE+WCZn+94jL
bX1J86g2hJz8xBJWWfSHoSI2ncBzPUScSyJkGxSozBSbvcKzPumF3FGHcsoFIZwa
KDRXALPsXm5t15EnY1Ylg/ILxIaZNygxyDGq6Ryu1giTjZEnCyFWwl5Vvjq+hewO
ZqdNr3jnf8pQLsTdxcKT
=siP7
-----END PGP SIGNATURE-----