Freeze break request: Switch back to bastion02 for now

Kevin Fenzi kevin at scrye.com
Fri Sep 16 19:05:02 UTC 2011 

To followup on myself and after an excellent suggestion from Seth... 

Another way to do this is to just move vpn over to bastion02, don't
change dns or email. 'gateway' and 'bastion' stay pointed at bastion03. 

This means a change to the vpn client.conf on all machines, but we can
push that out. It also means no DNS changes, which is good. 
We can also change back by just changing which machine is running
openvpn server on it. 

Here's the change for that: 

diff --git a/manifests/nodes/bastion02.phx2.fedoraproject.org.pp
b/manifests/nodes/bastion02.phx2.fe index 4018ec9..1a0ee7c 100644
--- a/manifests/nodes/bastion02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/bastion02.phx2.fedoraproject.org.pp
@@ -1,6 +1,5 @@
 node bastion02{
-    # Moving openvpn over to bastion03
-    $enable_openvpn = false
+    $enable_openvpn = true
     include phx
     $syncFasAliases = true
     include gateway
diff --git a/manifests/nodes/bastion03.phx2.fedoraproject.org.pp
b/manifests/nodes/bastion03.phx2.fe index 8c5fca9..b7b0f32 100644
--- a/manifests/nodes/bastion03.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/bastion03.phx2.fedoraproject.org.pp
@@ -3,7 +3,7 @@ node bastion03{
     # comment out the line below when bastion02 is down or going to be
down. # Under normal situations, only one bastion host should be
running openvpn # or we'll end up with a split-brain problem in the
network
-    #$enable_openvpn = false
+    $enable_openvpn = false
     include phx
     $syncFasAliases = true
     include gateway
diff --git a/modules/openvpn/files/client.conf
b/modules/openvpn/files/client.conf index b1b2d95..d274e72 100644
--- a/modules/openvpn/files/client.conf
+++ b/modules/openvpn/files/client.conf
@@ -6,7 +6,7 @@ proto udp
 
 # Specify multiple vpn servers here
 remote gateway
-remote bastion01
+remote bastion02
 
 resolv-retry infinite
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20110916/a1307327/attachment.bin

More information about the infrastructure mailing list