ソースを参照

Fix systemd configuration of OpenVPN server

The server was not starting.  As a result, the dnsmasq service failed to
start, and the playbook thus failed to run when using the vpn role.
This patch corrects the configuration per instructions from
https://help.ubuntu.com/community/OpenVPN.

OpenVPN PAM configuration moved up to reduce server bouncing as the
playbook runs.  The dependency on service (re)starts between openvpn and
dnsmasq works but feels brittle.
Mike Ashley 8年前
コミット
1011d76866
2個のファイルの変更8行の追加5行の削除
  1. 1
    1
      roles/vpn/handlers/main.yml
  2. 7
    4
      roles/vpn/tasks/openvpn.yml

+ 1
- 1
roles/vpn/handlers/main.yml ファイルの表示

@@ -2,4 +2,4 @@
2 2
   service: name=dnsmasq state=restarted
3 3
 
4 4
 - name: restart openvpn
5
-  service: name=openvpn state=restarted
5
+  service: name=openvpn@server state=restarted

+ 7
- 4
roles/vpn/tasks/openvpn.yml ファイルの表示

@@ -141,6 +141,13 @@
141 141
   template: src=etc_openvpn_server.conf.j2 dest=/etc/openvpn/server.conf
142 142
   notify: restart openvpn
143 143
 
144
+- name: Copy OpenVPN PAM configuration file into place
145
+  copy: src=etc_pam.d_openvpn dest=/etc/pam.d/openvpn
146
+  notify: restart openvpn
147
+
148
+- name: Enable OpenVPN server systemd service unit
149
+  service: name=openvpn@server enabled=yes
150
+
144 151
 # OpenVPN must restart first so the 10.8.0.0 interface is available
145 152
 # to dnsmasq
146 153
 - meta: flush_handlers
@@ -149,10 +156,6 @@
149 156
   copy: src=etc_dnsmasq.conf dest=/etc/dnsmasq.conf
150 157
   notify: restart dnsmasq
151 158
 
152
-- name: Copy OpenVPN PAM configuration file into place
153
-  copy: src=etc_pam.d_openvpn dest=/etc/pam.d/openvpn
154
-  notify: restart openvpn
155
-
156 159
 - name: Copy the ca.crt and ta.key files that clients will need in order to connect to the OpenVPN server
157 160
   command: cp {{ openvpn_path }}/{{ item[1] }} {{ openvpn_path }}/{{ item[0] }}
158 161
   tags:

読み込み中…
キャンセル
保存