diff options
author | Micah Anderson <micah@riseup.net> | 2022-07-02 12:42:12 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2022-07-02 12:42:12 -0400 |
commit | a13d6e7f190078c330b8aeaf574af5de5c25cad7 (patch) | |
tree | 2f290b57339902e53fa181199e8a756efcd0b5c1 | |
parent | 9191c53d6f532701cc6cf51d4674818a0ba13215 (diff) |
re-order roles to account for potential ordering failures
-rw-r--r-- | config/roles/openvpn/tasks/credentials.yml | 14 | ||||
-rw-r--r-- | config/roles/openvpn/tasks/main.yml | 4 | ||||
-rw-r--r-- | config/roles/simplevpn/tasks/main.yml | 2 | ||||
-rw-r--r-- | config/roles/vpnweb-frontend/templates/vpnweb.conf.j2 | 4 |
4 files changed, 10 insertions, 14 deletions
diff --git a/config/roles/openvpn/tasks/credentials.yml b/config/roles/openvpn/tasks/credentials.yml index 35632d2..b7e5dec 100644 --- a/config/roles/openvpn/tasks/credentials.yml +++ b/config/roles/openvpn/tasks/credentials.yml @@ -9,12 +9,6 @@ ca: "{{ credentials_dir }}/common/api_ca.crt" ca_key: "{{ credentials_dir }}/common/api_ca.key" -- name: Restart openvpn because gateway certificate has changed - systemd: - name: docker-openvpn-openvpn.service - state: restarted - when: sspki_sign.changed - - name: Add the docker-openvpn user to the openvpn-sspki group user: name: docker-openvpn @@ -46,8 +40,14 @@ - name: Install client certificate generating and API endpoint CA bundle copy: - content: "{{ lookup('file', '{{ credentials_dir }}/common/api_ca.crt') }}\n{{ lookup('file', '{{ credentials_dir }}/common/client_ca.crt') }}\n" + content: "{{ lookup('file', '{{ credentials_dir }}/common/old_client_ca.crt') }}\n{{lookup('file', '{{ credentials_dir }}/common/api_ca.crt') }}\n{{ lookup('file', '{{ credentials_dir }}/common/client_ca.crt') }}\n" dest: /etc/leap/ca/leap_ca_bundle.crt mode: 0444 notify: - "restart docker-openvpn-openvpn" + +- name: Restart openvpn because gateway certificate has changed + systemd: + name: docker-openvpn-openvpn.service + state: restarted + when: sspki_sign.changed diff --git a/config/roles/openvpn/tasks/main.yml b/config/roles/openvpn/tasks/main.yml index 1241570..010cd18 100644 --- a/config/roles/openvpn/tasks/main.yml +++ b/config/roles/openvpn/tasks/main.yml @@ -1,4 +1,4 @@ - import_tasks: "secondary_gateway.yml" -- import_tasks: "credentials.yml" -- import_tasks: "openvpn.yml" - import_tasks: "shapeshifter.yml" +- import_tasks: "openvpn.yml" +- import_tasks: "credentials.yml" diff --git a/config/roles/simplevpn/tasks/main.yml b/config/roles/simplevpn/tasks/main.yml index aa11404..4bfd953 100644 --- a/config/roles/simplevpn/tasks/main.yml +++ b/config/roles/simplevpn/tasks/main.yml @@ -12,5 +12,3 @@ ca_public_crt: "{{ credentials_dir }}/common/api_ca.crt" run_once: true register: simplevpn_result - notify: - - "restart docker-vpnweb-vpnweb" diff --git a/config/roles/vpnweb-frontend/templates/vpnweb.conf.j2 b/config/roles/vpnweb-frontend/templates/vpnweb.conf.j2 index cf070d0..3bc8b3c 100644 --- a/config/roles/vpnweb-frontend/templates/vpnweb.conf.j2 +++ b/config/roles/vpnweb-frontend/templates/vpnweb.conf.j2 @@ -1,7 +1,5 @@ upstream be_vpnweb { -{% for host in groups['vpnweb']|sort %} - server {{ host }}.vpnweb.{{ domain }}:{{ services['vpnweb'].public_endpoints[0].port }}; -{% endfor %} + server vpnweb.{{ domain }}:{{ services['vpnweb'].public_endpoints[0].port }}; } server { |