Commit 1dc78db1 authored by David Johnson's avatar David Johnson

Support dynamic addition/deletion of compute nodes.

Also, adds a geni-lib script that generates an rspec instead of printing
it (although print still works at portal) and generates input for
CM::AddNodes() when requested.  This generator is stateful; it tries
to avoid generating new nodes with previously-used IPs or client_ids;
thus it is a separate object.  It is designed so that it can be imported
into a script, and the importing script can look for special
DYNSLICE_GENERATOR variables to use its rspec foo to create a slice and
add nodes in some semantic way.
parent 9a1d5ee2
This diff is collapsed.
......@@ -28,7 +28,7 @@ if [ -f $SETTINGS ]; then
fi
# Grab the neutron configuration we computed in setup-lib.sh
. $OURDIR/info.neutron
. $OURDIR/neutron.vars
cat <<EOF >> /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
......
#!/bin/sh
set -x
# Gotta know the rules!
if [ $EUID -ne 0 ] ; then
echo "This script must be run as root" 1>&2
exit 1
fi
DIRNAME=`dirname $0`
# Grab our lib stuff.
. "$DIRNAME/setup-lib.sh"
if [ "$HOSTNAME" != "$NETWORKMANAGER" ]; then
exit 0;
fi
NEWNODE="$1"
if [ -z "$NEWNODE" ] ; then
echo "ERROR: $0 <newnode-short-name>"
exit 1
fi
#
# Ok, we copy the new /etc/hosts to the controller and to the new node
# Ugh, also have to copy manifests*.xml, topomap*, fqdn.map
#
echo "*** Copying updated network metadata files to $CONTROLLER and $NEWNODE ..."
fqdn=`getfqdn $NEWNODE`
$SSH $fqdn mkdir -p $OURDIR
$SCP $SETTINGS $OURDIR/admin-openrc.* \
$OURDIR/mgmt-hosts $OURDIR/mgmt-netmask $OURDIR/mgmt-o3 $OURDIR/mgmt-o4 \
$OURDIR/data-hosts.* $OURDIR/data-netmask.* $OURDIR/data-allocation-pool.* \
$OURDIR/data-network.* $OURDIR/dhcp-agent-ipaddr.* $OURDIR/ipinfo.* \
$OURDIR/nextsparesubnet $OURDIR/router-ipaddr.* \
$OURDIR/manifests*.xml $OURDIR/topomap* $OURDIR/fqdn.map \
$fqdn:$OURDIR
$SSH $fqdn cp $OURDIR/mgmt-hosts /etc/hosts
#
# Update the management network if necessary
#
echo "*** Updating up the Management Network"
if [ -z "${MGMTLAN}" ]; then
echo "*** Updating the VPN-based Management Network"
$DIRNAME/setup-vpn.sh 1> $OURDIR/setup-vpn.log 2>&1
# Give the VPN a chance to settle down
PINGED=0
while [ $PINGED -eq 0 ]; do
sleep 2
ping -c 1 $NEWNODE
if [ $? -eq 0 ]; then
PINGED=1
fi
done
else
echo "*** Using $MGMTLAN as the Management Network"
fi
#
# Now copy the updated $OURDIR/mgmt-hosts to all the other nodes and
# update /etc/hosts .
#
for node in $NODES
do
[ "$node" = "$NETWORKMANAGER" ] && continue
[ "$node" = "$NEWNODE" ] && continue
fqdn=`getfqdn $node`
scp -p -o StrictHostKeyChecking=no $OURDIR/mgmt-hosts $fqdn:$OURDIR
$SSH $fqdn cp -p $OURDIR/mgmt-hosts /etc/hosts
done
##
## Done!
##
#echo "Telling new node $NEWNODE that we have set it up completely..."
#fqdn=`getfqdn $NEWNODE`
#scp -p -o StrictHostKeyChecking=no $OURDIR/mgmt-hosts $fqdn:$OURDIR
#$SSH $fqdn cp -p $OURDIR/mgmt-hosts /etc/hosts
# Remove our lockfile
rm -f $OURDIR/updating-nodes
exit 0
#!/bin/sh
set -x
# Gotta know the rules!
if [ $EUID -ne 0 ] ; then
echo "This script must be run as root" 1>&2
exit 1
fi
DIRNAME=`dirname $0`
# Grab our lib stuff.
. "$DIRNAME/setup-lib.sh"
if [ "$HOSTNAME" != "$CONTROLLER" ]; then
exit 0;
fi
OLDNODES="$@"
if [ -z "$OLDNODES" ] ; then
echo "ERROR: $0 <list-of-oldnodes-short-names>"
exit 1
fi
#
# For now, we just do the stupid thing and "evacuate" the VMs from the
# old hypervisor to a new hypervisor. Let Openstack pick for now...
#
# To do this, we disable the compute service, force it down, and
# evacuate!
#
for node in $OLDNODES ; do
echo "*** Forcing compute service on $node down and disabling it ..."
fqdn=`getfqdn $node`
id=`nova service-list | awk "/ $fqdn / { print \\$2 }"`
nova service-disable $fqdn nova-compute
# Hm, this only supported in some versions, so...
nova service-force-down $fqdn nova-compute
# ... do this too, to make sure the service doesn't come up
$SSH $fqdn service nova-compute stop
echo "update services set updated_at=NULL where id=$id" \
| mysql -u nova --password=${NOVA_DBPASS} nova
done
#
# Ok, now that all these nodes are down, evacuate them (and this way the
# scheduler won't choose any of the going-down nodes as hosts for the
# evacuated VMs).
#
fqdnlist=""
for node in $OLDNODES ; do
echo "*** Evacuating all instances from $node ..."
fqdn=`getfqdn $node`
nova host-evacuate $fqdn
# Create a list for the next step so we don't have to keep resolving
# FQDNs
fqdnlist="${fqdnlist} $fqdn"
done
#
# Ok, now we want to wait until all those nodes no longer have instances
# on them.
#
sucess=0
while [ $success -ne 1 ]; do
success=1
for fqdn in $fqdnlist ; do
sleep 8
count=`nova hypervisor-servers $fqdn | awk '/ instance-.* / { print $2 }' | wc -l`
if [ $count -gt 0 ]; then
success=0
echo "*** $fqdn still has $count instances"
fi
done
done
for node in $OLDNODES ; do
echo "*** Deleting compute service on $node ..."
fqdn=`getfqdn $node`
id=`nova service-list | awk "/ $fqdn / { print \\$2 }"`
nova service-delete $id
done
echo "*** Evacuated and deleted nodes $OLDNODES !"
exit 0
......@@ -415,6 +415,8 @@ if [ -z "${NOVA_COMPUTENODES_DONE}" ]; then
scp -o StrictHostKeyChecking=no $SETTINGS admin-openrc.sh $fqdn:$OURDIR
$SSH $fqdn $DIRNAME/setup-compute.sh
touch $OURDIR/compute-done-${node}
done
echo "NOVA_COMPUTENODES_DONE=\"${NOVA_COMPUTENODES_DONE}\"" >> $SETTINGS
......@@ -428,7 +430,7 @@ if [ -z "${NEUTRON_DBPASS}" ]; then
NEUTRON_PASS=`$PSWDGEN`
NEUTRON_METADATA_SECRET=`$PSWDGEN`
. $OURDIR/info.neutron
. $OURDIR/neutron.vars
echo "create database neutron" | mysql -u root --password="$DB_ROOT_PASS"
echo "grant all privileges on neutron.* to 'neutron'@'localhost' identified by '$NEUTRON_DBPASS'" | mysql -u root --password="$DB_ROOT_PASS"
......@@ -596,6 +598,8 @@ if [ -z "${NEUTRON_COMPUTENODES_DONE}" ]; then
scp -o StrictHostKeyChecking=no $SETTINGS $fqdn:$SETTINGS
ssh -o StrictHostKeyChecking=no $fqdn $DIRNAME/setup-compute-network.sh
touch $OURDIR/compute-network-done-${node}
done
echo "NEUTRON_COMPUTENODES_DONE=\"${NEUTRON_COMPUTENODES_DONE}\"" >> $SETTINGS
......@@ -1207,6 +1211,8 @@ if [ -z "${TELEMETRY_COMPUTENODES_DONE}" ]; then
scp -o StrictHostKeyChecking=no $SETTINGS $fqdn:$SETTINGS
ssh -o StrictHostKeyChecking=no $fqdn $DIRNAME/setup-compute-telemetry.sh
touch $OURDIR/compute-telemetry-done-${node}
done
echo "TELEMETRY_COMPUTENODES_DONE=\"${TELEMETRY_COMPUTENODES_DONE}\"" >> $SETTINGS
......
#!/bin/sh
set -x
DIRNAME=`dirname $0`
# Gotta know the rules!
if [ $EUID -ne 0 ] ; then
echo "This script must be run as root" 1>&2
exit 1
fi
# Grab our libs
. "$DIRNAME/setup-lib.sh"
if [ "$HOSTNAME" = "$CONTROLLER" -o "$HOSTNAME" = "$NETWORKMANAGER" ]; then
echo "Cannot run dynamic node setup on controller or networkmanager!"
exit 0
fi
##
## Ok, we're dynamically adding a compute node to the network.
##
echo "*** Setting up root ssh pubkey access across all nodes..."
# All nodes need to publish public keys, and acquire others'
$DIRNAME/setup-root-ssh.sh 1> $OURDIR/setup-root-ssh.log 2>&1
##
## Now ask the networkmanager to setup our network state. This will
## blow away our network state that setup-lib.sh calculated locally
## here, and will trash the ssh connection we're about to start if we
## need a mgmt vpn. So background it and wait for
## $OURDIR/network-manager-added-me to be created; that's our
## signal that it is done.
##
fqdn=`getfqdn $NETWORKMANAGER`
#$SSH $fqdn "$DIRNAME/setup-networkmanager-add-node $HOSTNAME 1>$OURDIR/networkmanager-add-node-$HOSTNAME.log 2>&1 </dev/null" &
$SSH $fqdn "$DIRNAME/setup-networkmanager-add-node.sh $HOSTNAME 1>$OURDIR/setup-networkmanager-add-node-$HOSTNAME.log 2>&1 | tee"
#
# Now that we have complete network info, let's rebuild our per-network
# info.* files.
#
echo "*** Rebuilding per-network metadata files..."
rm -f $OURDIR/info.* $OURDIR/neutron.vars
#while [ ! -f $OURDIR/networkmanager-added-me ]; do
# sleep 1
#done
# Give the VPN a chance to settle down
PINGED=0
while [ $PINGED -eq 0 ]; do
sleep 2
ping -c 1 $CONTROLLER
if [ $? -eq 0 ]; then
PINGED=1
fi
done
echo "*** Setting up OpenVSwitch on $NEWNODE"
$DIRNAME/setup-ovs-node.sh
##
## Now ask the controller to trigger the rest of our setup.
##
#fqdn=`getfqdn $CONTROLLER`
#$SSH $fqdn "$DIRNAME/setup-controller-add-node $HOSTNAME 1>$OURDIR/controller-add-node-$HOSTNAME.log 2>&1 </dev/null"
echo "*** Setting up Nova Compute Service on $NEWNODE"
$DIRNAME/setup-compute.sh
echo "*** Setting up Neutron Network Service on $NEWNODE"
$DIRNAME/setup-compute-network.sh
echo "*** Setting up Ceilometer Telemetry Service on $NEWNODE"
$DIRNAME/setup-compute-telemetry.sh
##
## We're done --
##
exit 0
This diff is collapsed.
#!/bin/sh
set -x
# Gotta know the rules!
if [ $EUID -ne 0 ] ; then
echo "This script must be run as root" 1>&2
exit 1
fi
DIRNAME=`dirname $0`
#
# NB: make sure to tell setup-lib.sh it needs to update all its info!
#
# This is critical. Only the networkmanager node has the ability to assign
# IPs or update those metadata files with the complete picture, because it knows
# all the compute nodes that used to exist, and the new ones.
#
export UPDATING=1
# Grab our lib stuff.
. "$DIRNAME/setup-lib.sh"
#
# NB: make sure to stop any future updates; we're good now!
#
export UPDATING=0
if [ "$HOSTNAME" != "$NETWORKMANAGER" ]; then
exit 0;
fi
NEWNODE="$1"
if [ -z "$NEWNODE" ] ; then
echo "ERROR: $0 <newnode-short-name>"
exit 1
fi
#
# Ok, we copy the new /etc/hosts to the controller and to the new node
# Ugh, also have to copy manifests*.xml, topomap*, fqdn.map
#
echo "*** Copying updated network metadata files to $CONTROLLER and $NEWNODE ..."
cat $OURDIR/mgmt-hosts > /etc/hosts
fqdn=`getfqdn $CONTROLLER`
$SSH $fqdn mkdir -p $OURDIR
$SCP $SETTINGS \
$OURDIR/mgmt-hosts $OURDIR/mgmt-netmask $OURDIR/mgmt-o3 $OURDIR/mgmt-o4 \
$OURDIR/data-hosts.* $OURDIR/data-netmask.* $OURDIR/data-allocation-pool.* \
$OURDIR/data-network.* $OURDIR/dhcp-agent-ipaddr.* $OURDIR/ipinfo.* \
$OURDIR/nextsparesubnet $OURDIR/router-ipaddr.* \
$OURDIR/manifests*.xml $OURDIR/topomap* $OURDIR/fqdn.map \
$fqdn:$OURDIR
$SSH $fqdn cp $OURDIR/mgmt-hosts /etc/hosts
#
# XXX: also copy the manifests and parameters. This is because if the
# server has an old tmcc and the manifest is huge, the geni-get manifest
# call will fail due to limited space in the fixed-size server buf.
#
fqdn=`getfqdn $NEWNODE`
$SSH $fqdn mkdir -p $OURDIR
$SCP $SETTINGS $OURDIR/parameters \
$OURDIR/mgmt-hosts $OURDIR/mgmt-netmask $OURDIR/mgmt-o3 $OURDIR/mgmt-o4 \
$OURDIR/data-hosts.* $OURDIR/data-netmask.* $OURDIR/data-allocation-pool.* \
$OURDIR/data-network.* $OURDIR/dhcp-agent-ipaddr.* $OURDIR/ipinfo.* \
$OURDIR/nextsparesubnet $OURDIR/router-ipaddr.* \
$OURDIR/manifests*.xml $OURDIR/topomap* $OURDIR/fqdn.map \
$fqdn:$OURDIR
$SSH $fqdn cp $OURDIR/mgmt-hosts /etc/hosts
#
# Update the management network if necessary
#
echo "*** Updating up the Management Network"
if [ -z "${MGMTLAN}" ]; then
echo "*** Updating the VPN-based Management Network"
$DIRNAME/setup-vpn.sh 1> $OURDIR/setup-vpn.log 2>&1
# Give the VPN a chance to settle down
PINGED=0
while [ $PINGED -eq 0 ]; do
sleep 2
ping -c 1 $NEWNODE
if [ $? -eq 0 ]; then
PINGED=1
fi
done
else
echo "*** Using $MGMTLAN as the Management Network"
fi
#
# Now copy the updated $OURDIR/mgmt-hosts to all the other nodes and
# update /etc/hosts .
#
for node in $NODES
do
[ "$node" = "$NETWORKMANAGER" ] && continue
[ "$node" = "$NEWNODE" ] && continue
fqdn=`getfqdn $node`
scp -p -o StrictHostKeyChecking=no $OURDIR/mgmt-hosts $fqdn:$OURDIR
$SSH $fqdn cp -p $OURDIR/mgmt-hosts /etc/hosts
done
##
## Done!
##
#echo "Telling new node $NEWNODE that we have set it up completely..."
#fqdn=`getfqdn $NEWNODE`
#scp -p -o StrictHostKeyChecking=no $OURDIR/mgmt-hosts $fqdn:$OURDIR
#$SSH $fqdn cp -p $OURDIR/mgmt-hosts /etc/hosts
# Remove our lockfile
rm -f $OURDIR/updating-nodes
exit 0
#!/bin/sh
##
## This script doesn't really do anything, other than update our metadata
## and copy the new /etc/hosts to the controller.
##
set -x
# Gotta know the rules!
if [ $EUID -ne 0 ] ; then
echo "This script must be run as root" 1>&2
exit 1
fi
DIRNAME=`dirname $0`
#
# NB: make sure to tell setup-lib.sh it needs to update all its info!
#
# This is critical. Only the networkmanager node has the ability to assign
# IPs or update those metadata files with the complete picture, because it knows
# all the compute nodes that used to exist, and the new ones.
#
export UPDATING=1
# Grab our lib stuff.
. "$DIRNAME/setup-lib.sh"
#
# NB: make sure to stop any future updates; we're good now!
#
export UPDATING=0
if [ "$HOSTNAME" != "$NETWORKMANAGER" ]; then
exit 0;
fi
OLDNODES="$@"
if [ -z "$OLDNODES" ] ; then
echo "ERROR: $0 <list-oldnodes-short-names>"
exit 1
fi
#
# Ok, we copy the new /etc/hosts to the controller and to the new node
# Ugh, also have to copy manifests*.xml, topomap*, fqdn.map
#
echo "*** Copying updated network metadata files to $CONTROLLER ..."
cat $OURDIR/mgmt-hosts > /etc/hosts
fqdn=`getfqdn $CONTROLLER`
$SSH $fqdn mkdir -p $OURDIR
$SCP $SETTINGS \
$OURDIR/mgmt-hosts $OURDIR/mgmt-netmask $OURDIR/mgmt-o3 $OURDIR/mgmt-o4 \
$OURDIR/data-hosts.* $OURDIR/data-netmask.* $OURDIR/data-allocation-pool.* \
$OURDIR/data-network.* $OURDIR/dhcp-agent-ipaddr.* $OURDIR/ipinfo.* \
$OURDIR/nextsparesubnet $OURDIR/router-ipaddr.* \
$OURDIR/manifests*.xml $OURDIR/topomap* $OURDIR/fqdn.map \
$fqdn:$OURDIR
$SSH $fqdn cp $OURDIR/mgmt-hosts /etc/hosts
#
# Now copy the updated $OURDIR/mgmt-hosts to all the other nodes and
# update /etc/hosts .
#
for node in $NODES
do
[ "$node" = "$NETWORKMANAGER" ] && continue
[ "$node" = "$NEWNODE" ] && continue
fqdn=`getfqdn $node`
scp -p -o StrictHostKeyChecking=no $OURDIR/mgmt-hosts $fqdn:$OURDIR
$SSH $fqdn cp -p $OURDIR/mgmt-hosts /etc/hosts
done
exit 0
......@@ -28,7 +28,7 @@ if [ -f $SETTINGS ]; then
fi
# Grab the neutron configuration we computed in setup-lib.sh
. $OURDIR/info.neutron
. $OURDIR/neutron.vars
cat <<EOF >> /etc/sysctl.conf
net.ipv4.ip_forward=1
......
......@@ -253,15 +253,10 @@ if [ ! ${HAVE_SYSTEMD} -eq 0 ] ; then
[Unit]
Description=Open vSwitch Internal Unit
PartOf=openvswitch-switch.service
#Wants=openvswitch-switch.service
# Without this all sorts of looping dependencies occur doh!
DefaultDependencies=no
#precedants pulled from isup@ service requirements
After=apparmor.service local-fs.target systemd-tmpfiles-setup.service
#subsequent to this service we need the network to start
Wants=network-pre.target openvswitch-switch.service
Before=network-pre.target openvswitch-switch.service remote-fs.target
Before=network-pre.target remote-fs.target
After=local-fs.target
[Service]
Type=oneshot
......@@ -272,6 +267,7 @@ ExecStart=/usr/share/openvswitch/scripts/ovs-ctl start \
ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop
EOF
systemctl enable openvswitch-switch
systemctl daemon-reload
fi
......
......@@ -22,21 +22,28 @@ if [ "$HOSTNAME" != "$NETWORKMANAGER" ]; then
exit 0;
fi
maybe_install_packages openvpn easy-rsa
if [ ! -f $OURDIR/vpn-server-done ]; then
maybe_install_packages openvpn easy-rsa
fi
# Only copy files later on to new nodes...
NEWVPNNODES=""
#
# Get our server CA config set up.
#
export EASY_RSA="/etc/openvpn/easy-rsa"
mkdir -p $EASY_RSA
cp -r /usr/share/easy-rsa/* $EASY_RSA
cd $EASY_RSA
# Batch mode
sed -i -e s/--interact/--batch/ $EASY_RSA/build-ca
sed -i -e s/--interact/--batch/ $EASY_RSA/build-key-server
sed -i -e s/--interact/--batch/ $EASY_RSA/build-key
sed -i -e s/DEBUG=0/DEBUG=1/ $EASY_RSA/pkitool
if [ ! -f $OURDIR/vpn-server-done ]; then
mkdir -p $EASY_RSA
cp -r /usr/share/easy-rsa/* $EASY_RSA
cd $EASY_RSA
# Batch mode
sed -i -e s/--interact/--batch/ $EASY_RSA/build-ca
sed -i -e s/--interact/--batch/ $EASY_RSA/build-key-server
sed -i -e s/--interact/--batch/ $EASY_RSA/build-key
sed -i -e s/DEBUG=0/DEBUG=1/ $EASY_RSA/pkitool
fi
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
......@@ -61,29 +68,37 @@ export KEY_OU=$KEY_CN
export KEY_ALTNAMES="DNS:$NETWORKMANAGER"
mkdir -p $KEY_DIR
cd $EASY_RSA
./clean-all
./build-ca
# We needed a CN for the CA build -- but now we have to drop it cause
# the build-key* scripts don't want it set -- they set it to the first arg,
# and behave badly if it IS set.
unset KEY_CN
./build-key-server $NETWORKMANAGER
cp -p $KEY_DIR/$NETWORKMANAGER.crt $KEY_DIR/$NETWORKMANAGER.key $KEY_DIR/ca.crt \
/etc/openvpn/
if [ -f $DIRNAME/etc/dh2048.pem ]; then
cp $DIRNAME/etc/dh2048.pem /etc/openvpn
else
./build-dh
cp -p $KEY_DIR/dh2048.pem /etc/openvpn/
fi
#
# Get openvpn setup and restarted.
#
cat <<EOF > /etc/openvpn/server.conf
if [ ! -f $OURDIR/vpn-server-done ]; then
# Fixup the openssl.cnf files
for file in `ls -1 /etc/openvpn/easy-rsa/openssl*.cnf | xargs` ; do
sed -i -e 's/^\(subjectAltName=.*\)$/#\1/' $file
done
export KEY_CN="OSMgmtVPN"
./clean-all
./build-ca
# We needed a CN for the CA build -- but now we have to drop it cause
# the build-key* scripts don't want it set -- they set it to the first arg,
# and behave badly if it IS set.
unset KEY_CN
./build-key-server $NETWORKMANAGER
cp -p $KEY_DIR/$NETWORKMANAGER.crt $KEY_DIR/$NETWORKMANAGER.key $KEY_DIR/ca.crt \
/etc/openvpn/
if [ -f $DIRNAME/etc/dh2048.pem ]; then
cp $DIRNAME/etc/dh2048.pem /etc/openvpn
else
./build-dh
cp -p $KEY_DIR/dh2048.pem /etc/openvpn/
fi
#
# Get openvpn setup and restarted.
#
cat <<EOF > /etc/openvpn/server.conf
local $MYIP
port 1194
proto udp
......@@ -104,7 +119,20 @@ status openvpn-status.log
verb 3
EOF
mkdir -p /etc/openvpn/ccd
mkdir -p /etc/openvpn/ccd
#
# Get the server up
#
if [ ${HAVE_SYSTEMD} -eq 1 ]; then
systemctl enable openvpn@server.service
systemctl start openvpn@server.service
else
service openvpn restart
fi
touch $OURDIR/vpn-server-done
fi
#
# Now build keys and set static IPs for the controller and the
......@@ -112,8 +140,15 @@ mkdir -p /etc/openvpn/ccd
#
for node in $NODES
do
if [ -f /etc/openvpn/ccd/$node ]; then
continue
fi
NEWVPNNODES="${NEWVPNNODES} $node"
fqdn=`getfqdn $node`
export KEY_CN="$node"
./build-key $node
NMIP=`cat $OURDIR/mgmt-hosts | grep -E "$node$" | head -1 | sed -n -e 's/^\\([0-9]*\\.[0-9]*\\.[0-9]*\\.[0-9]*\\).*$/\\1/p'`
......@@ -126,7 +161,6 @@ unset KEY_PROVINCE
unset KEY_CITY
unset KEY_ORG
unset KEY_EMAIL
unset KEY_CN
unset KEY_NAME
unset KEY_OU
unset KEY_ALTNAMES
......@@ -142,22 +176,12 @@ unset KEY_SIZE
unset CA_EXPIRE
unset KEY_EXPIRE
#
# Get the server up
#
if [ ${HAVE_SYSTEMD} -eq 1 ]; then
systemctl enable openvpn@server.service
systemctl start openvpn@server.service
else
service openvpn restart
fi
#
# Get the hosts files setup to point to the new management network
# and setup the VPN on the clients.
#
cat $OURDIR/mgmt-hosts > /etc/hosts
for node in $NODES
for node in $NEWVPNNODES
do
[ "$node" = "$NETWORKMANAGER" ] && continue
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment