July 2019 - sysadmin-notify

by Nicolas Chauvet

commit 7bf91e4270eaa9c2ab3022154f42e2ee529668dc Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Wed Jul 31 10:57:41 2019 +0200 Add syncHttpdLogs template roles/base/templates/syncHttpLogs.sh.j2 | 222 +++++++++++++++++++++++++++++++ 1 files changed, 222 insertions(+), 0 deletions(-) --- diff --git a/roles/base/templates/syncHttpLogs.sh.j2 b/roles/base/templates/syncHttpLogs.sh.j2 new file mode 100644 index 0000000..2431826 --- /dev/null +++ b/roles/base/templates/syncHttpLogs.sh.j2 @@ -0,0 +1,222 @@ +#!/bin/bash + +RSYNC_FLAGS='-az --no-motd' + +function syncHttpLogs { + + # in case we missed a run or two.. try to catch up the last 3 days. + for d in 1 2 3 + do + HOST=$1 + # some machines store stuff in old format. some new. + if [ "$2" = "old" ]; then + YESTERDAY=$(/bin/date -d "-$d days" +%Y-%m-%d) + else + YESTERDAY=$(/bin/date -d "-$d days" +%Y%m%d) + fi + YEAR=$(/bin/date -d "-$d days" +%Y) + MONTH=$(/bin/date -d "-$d days" +%m) + DAY=$(/bin/date -d "-$d days" +%d) + /bin/mkdir -p /var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/http + cd /var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/http/ + + for f in $(/usr/bin/rsync $RSYNC_FLAGS --list-only $HOST::log/httpd/*$YESTERDAY* | awk '{ print $5 }') + do + DEST=$(echo $f | /bin/sed s/-$YESTERDAY//) + /usr/bin/rsync $RSYNC_FLAGS $HOST::log/httpd/$f ./$DEST + done + done +} + +## Sync up all proxies +{% for host in groups['proxies'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up all internal proxies +{% for host in groups['proxies_internal'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up all staging proxies +{% for host in groups['proxies_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up all fas servers +{% for host in groups['fas'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['fas_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up all fedocal hosts +{% for host in groups['fedocal'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['fedocal_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up all data grepper hosts +{% for host in groups['datagrepper'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['datagrepper_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up all ipsilon hosts +{% for host in groups['ipsilon'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['ipsilon_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up all ask hosts +{% for host in groups['ask'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['ask_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up all badges hosts +{% for host in groups['badges_web'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['badges_web_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up all elections hosts +{% for host in groups['elections'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['elections_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up all bodhi hosts +{% for host in groups['bodhi2'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['bodhi2_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up packages hosts +{% for host in groups['packages'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['packages_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up blockerbugs +{% for host in groups['blockerbugs'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['blockerbugs_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up value +{% for host in groups['value'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['value_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up secondary +{% for host in groups['secondary'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up hosted +{% for host in groups['hosted'] %} +syncHttpLogs {{host}} old +{% endfor %} + +## sync up people +{% for host in groups['people'] %} +syncHttpLogs {{host}} +{% endfor %} + +## sync up nagios +{% for host in groups['nagios'] %} +syncHttpLogs {{host}} +{% endfor %} + +## sync up download +{% for host in groups['download_phx2'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['download_ibiblio'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['download_rdu2'] %} +syncHttpLogs {{host}} +{% endfor %} + +## sync up sundries +{% for host in groups['sundries'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['sundries_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## sync up autocloud +{% for host in groups['autocloud_web'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['autocloud_web_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## sync up koschei +{% for host in groups['koschei_web'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['koschei_web_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## sync up notifs +{% for host in groups['notifs_web'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['notifs_web_stg'] %} +syncHttpLogs {{host}} +{% endfor %} + +## Sync up pdc +{% for host in groups['pdc_web'] %} +syncHttpLogs {{host}} +{% endfor %} + +{% for host in groups['pdc_web_stg'] %} +syncHttpLogs {{host}} +{% endfor %} +

5 years, 4 months

1
0
0 / 0

[ansible] Update tasks files for base

by Nicolas Chauvet

commit 76f7cbe85a14698a3212f041f69789b4b9138cfa Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Wed Jul 31 10:54:58 2019 +0200 Update tasks files for base roles/base/meta/main.yml | 3 ++- roles/base/tasks/main.yml | 16 ++++++++-------- roles/base/tasks/watchdog.yml | 4 ++-- 3 files changed, 12 insertions(+), 11 deletions(-) --- diff --git a/roles/base/meta/main.yml b/roles/base/meta/main.yml index afa39de..8fc4b3b 100644 --- a/roles/base/meta/main.yml +++ b/roles/base/meta/main.yml @@ -1,4 +1,5 @@ --- dependencies: - - { role: ntp } + - { role: basessh } + - { role: chrony } - { role: dnf-automatic } diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 043e79a..c6d39d2 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -11,11 +11,11 @@ - policycoreutils-python tags: - selinux - when: ansible_distribution_major_version|int != 8 + when: ansible_distribution_major_version|int < 8 - name: ensure packages required for semanage are installed (dnf) - dnf: name=['policycoreutils-python-utils'] state=present - when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined + package: name=policycoreutils-python-utils state=present + when: ansible_distribution_major_version|int > 27 and ansible_cmdline.ostree is not defined tags: - selinux @@ -189,7 +189,7 @@ - iptables/iptables.{{ host_group }} - iptables/iptables.{{ env }} - iptables/iptables - when: baseiptables + when: baseiptables|bool notify: - restart iptables - reload libvirtd @@ -205,7 +205,7 @@ - iptables - service - base - when: baseiptables + when: baseiptables|bool - name: ip6tables template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=0600 backup=yes @@ -215,7 +215,7 @@ - iptables/ip6tables.{{ host_group }} - iptables/ip6tables.{{ env }} - iptables/ip6tables - when: baseiptables + when: baseiptables|bool notify: - restart ip6tables - reload libvirtd @@ -230,7 +230,7 @@ - ip6tables - service - base - when: baseiptables + when: baseiptables|bool - name: enable journald persistence file: path=/var/log/journal state=directory @@ -291,7 +291,7 @@ - name: log everything to log01 except on mirrorlist, do not log local4 there. copy: src=rsyslog/rsyslog-log01 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=0644 - when: not inventory_hostname.startswith(('mirrorlist','copr','jenkins')) + when: not inventory_hostname.startswith(('mirrorlist','copr')) tags: - rsyslogd - config diff --git a/roles/base/tasks/watchdog.yml b/roles/base/tasks/watchdog.yml index 06a8969..a610d2f 100644 --- a/roles/base/tasks/watchdog.yml +++ b/roles/base/tasks/watchdog.yml @@ -1,6 +1,6 @@ - name: See if theres a watchdog device stat: path=/dev/watchdog - when: ansible_virtualization_role == 'guest' + when: ansible_virtualization_role is defined and ansible_virtualization_role == 'guest' check_mode: no failed_when: no register: watchdog_dev @@ -33,4 +33,4 @@ - service - watchdog - base - when: watchdog_dev is defined and ansible_virtualization_role == 'guest' and watchdog_dev.stat.exists + when: watchdog_dev is defined and ansible_virtualization_role is defined and ansible_virtualization_role == 'guest' and watchdog_dev.stat.exists

5 years, 4 months

1
0
0 / 0

[ansible] Update template for iptables ifcfg

by Nicolas Chauvet

commit 90663f9e657a2c82cf50541d55311d297f91daf3 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Wed Jul 31 10:53:59 2019 +0200 Update template for iptables ifcfg roles/base/templates/ifcfg.j2 | 11 ++++++++++- roles/base/templates/iptables/iptables | 14 +++++--------- 2 files changed, 15 insertions(+), 10 deletions(-) --- diff --git a/roles/base/templates/ifcfg.j2 b/roles/base/templates/ifcfg.j2 index 11ba66c..d04dc31 100644 --- a/roles/base/templates/ifcfg.j2 +++ b/roles/base/templates/ifcfg.j2 @@ -1,12 +1,17 @@ NAME="{{item}}" BOOTPROTO="none" -{% if item == "eth0" %} +NM_CONTROLLED=yes +{% if item in ansible_ifcfg_infra_net_devices %} GATEWAY="{{gw}}" {% endif %} HWADDR="{{ hostvars[inventory_hostname]['ansible_' + item]['macaddress']|upper }}" +{% if item in ansible_ifcfg_disabled %} +ONBOOT="no" +{% else %} IPADDR="{{ hostvars[inventory_hostname][item + '_ip'] }}" NETMASK="{{ hostvars[inventory_hostname][item + '_nm'] }}" ONBOOT="yes" +{% endif %} TYPE="Ethernet" DEVICE="{{item}}" {% for line in if_uuid.stdout_lines %} @@ -23,3 +28,7 @@ IPV6_DEFAULTDEV={{item}} IPV6_DEFAULTGW={{ hostvars[inventory_hostname][item + '_ipv6_gw'] }} IPV6_MTU=1280 {% endif %} +{% if hostvars[inventory_hostname][item + '_secondary_ip'] is defined %} +IPADDR1="{{ hostvars[inventory_hostname][item + '_secondary_ip'] }}" +PREFIX1=24 +{% endif %} diff --git a/roles/base/templates/iptables/iptables b/roles/base/templates/iptables/iptables index e567479..3e578b8 100644 --- a/roles/base/templates/iptables/iptables +++ b/roles/base/templates/iptables/iptables @@ -50,19 +50,15 @@ -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT -# nat table +{% if nat_rules %} *nat -:PREROUTING ACCEPT [0:0] -:INPUT ACCEPT [0:0] +:PREROUTING ACCEPT [0:] +:INPUT ACCEPT [0:] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -# custom_nat_rules -{% if custom_nat_rules is defined %} -{% for rule in custom_nat_rules %} +{% for rule in nat_rules %} {{ rule }} {% endfor %} -{% endif %} - COMMIT - +{% endif %}

5 years, 4 months

1
0
0 / 0

[ansible] Update rsyslog

by Nicolas Chauvet

commit d188f00538e04e8767bde39594ec6df855b883f5 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Wed Jul 31 10:52:58 2019 +0200 Update rsyslog roles/base/files/selinux/rsyslog-audit.pp | Bin 7609 -> 1366 bytes roles/base/files/selinux/rsyslog-audit.te | 8 +++++--- 2 files changed, 5 insertions(+), 3 deletions(-) --- diff --git a/roles/base/files/selinux/rsyslog-audit.pp b/roles/base/files/selinux/rsyslog-audit.pp index f1a417f..b6612bf 100644 Binary files a/roles/base/files/selinux/rsyslog-audit.pp and b/roles/base/files/selinux/rsyslog-audit.pp differ diff --git a/roles/base/files/selinux/rsyslog-audit.te b/roles/base/files/selinux/rsyslog-audit.te index a8bf497..daf535e 100644 --- a/roles/base/files/selinux/rsyslog-audit.te +++ b/roles/base/files/selinux/rsyslog-audit.te @@ -1,12 +1,14 @@ -module rsyslog-audit 1.0; +module rsyslog-audit 1.2; require { type auditd_log_t; type syslogd_t; + type var_t; class file { getattr ioctl open read }; - class dir { getattr search }; + class dir { getattr open read search }; } #============= syslogd_t ============== -allow syslogd_t auditd_log_t:dir { getattr search }; +allow syslogd_t auditd_log_t:dir { getattr open read search }; allow syslogd_t auditd_log_t:file { getattr ioctl open read }; +allow syslogd_t var_t:dir read;

5 years, 4 months

1
0
0 / 0

[ansible] Update postfix main.cf

by Nicolas Chauvet

commit 7b46b938db9f2cb92c9ffac1687d3676a1767046 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Wed Jul 31 10:52:31 2019 +0200 Update postfix main.cf roles/base/files/postfix/main.cf/main.cf.mailman | 4 ++++ roles/base/files/postfix/main.cf/main.cf.smtp-mm | 4 ++++ 2 files changed, 8 insertions(+), 0 deletions(-) --- diff --git a/roles/base/files/postfix/main.cf/main.cf.mailman b/roles/base/files/postfix/main.cf/main.cf.mailman index f36ec30..29e635f 100644 --- a/roles/base/files/postfix/main.cf/main.cf.mailman +++ b/roles/base/files/postfix/main.cf/main.cf.mailman @@ -702,3 +702,7 @@ owner_request_special = no transport_maps = hash:/var/lib/mailman3/data/postfix_lmtp local_recipient_maps = hash:/var/lib/mailman3/data/postfix_lmtp relay_domains = hash:/var/lib/mailman3/data/postfix_domains + +smtpd_sender_restrictions = + check_sender_access regexp:/etc/postfix/sender_access + permit diff --git a/roles/base/files/postfix/main.cf/main.cf.smtp-mm b/roles/base/files/postfix/main.cf/main.cf.smtp-mm index e5db424..1f40a9f 100644 --- a/roles/base/files/postfix/main.cf/main.cf.smtp-mm +++ b/roles/base/files/postfix/main.cf/main.cf.smtp-mm @@ -701,6 +701,7 @@ message_size_limit = 20971520 smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes +smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5, RC4 @@ -732,3 +733,6 @@ smtp_tls_loglevel = 1 smtp_tls_cert_file = /etc/pki/tls/certs/localhost.crt smtp_tls_key_file = /etc/pki/tls/private/localhost.key smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt + +# Deny email from some domains +smtpd_sender_restrictions = regexp:/etc/postfix/sender_access

5 years, 4 months

1
0
0 / 0

[ansible] fixup

by Nicolas Chauvet

commit 87bca2a234864e32dafe88ad84f18814d5e338c7 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Wed Jul 31 10:51:50 2019 +0200 fixup roles/base/files/common-scripts/lock-wrapper | 15 +++++++++++---- 1 files changed, 11 insertions(+), 4 deletions(-) --- diff --git a/roles/base/files/common-scripts/lock-wrapper b/roles/base/files/common-scripts/lock-wrapper index f990f63..abec9f3 100755 --- a/roles/base/files/common-scripts/lock-wrapper +++ b/roles/base/files/common-scripts/lock-wrapper @@ -8,6 +8,11 @@ fi NAME=$1 SCRIPT=$2 +SILENT="no" +if [ $# -ge 3 -a "$3" == "--silent" ]; then + SILENT="yes" +fi + LOCKDIR="/var/tmp/$NAME" PIDFILE="$LOCKDIR/pid" @@ -17,13 +22,15 @@ function cleanup { RESTORE_UMASK=$(umask -p) umask 0077 -if ! mkdir "$LOCKDIR"; then - echo "$LOCKDIR already exists" +mkdir "$LOCKDIR" >& /dev/null +if [ $? != 0 ]; then PID=$(cat "$PIDFILE") if [ -n "$PID" ] && /bin/ps $PID > /dev/null then - echo "$PID is still running" - /bin/ps -o user,pid,start,time,comm $PID + if [ "$SILENT" != "yes" ]; then + echo "$PID is still running" + /bin/ps -o user,pid,start,time,comm $PID + fi exit 1; else echo "$LOCKDIR exists but $PID is dead"

5 years, 4 months

1
0
0 / 0

[ansible] Update common-scripts

by Nicolas Chauvet

commit c9645599b7df24604ff3bfc2557f2d4d30c030aa Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Wed Jul 31 10:51:26 2019 +0200 Update common-scripts .../files/common-scripts/conditional-reload.sh | 12 +++++++-- .../files/common-scripts/conditional-restart.sh | 24 +++++------------- .../common-scripts/proxy-conditional-reload.sh | 25 ++++++++++++++++++++ 3 files changed, 41 insertions(+), 20 deletions(-) --- diff --git a/roles/base/files/common-scripts/conditional-reload.sh b/roles/base/files/common-scripts/conditional-reload.sh index b9aecdb..988a08b 100644 --- a/roles/base/files/common-scripts/conditional-reload.sh +++ b/roles/base/files/common-scripts/conditional-reload.sh @@ -10,9 +10,15 @@ rpm -q $PACKAGE INSTALLED=$? if [ $INSTALLED -eq 0 ]; then - echo "Package $PACKAGE installed. Attempting reload of $SERVICE." - /sbin/service $SERVICE reload - exit $? # Exit with the /sbin/service status code + echo "Checking if $SERVICE is running" + /sbin/service $SERVICE status >& /dev/null + if [ $? == 0 ]; then + echo "Package $PACKAGE installed and running. Attempting reload of $SERVICE." + /sbin/service $SERVICE reload + exit $? # Exit with the /sbin/service status code + fi + echo "Package $PACKAGE is install, but $SERVICE is not running, skipping..." + exit 0 fi # If the package wasn't installed, then pretend everything is fine. diff --git a/roles/base/files/common-scripts/conditional-restart.sh b/roles/base/files/common-scripts/conditional-restart.sh index f95ef74..8da52dc 100644 --- a/roles/base/files/common-scripts/conditional-restart.sh +++ b/roles/base/files/common-scripts/conditional-restart.sh @@ -1,20 +1,10 @@ #!/bin/bash -# Restart SERVICE only if PACKAGE is installed. -# We use this throughout handlers/restart_services.yml +# +# We use this to try and restart a service. +# If it's not running, do nothing. +# If it is running, restart it. +# SERVICE=$1 -PACKAGE=$2 - -rpm -q $PACKAGE - -INSTALLED=$? - -if [ $INSTALLED -eq 0 ]; then - echo "Package $PACKAGE installed. Attempting restart of $SERVICE." - /sbin/service $SERVICE restart - exit $? # Exit with the /sbin/service status code -fi - -# If the package wasn't installed, then pretend everything is fine. -echo "Package $PACKAGE not installed. Skipping restart of $SERVICE." -exit 0 +# Check if service unit is present before trying to restart it +/usr/bin/systemctl cat $1.service &>/dev/null && /usr/bin/systemctl try-restart $1 || true diff --git a/roles/base/files/common-scripts/proxy-conditional-reload.sh b/roles/base/files/common-scripts/proxy-conditional-reload.sh new file mode 100644 index 0000000..ef60087 --- /dev/null +++ b/roles/base/files/common-scripts/proxy-conditional-reload.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# reload SERVICE only if PACKAGE is installed. +# We use this throughout handlers/restart_services.yml + +SERVICE=$1 +PACKAGE=$2 + +rpm -q $PACKAGE + +INSTALLED=$? + +if [ ! -f /etc/httpd/ticketkey_*.tkey ]; then + # This host is not configured yet, do not try and restart httpd + exit 0 +fi + +if [ $INSTALLED -eq 0 ]; then + echo "Package $PACKAGE installed. Attempting reload of $SERVICE." + /sbin/service $SERVICE reload + exit $? # Exit with the /sbin/service status code +fi + +# If the package wasn't installed, then pretend everything is fine. +echo "Package $PACKAGE not installed. Skipping reload of $SERVICE." +exit 0

5 years, 4 months

1
0
0 / 0

[ansible] Add log01 to linaro

by Nicolas Chauvet

commit a51a8a2211ffeff40c90a8f74a7a408f512e344e Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Wed Jul 31 10:34:41 2019 +0200 Add log01 to linaro roles/hosts/files/linaro-hosts | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) --- diff --git a/roles/hosts/files/linaro-hosts b/roles/hosts/files/linaro-hosts index 957b590..bd8c81c 100644 --- a/roles/hosts/files/linaro-hosts +++ b/roles/hosts/files/linaro-hosts @@ -7,7 +7,7 @@ 212.129.31.198 pkgs.rpmfusion.org pkgs # hv01 online - vpn -192.168.182.1 hv01.vpn.rpmfusion.net proxy.vpn.rpmfusion.net nfs-server.vpn.rpmfusion.net nfs-server +192.168.182.1 hv01.vpn.rpmfusion.net proxy.vpn.rpmfusion.net nfs-server.vpn.rpmfusion.net nfs-server log01 # linaro hosts 192.168.1.7 bastion02.linaro.rpmfusion.net bastion02 proxy

5 years, 4 months

1
0
0 / 0

[ansible] Add persist tun for cliens

by Nicolas Chauvet

commit bf18b4d5c41fc9f5649664e8eb20e2f62b1c96ef Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Wed Jul 31 10:21:19 2019 +0200 Add persist tun for cliens roles/openvpn/client/files/client.conf | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) --- diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf index a95cf0a..cc03ed2 100644 --- a/roles/openvpn/client/files/client.conf +++ b/roles/openvpn/client/files/client.conf @@ -13,6 +13,7 @@ resolv-retry infinite nobind persist-key +persist-tun #up /etc/openvpn/fix-routes.sh #up-restart

5 years, 4 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

sysadmin-notify July 2019