Gitiles
Code Review Sign In
gerrit.opencord.org / xos / edb1d0229d816f6d0a285d3be02f173ad795ebcb^! / .
commitedb1d0229d816f6d0a285d3be02f173ad795ebcb[log] [tgz]
authorJeremy Mowery <jermowery@email.arizona.edu>Wed Apr 13 17:26:36 2016 -0700
committerJeremy Mowery <jermowery@email.arizona.edu>Wed Apr 13 17:26:36 2016 -0700
tree5bcc057268897a693d2f4bf23da2aa28d08c8c3c
parentfba5a8453001e8bae1f3ece70681c8037c7c6379 [diff]
Move dh gen to synchronizer

diff --git a/containers/xos/Dockerfile.devel b/containers/xos/Dockerfile.devel
index 55dcdee..b227778 100644
--- a/containers/xos/Dockerfile.devel
+++ b/containers/xos/Dockerfile.devel

@@ -101,6 +101,3 @@
 RUN git -C /opt/openvpn pull origin master
 RUN echo 'set_var EASYRSA	"/opt/openvpn/easyrsa3"' | tee /opt/openvpn/vars
 RUN echo 'set_var EASYRSA_BATCH	"true"' | tee -a /opt/openvpn/vars
-RUN /opt/openvpn/easyrsa3/easyrsa --pki-dir="/opt/openvpn/init_pki" --vars=/opt/openvpn/vars init-pki
-RUN /opt/openvpn/easyrsa3/easyrsa --pki-dir="/opt/openvpn/init_pki" --vars=/opt/openvpn/vars gen-dh
-RUN chmod 777 /opt/openvpn/init_pki/dh.pem

diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.py b/xos/synchronizers/vpn/steps/sync_vpntenant.py
index 061134c..de8a8c8 100644
--- a/xos/synchronizers/vpn/steps/sync_vpntenant.py
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.py

@@ -63,6 +63,7 @@
         if (not os.path.isfile(o.pki_dir + "/issued/server.crt")):
             VPNService.execute_easyrsa_command(
                 o.pki_dir, "build-server-full server nopass")
+            VPNService.execute_easyrsa_command(o.pki_dir, "gen-dh")
         # Get the most recent list of revoked clients
         VPNService.execute_easyrsa_command(o.pki_dir, "gen-crl")
         # Super runs the playbook

diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.yaml b/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
index 7bf1a25..556212c 100644
--- a/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.yaml

@@ -39,7 +39,7 @@
     copy: src={{ pki_dir }}/crl.pem dest={{ pki_dir }}/crl.pem
 
   - name: get dh
-    copy: src=/opt/openvpn/init_pki/dh.pem dest={{ pki_dir }}/dh.pem
+    copy: src={{ pki_dir }}/dh.pem dest={{ pki_dir }}/dh.pem
 
   - name: erase config
     shell: rm -f {{ pki_dir }}/server.conf