prepare for release
remove some old CentOS stuff
update paths for new Debian packages
Summary: Collection of scripts to maintain your VPN server
Description: This is a collection of scripts for maintaining your VPN server(s). These SHOULD be used for handling day to day operation, like applying changes and installing updates.
License: AGPL-3.0-or-later
This is a collection of scripts for maintaining your VPN server(s). These SHOULD be used for handling day to day operation, like applying changes and installing updates. Feel free to take the content of these scripts and use them in something like Ansible.
NOTE: only use these scripts during maintenance windows as they will in most cases restart the OpenVPN processes!
In order to make sure your VPN configuration files are without syntax errors:
$ sudo vpn-maint-verify-config
Run this after every configuration change!
(Re)write OpenVPN server configuration files based on updated configuration and restart OpenVPN:
$ sudo vpn-maint-apply-changes
Install OS and VPN software updates:
$ sudo vpn-maint-update-system
NOTE: only use this right before going to production to get rid of all data!
$ sudo vpn-maint-reset-system
See the scripts under Automation to see the order in which to execute the scripts.
NOTE: first stop the node(s)!
$ sudo vpn-maint-update-controller
$ sudo vpn-maint-reset-controller
$ sudo vpn-maint-apply-changes
NOTE: after stopping the node(s) update the controller!
$ sudo vpn-maint-stop-node
After stopping the node(s), update the controller first before continuing!
$ sudo vpn-maint-update-node
$ sudo vpn-maint-start-node
There is no need to reset the node(s) as applying changes takes care of that already.
$ sudo vpn-maint-apply-changes
If you are on a host where you can do password-less SSH logins and don't need
to provide a password when using sudo
, you can use the following scripts to
update a bunch of servers at once.
NOTE: make sure you are NOT connected to the VPN server itself when running these scripts as they will terminate the connection!
If you have multiple servers to maintain, you may want to use a script like
this. Use the --reboot
flag to reboot the servers after updating...
#!/bin/sh
SERVER_LIST="
vpn.tuxed.net
vpn-dev.tuxed.net
"
for SERVER in ${SERVER_LIST}; do
echo "*** ${SERVER} ***"
ssh -t "${SERVER}" "/usr/bin/tmux new '/usr/bin/sudo /usr/sbin/vpn-maint-update-system'"
if [ "--reboot" = "${1}" ]; then
echo "Rebooting SERVER ${SERVER}..."
ssh "${SERVER}" "/usr/bin/sudo /sbin/reboot"
fi
done
This stops the nodes, updates the controller, node(s) and starts the node(s)
again. If you want to reboot the controller and node(s), use the --reboot
flag. Modify REBOOT_TIME_CONTROLLER
if you want to give your controller more
time to recover from a reboot...
#!/bin/sh
CONTROLLER=frkovpn.tuxed.net
NODES="
node-a.frkovpn.tuxed.net
node-b.frkovpn.tuxed.net
"
REBOOT_TIME_CONTROLLER=180
# stop all nodes
for NODE in ${NODES}
do
echo "Stopping NODE ${NODE}..."
ssh -t "${NODE}" "/usr/bin/tmux new '/usr/bin/sudo /usr/sbin/vpn-maint-stop-node'"
done
# update controller
echo "Updating CONTROLLER ${CONTROLLER}..."
ssh -t "${CONTROLLER}" "/usr/bin/tmux new '/usr/bin/sudo /usr/sbin/vpn-maint-update-controller -y'"
if [ "--reboot" = "${1}" ]; then
echo "Rebooting CONTROLLER ${CONTROLLER}..."
ssh "${CONTROLLER}" "/usr/bin/sudo /sbin/reboot"
echo "Waiting ${REBOOT_TIME_CONTROLLER}s for CONTROLLER ${CONTROLLER} to come back..."
sleep ${REBOOT_TIME_CONTROLLER}
fi
# update nodes
for NODE in ${NODES}
do
echo "Updating NODE ${NODE}..."
ssh -t "${NODE}" "/usr/bin/tmux new '/usr/bin/sudo /usr/sbin/vpn-maint-update-node'"
if [ "--reboot" = "${1}" ]; then
echo "Rebooting NODE ${NODE}..."
ssh "${NODE}" "/usr/bin/sudo /sbin/reboot"
else
echo "Starting NODE ${NODE}..."
ssh -t "${NODE}" "/usr/bin/tmux new '/usr/bin/sudo /usr/sbin/vpn-maint-start-node'"
fi
done
Thank you for taking the time to contribute to eduVPN / Let's Connect!. In order for us to be able to accept your contributions, i.e. "Pull Requests" or "Merge Requests", we'd like you to sign our "CLA" and send it back to us.
You can find the CLA here. Pick the correct one, either for "legal entities" or "individuals" and mail it to legaldocuments@commonsconservancy.org as stated in the document. Please add eduvpn-support@lists.geant.org to the CC field.
Note, that signing the CLA will not automatically guarantee your contribution will be included in the software!
Thanks again for wanting to contribute to eduVPN / Let's Connect!