Hello Chris, Here is one I created. It is adapted from the original openvpn init script. The main feature it adds is the ability to specify exactly which openvpn config to start. In addition it moves the configs outside of the normal directory. This way you can still have an instance of openvpn that starts upon boot, but other ones that start as part of HA. We use this seperation to have an 'emergency' openvpn instance that specifies to use a PAM config with local authentication only and the HA instances specify a PAM config that utilize LDAP (and limits who can connect to which instance). So even in a situation where LDAP is melting down, we can get into the network to fix it.
I guess I'm posting this in hope of getting some peer review. So if anyone find an issue with it, please send changes back to me, thanks. <attached> On Sun, Mar 08, 2009 at 08:24:47PM -0600, Chris Price wrote: > > Hi, > > Does anyone have or know of a already made (and debugged) openvpn script > for the /etc/ha.d/resource.d directory? > > > TIA > _______________________________________________ > Linux-HA mailing list > [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems -- James R. Leu [email protected]
#!/bin/sh
# usage: ./openvpn <name> {start|stop|status}
#
#<name> : the openvpn instance to start
#
# An example usage in /etc/ha.d/haresources:
# node1 10.0.0.170 openvpn::engineering
#
unset LC_ALL; export LC_ALL
unset LANGUAGE; export LANGUAGE
. /etc/ha.d/shellfuncs
# Location of openvpn binary
openvpn=""
openvpn_locations="/usr/sbin/openvpn /usr/local/sbin/openvpn"
for location in $openvpn_locations
do
if [ -f "$location" ]
then
openvpn=$location
fi
done
if [ $1"X" == "X" ]; then
echo "Usage: openvpn {name}
{start|stop|restart|condrestart|reload|reopen|status}"
exit 1
fi
# Lockfile
lock="/var/lock/subsys/openvpn-ha-$1"
# PID directory
piddir="/var/run/openvpn-ha"
# Our working directory
work=/etc/openvpn
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
if [ ${NETWORKING} = "no" ]
then
ha_log "Networking is down"
exit 1
fi
# Check that binary exists
if ! [ -f $openvpn ]
then
ha_log "openvpn binary not found"
exit 1
fi
if [ $1 == "list" ]; then
for c in `/bin/ls $work/ha/*.conf 2>/dev/null`; do
bn=${c%%.conf}
basename $bn
done
exit 0
fi
# See how we were called.
case "$2" in
start)
/sbin/modprobe tun >/dev/null 2>&1
if [ ! -d $piddir ]; then
mkdir $piddir
fi
if [ -f $lock ]; then
pidf=$piddir/$1.pid
pid=`cat $pidf`
if [ -d /proc/$pid/ ]; then
ha_log "SUCCESS: $1 already running"
exit 0
else
# we were not shut down correctly
rm -f $lock
fi
fi
rm -f $pifd
cd $work
c=$1.conf
bn=${c%%.conf}
if [ -f "$bn.sh" ]; then
. $bn.sh
fi
rm -f $piddir/$bn.pid
$openvpn --daemon --writepid $piddir/$bn.pid --config ha/$c --cd
$work
if [ $? = 0 ]; then
ha_log "SUCCESS: $1 has been started"
touch $lock
else
ha_log "ERROR: unable to start $1"
exit 1
fi
;;
stop)
if [ -f $lock ]; then
pidf=$piddir/$1.pid
pid=`cat $pidf`
if [ -d /proc/$pid/ ]; then
kill `cat $pidf` >/dev/null 2>&1
fi
rm -f $pidf
fi
ha_log "SUCCESS: $1 has been stopped"
rm -f $lock
;;
restart)
$0 $1 stop
sleep 2
$0 $1 start
;;
reload)
if [ -f $lock ]; then
pidf=$piddir/$1.pid
if [ -s $pidf ]; then
kill -HUP `cat $pidf` >/dev/null 2>&1
fi
else
ha_log "openvpn $1: service not started"
exit 1
fi
RETVAL=0
;;
reopen)
if [ -f $lock ]; then
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill -USR1 `cat $pidf` >/dev/null 2>&1
fi
done
else
ha_log "openvpn $1: service not started"
exit 1
fi
RETVAL=0
;;
condrestart)
if [ -f $lock ]; then
$0 $1 stop
# avoid race
sleep 2
$0 $1 start
else
ha_log "openvpn $1: service not started"
exit 1
fi
;;
status)
if [ -f $lock ]; then
pidf=$piddir/$1.pid
if [ -s $pidf ]; then
kill -USR2 `cat $pidf` >/dev/null 2>&1
fi
echo "$1 running"
ha_log "$1 is running"
else
ha_log "openvpn $1: service not started"
exit 1
fi
;;
*)
echo "Usage: openvpn {name}
{start|stop|restart|condrestart|reload|reopen|status}"
exit 1
;;
esac
exit 0
pgprfcUIBrIL2.pgp
Description: PGP signature
_______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
