From 543acabdb172fc44805ad73d21c301191ca3bb34 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Tue, 2 Jan 2018 02:11:43 +0000
Subject: [PATCH] Try to ensure that haproxy and varnish get started after VPN
 comes up on proxies

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 inventory/group_vars/all                |  3 +++
 inventory/group_vars/proxies            |  4 ++++
 roles/openvpn/client/files/postvpn.conf |  3 +++
 roles/openvpn/client/tasks/main.yml     | 16 ++++++++++++++++
 4 files changed, 26 insertions(+)
 create mode 100644 roles/openvpn/client/files/postvpn.conf

diff --git a/inventory/group_vars/all b/inventory/group_vars/all
index f01b94ef63..1adcf0d772 100644
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -275,3 +275,6 @@ baseiptables: True
 nm_controlled_resolv: False
 dns1: "10.5.126.21"
 dns2: "10.5.126.22"
+
+# This is a list of services that need to wait for VPN to be up before getting started.
+postvpnservices: []
diff --git a/inventory/group_vars/proxies b/inventory/group_vars/proxies
index fc2a0a1a7d..ae70e98368 100644
--- a/inventory/group_vars/proxies
+++ b/inventory/group_vars/proxies
@@ -90,6 +90,10 @@ collectd_apache: true
 
 varnish_group: proxies
 
+postvpnservices:
+- haproxy
+- varnish
+
 # For the MOTD
 csi_security_category: Moderate
 csi_primary_contact: Fedora Admins - admin@fedoraproject.org
diff --git a/roles/openvpn/client/files/postvpn.conf b/roles/openvpn/client/files/postvpn.conf
new file mode 100644
index 0000000000..5adf1c61fb
--- /dev/null
+++ b/roles/openvpn/client/files/postvpn.conf
@@ -0,0 +1,3 @@
+[Unit]
+After=openvpn-client@openvpn.service
+Requires=openvpn-client@openvpn.service
diff --git a/roles/openvpn/client/tasks/main.yml b/roles/openvpn/client/tasks/main.yml
index bbde407df1..91a6f63a61 100644
--- a/roles/openvpn/client/tasks/main.yml
+++ b/roles/openvpn/client/tasks/main.yml
@@ -99,3 +99,19 @@
   tags:
   - service
   - openvpn
+
+- name: Create directories for post-vpn service configs
+  file: path="/etc/systemd/system/{{item}}.service.d" state=directory
+  with_items: postvpnservices
+  when: is_fedora is defined or ansible_distribution_major_version|int == 7
+  tags:
+  - service
+  - openvpn
+
+- name: Deploy postvpn.conf for post-vpn services
+  copy: src=postvpn.conf dest="/etc/systemd/system/{{item}}.service.d/postvpn.conf"
+  with_items: postvpnservices
+  when: is_fedora is defined or ansible_distribution_major_version|int == 7
+  tags:
+  - service
+  - openvpn