= Add external servers to vpn

. In the Fedora Infra Ansible repo edit the file **roles/batcave/files/allows**.
Under the correct section add **require ip** ***<server_ip>***

. When this change is pushed run the batcave ansible playbook on the batcave.
You will need sysadmin-main access for this

. Create openvpn certificates for the new server.
This requires sysadmin main access

. <<generate_openvpn_keys.adoc#>>

. In the dns repo on batcave edit the file master/168.192.in-addr.arpa
Add the new host to one of the unused adresses.
Ensure the hostname ends in .vpn.fedoraproject.org.
Don't forget to update the serial before saving.

. Also edit the master/vpn.fedoraproject.org file to add the server with
the new 192.168.*.* address created in the previous step to the required section
Don't forget to update the serial before saving.

. When the above edits are done follow the instructions in the DNS sysadmin sop
about signing and pushing new dns chnages.

. <<infra:sysadmin_guide:dns.adoc#>>

. Finally in the Fedora Infra Ansible repo add a new file
**roles/openvpn/server/files/ccd/*<server_name>*** with the new 192.168.*.* address.
View one of the existing files in the repo for a sample of formatting.
This change will be run when the server is provisioned.