32 lines
1.2 KiB
Text
32 lines
1.2 KiB
Text
= Add external servers to vpn
|
|
|
|
. In the Fedora Infra Ansible repo edit the file **roles/batcave/files/allows**.
|
|
Under the correct section add **require ip** ***<server_ip>***
|
|
|
|
. When this change is pushed run the batcave ansible playbook on the batcave.
|
|
You will need sysadmin-main access for this
|
|
|
|
. Create openvpn certificates for the new server.
|
|
This requires sysadmin main access
|
|
|
|
. <<generate_openvpn_keys.adoc#>>
|
|
|
|
. In the dns repo on batcave edit the file master/168.192.in-addr.arpa
|
|
Add the new host to one of the unused adresses.
|
|
Ensure the hostname ends in .vpn.fedoraproject.org.
|
|
Don't forget to update the serial before saving.
|
|
|
|
. Also edit the master/vpn.fedoraproject.org file to add the server with
|
|
the new 192.168.*.* address created in the previous step to the required section
|
|
Don't forget to update the serial before saving.
|
|
|
|
. When the above edits are done follow the instructions in the DNS sysadmin sop
|
|
about signing and pushing new dns chnages.
|
|
|
|
. <<infra:sysadmin_guide:dns.adoc#>>
|
|
|
|
. Finally in the Fedora Infra Ansible repo add a new file
|
|
**roles/openvpn/server/files/ccd/*<server_name>*** with the new 192.168.*.* address.
|
|
View one of the existing files in the repo for a sample of formatting.
|
|
This change will be run when the server is provisioned.
|
|
|