openvpn: use the niconfig partition to coordinate vpnctl conf files #424
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This reverts commit b37024d. The meta-nilrt vpn recipe was previously only intended to support `nilrt-nxg`. It now supports only `nilrt`, where safemode exists. Return the script commentary about safemode, since it is again relevant. Signed-off-by: Alex Stewart <alex.stewart@ni.com>
This reverts commit 9f0afc6. The meta-nilrt vpn recipe was previously only intended to support `nilrt-nxg`. It now supports only `nilrt`, where safemode, and the configfs, exists. Revert to using the niconfig partition to coordinate openvpn configuration between safemode and runmode. Signed-off-by: Alex Stewart <alex.stewart@ni.com>
... for clarity. Signed-off-by: Alex Stewart <alex.stewart@ni.com>
The DEPENDS and RDEPENDS added by this openvpn.bbappend were relevant in historic versions of the recipe, but are no-longer used. Remove them. Signed-off-by: Alex Stewart <alex.stewart@ni.com>
Use the new variable override syntax. Signed-off-by: Alex Stewart <alex.stewart@ni.com>
shruthi-ravi
approved these changes
Jul 12, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
NI maintains a vendor-specific initscript (
/etc/init.d/vpn) and a vendor-specific wrapper script (/usr/sbin/vpnctl) around openvpn. Those scripts are supposed to replace the upstream initscript for openvpn and will direct theopenvpnservice to use configuration files in/etc/natinst/share(the niconfig shared-partition between safemode and runmode).When we forked the distro to create the
nilrt-nxgvariant - we originally did not intend to continue using the safemode/runmode boot scheme, and so modified the version of the wrapper script for that variant to use the normal/etc/openvpnconfig location instead. When the forks converged into the OneRT image, thenilrt-nxgvariant won the merge, even though OneRT uses safemode/runmode.So users now get this confusing wrapper script that doesn't source from the correct location.
This patchset corrects that mistake, by reseting the openvpn configuration path to
/etc/natinst/share. It also performs some trivial cleanup of the openvpn .bbappend.NI AZDO: 1166546
Testing
loopback-client/-servertests work.vpninitscript itself, because I don't have an easy way to do that. And openvpn support in NILRT is generally in need of a stronger definition of supported workflows anyway - so it is ambiguous as to what needs to work.