ansible-tinc
ansible-tinc copied to clipboard
debops
tinc.conf generated with wrong hostname if inventory_hostname is fqdn
Hello,
I'm using FQDN in my ansible inventory file and found follow issue.
Because tinc_hostname defined as inventory_hostname_short that uses for generate hosts files, and tinc_connect_to uses items from group inventory I'm getting wrong ConnectTo values in tinc.conf.
Example: tinc.conf
Name = openvz21
ConnectTo = openvz3.example.com
ConnectTo = openvz21.example.com
Hosts dir
$ ls hosts/
openvz21 openvz21.d openvz3
But if I change tinc_hostname to inventory_hostname somehow task Create persistent copy of host public key is failed.
Umm, "hosts dir"? I see that inventory format for the first time, how does that work? It's usually hosts file in an INI format.
Have you tried specifying the hostnames directly in each host inventory variables? That should work, I think. What's the error specifically that the task creates?
Sorry, I mean "hosts dir" inside tinc config folder that contains RSA keys and other options. Not ansible inventory.
As I know tinc read config files in "/etc/tinchosts/" based on names that was defined in ConnectTo. And in this case tinc failed to start.
I've set tinc_hostname as host variable but it doesn't help
TASK: [ansible-tinc | Create persistent copy of host public key] **************
failed: [openvz3.example.com] => {"changed": true, "cmd": ["cp", "/etc/tinc/ProxmoxCluster/hosts/openvz3.example.com", "/etc/tinc/ProxmoxCluster/hosts/openvz3.example.com.d/99_rsa-public-key"], "delta": "0:00:00.002729", "end": "2015-07-24 16:45:54.516222", "rc": 1, "start": "2015-07-24 16:45:54.513493", "warnings": []}
stderr: cp: cannot stat `/etc/tinc/ProxmoxCluster/hosts/openvz3.example.com': No such file or directory
Unfortunately I don't understand why it does not fail with inventory_hostname_short because "Initialize RSA key pairs" task generates rsa_key.pub file.
Try setting the tinc_hostname variable to the host's hostname, not full FQDN. Does it work then? tinc uses hostnames in the hosts/ directory, not FQDNs.
In this case I get invalid tinc configuration because of different hosts name usage FQDN vs hostname.
Jul 24 20:02:52 openvz21 tinc.ProxmoxCluster[1024462]: Invalid name for outgoing connection in /etc/tinc/ProxmoxCluster/tinc.conf line 4
Jul 24 20:02:52 openvz21 tinc.ProxmoxCluster[1024462]: Invalid name for outgoing connection in /etc/tinc/ProxmoxCluster/tinc.conf line 5
root@openvz21:/etc/tinc/ProxmoxCluster# grep ConnectTo tinc.conf
ConnectTo = openvz3.example.com
ConnectTo = openvz21.example.com
root@openvz21:/etc/tinc/ProxmoxCluster# ls hosts/
openvz21 openvz21.d openvz3
I've looked at task that distributes keys and it uses inventory_hostname to name the directories, so openvz3 should be openvz3.example.com in this case...
Not sure what's happening. Could you hop on our IRC channel (#debops @ FreeNode) when you have time to try and debug it?
I found that tincd doesn't allow use dots in Name, so it wouldn't create public key with follow name /etc/tinc/ProxmoxCluster/hosts/openvz3.example.com.
Name = name [required]
This is the name which identifies this tinc daemon. It must be unique for the virtual private network this daemon
will connect to. The Name may only consist of alphanumeric and underscore characters.
But iteration thought tinc_inventory_hosts: '{{ groups.debops_tinc }}' that is used for tinc.conf, generate FQDN names.
I think to fix it we can play around but I can't understand how to make it beauty.
hostvars[item]['inventory_hostname_short']
with_items: "{{ groups.debops_tinc }}"
I use an filter_plugin to convert the fqdn to string, but roles can't provide filter_plugin until ansible 3.
kghost/ansible-tinc@60c3a3c7420e7209be99b0a7a0da880125af2b40
