[bug] If I select ‘n’ in the install script for OpenVPN, the OpenVPN container is still started.

[chriswalg]

Describe the bug If I select ‘n’ in the install script for OpenVPN, the OpenVPN container is still started.

Steps To Reproduce Steps to reproduce the behavior: OpenWISP Configuration: OpenWISP Version (leave blank for latest): Do you have .env file? Enter filepath (leave blank for ad-hoc configuration): (1/5) Enter dashboard domain: dashboard-openwisp.mydomain.de (2/5) Enter API domain (blank for api.mydomain.de): api-openwisp.mydomain.de (3/5) Enter OpenVPN domain (blank for openvpn.mydomain.de, N to disable module): n (4/5) Site manager email: [email protected] (5/5) Enter letsencrypt email (leave blank for self-signed certificate): [email protected]

Expected behavior The OpenVPN module is not deactivated when ‘n’ is entered. However, according to the description, it should be deactivated. Furthermore, the letter is written in lower case in the script and in upper case in the description.

Screenshots

Part from autoinstall output:

Downloading docker-openwisp... done Configuring docker-openwisp... done Starting images docker-openwisp (this will take a while)... error Starting openwisp failed. Check logs at /opt/openwisp/autoinstall.log

Part from autoinstall.log: Container docker-openwisp-openvpn-1 Starting Container docker-openwisp-postfix-1 Started Container docker-openwisp-dashboard-1 Starting Container docker-openwisp-dashboard-1 Started Error response from daemon: error gathering device information while adding custom device "/dev/net/tun": no such file or directory make: *** [Makefile:86: start] Error 1 make: Leaving directory '/opt/openwisp/docker-openwisp'

System Informatioon:

• OS: Debian 12 in Proxmox 8 LXC Container
• Docker version: 28.3.3

[surfrock66]

Just a heads up, the prompt for the openVPN url says "enter N to disable the module" with the upper case N, but the actual check only checks for lower case n.

[Adityashandilya555]

thanks surfrock66 for noticing it .could you check once after recent commits

[surfrock66]

I pulled the script from the linked commit (verified it had the right bash code) and while the "N" check worked, it still tried to install and start the openvpn container.

root@sr66-wisp-01:/opt/openwisp# wget https://raw.githubusercontent.com/openwisp/docker-openwisp/c6e2d7e176d86431d52b897da271b50ca3f4a417/deploy/auto-install.sh

You can use -u\--upgrade if you are upgrading from an older version.

Checking your system capabilities...                                   done
Setting up dependencies...                                             done
Setting up docker...                                                   done

OpenWISP Configuration:
OpenWISP Version (leave blank for latest): 
Do you have .env file? Enter filepath (leave blank for ad-hoc configuration): 
(1/5) Enter dashboard domain: openwisp.~~~~~.~~~
(2/5) Enter API domain (blank for api.~~~~~~~.~): openwispapi.~~~~~~.~~~~~~
(3/5) Enter OpenVPN domain (blank for openvpn.~~~~~~~~.~~~~, N to disable module): N
(4/5) Site manager email: ~~~~~~~@~~~~~~~~.~~~
(5/5) Enter letsencrypt email (leave blank for self-signed certificate): 

Downloading docker-openwisp...                                         done
Configuring docker-openwisp...                                         done
Starting images docker-openwisp (this will take a while)...            error
Starting openwisp failed.
Check logs at /opt/openwisp/autoinstall.log

 Container docker-openwisp-influxdb-1  Recreated
 Container docker-openwisp-postgres-1  Recreated
 Container docker-openwisp-openvpn-1  Recreate
 Container docker-openwisp-openvpn-1  Recreated
 Container docker-openwisp-postfix-1  Recreated
 Container docker-openwisp-dashboard-1  Recreate
 Container docker-openwisp-dashboard-1  Recreated
 Container docker-openwisp-websocket-1  Recreate
 Container docker-openwisp-api-1  Recreate
 Container docker-openwisp-celerybeat-1  Recreate
 Container docker-openwisp-celery-1  Recreate
 Container docker-openwisp-celery_monitoring-1  Recreate
 Container docker-openwisp-celery_monitoring-1  Recreated
 Container docker-openwisp-celery-1  Recreated
 Container docker-openwisp-celerybeat-1  Recreated
 Container docker-openwisp-api-1  Recreated
 Container docker-openwisp-freeradius-1  Recreate
 Container docker-openwisp-websocket-1  Recreated
 Container docker-openwisp-nginx-1  Recreate
 Container docker-openwisp-freeradius-1  Recreated
 Container docker-openwisp-nginx-1  Recreated
 Container docker-openwisp-influxdb-1  Starting
 Container docker-openwisp-postfix-1  Starting
 Container docker-openwisp-postgres-1  Starting
 Container docker-openwisp-postgres-1  Started
 Container docker-openwisp-openvpn-1  Starting
 Container docker-openwisp-influxdb-1  Started
 Container docker-openwisp-postfix-1  Started
 Container docker-openwisp-dashboard-1  Starting
 Container docker-openwisp-openvpn-1  Started
 Container docker-openwisp-dashboard-1  Started
 Container docker-openwisp-api-1  Starting
 Container docker-openwisp-celerybeat-1  Starting
 Container docker-openwisp-openvpn-1  Waiting
 Container docker-openwisp-openvpn-1  Waiting
 Container docker-openwisp-websocket-1  Starting
 Container docker-openwisp-websocket-1  Started
 Container docker-openwisp-openvpn-1  Error
 Container docker-openwisp-openvpn-1  Error
 Container docker-openwisp-celerybeat-1  Started
 Container docker-openwisp-api-1  Started
dependency failed to start: container docker-openwisp-openvpn-1 is unhealthy
make: *** [Makefile:86: start] Error 1
make: Leaving directory '/opt/openwisp/docker-openwisp'

[nemesifier]

Maybe the problem is that docker ompose still tris to bring up the container. What if you remove the definition of the openvpn container it from the YAML? Does it work?

I always assume people would make a copy of the docker-compose.yml and use a modified version, but probably my assumption is wrong.

[Adityashandilya555]

Hey, I found the issue with #490. The problem is that even when we disable OpenVPN in the auto-install script, the celery and celery_monitoring services in docker-compose.yml have hardcoded dependencies on openvpn (lines 9-10, 84, 98). They depend on openvpn being healthy and use its network mode, so docker compose always tries to start it.

I think the best fix is to create a docker-compose.openvpn-disabled.yml override file that disables the openvpn service and removes those dependencies from celery services. Then in auto-install.sh, when the user enters 'N', we set USE_OPENVPN=False and use both compose files when starting: docker compose -f docker-compose.yml -f docker-compose.openvpn-disabled.yml up

Alternatively we could use docker compose profiles, but that would need more refactoring of the main compose file. The override approach seems cleaner and easier to maintain.

[nemesifier]

Hey, I found the issue with #490. The problem is that even when we disable OpenVPN in the auto-install script, the celery and celery_monitoring services in docker-compose.yml have hardcoded dependencies on openvpn (lines 9-10, 84, 98). They depend on openvpn being healthy and use its network mode, so docker compose always tries to start it.

I think this is the main issue for now, can you post a link to these lines please?

[Adityashandilya555]

sure

[Adityashandilya555]

https://github.com/openwisp/docker-openwisp/blob/master/docker-compose.yml#L9-L10. https://github.com/openwisp/docker-openwisp/blob/master/docker-compose.yml#L98 https://github.com/openwisp/docker-openwisp/blob/master/docker-compose.yml#L84

[surfrock66]

I wanted to check in and see if any commits need to be tested, I didn't see anything complete yet.

[surfrock66]

Checking back in, I saw this pull request, but I'm not seeing a fix yet, even running this commit:

https://github.com/openwisp/docker-openwisp/pull/518