dumrauf / openvpn-terraform-install Goto Github PK

Hi Dominic,

Your solution is great. But what happens if the AMI changes?

Following an update of the AMI it seems that it is not correctly reprovisioning the server.
It declares "aws_instance.openvpn must be replaced" then it crashes because it cannot find the script "update_users.sh"
null_resource.openvpn_update_users_script (remote-exec): User: ec2-user null_resource.openvpn_update_users_script (remote-exec): Password: false null_resource.openvpn_update_users_script (remote-exec): Private key: true null_resource.openvpn_update_users_script (remote-exec): Certificate: false null_resource.openvpn_update_users_script (remote-exec): SSH Agent: false null_resource.openvpn_update_users_script (remote-exec): Checking Host Key: false null_resource.openvpn_update_users_script (remote-exec): Connected! null_resource.openvpn_update_users_script (remote-exec): sudo: /home/ec2-user/update_users.sh: command not found Error: error executing "/tmp/terraform_51813320.sh": Process exited with status 1 Cleaning up file based variables

What solution do you suggest?

thank you!

The script is unable to revoke users. It hangs on the menu system of openvpn-install.sh while trying to revoke user redacted3:

null_resource.openvpn_update_users_script[0] (remote-exec): Revoking certificate for user redacted3!
null_resource.openvpn_update_users_script[0] (remote-exec): 
Welcome to OpenVPN-install!
null_resource.openvpn_update_users_script[0] (remote-exec): The git repository is available at: https://github.com/angristan/openvpn-install

null_resource.openvpn_update_users_script[0] (remote-exec): It looks like OpenVPN is already installed.

null_resource.openvpn_update_users_script[0] (remote-exec): What do you want to do?
null_resource.openvpn_update_users_script[0] (remote-exec):    1) Add a new user
null_resource.openvpn_update_users_script[0] (remote-exec):    2) Revoke existing user
null_resource.openvpn_update_users_script[0] (remote-exec):    3) Remove OpenVPN
null_resource.openvpn_update_users_script[0] (remote-exec):    4) Exit

null_resource.openvpn_update_users_script[0] (remote-exec): Select the existing client certificate you want to revoke
null_resource.openvpn_update_users_script[0] (remote-exec):      1) redacted1
null_resource.openvpn_update_users_script[0] (remote-exec):      2) redacted2
null_resource.openvpn_update_users_script[0] (remote-exec):      3) redacted3
null_resource.openvpn_update_users_script[0] (remote-exec):      4) redacted4
null_resource.openvpn_update_users_script[0] (remote-exec): Select one client [1-4]:

The problem seems that openvpn-install.sh has no way to accept the name of the user as an select option: See line 1080 in openvpn-install.sh:

echo "Select the existing client certificate you want to revoke"
tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '
if [[ "$NUMBEROFCLIENTS" = '1' ]]; then
	read -rp "Select one client [1]: " CLIENTNUMBER
else
	read -rp "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER
fi

Do you have an idea to work around this?

Hi @dumrauf. This is a very cool module. Thank you for creating and maintaining it.

I noticed that the README does not include the inputs to the module and I've found this to be pretty helpful in all the cloudposse modules (e.g. cloudposse/terraform-aws-ecs-alb-service-task)

Have you considered using terraform-docs ? would you be open to a pull request ?

or is this project dead?