Closed federicoaaguirre closed 4 years ago
federicoaaguirre
commented
4 years ago I can't push it to a new branch.! This is the fix:
## Fix for OpenSSL symbolicLink
- name: Generate openssl.cnf symlink
command: "ln -s {{openvpn_etcdir}}/easy-rsa/openssl-1.0.0.cnf {{openvpn_etcdir}}/easy-rsa/openssl.cnf"
on configure.yml
nkakouros
commented
4 years ago Thanks for your report.
What you reporting is a known issue and what you have hacked together is one of the solutions that have been proposed in the past and it will work ok.
The development branch of the role, though, has dropped support for generating keys itself and relies on third party roles to do that. Perhaps you want to check that (see the README).
There is an error that couldn't find openssl.cnf in easy-rsa dir. There are three other files: openssl-0.9.6.cnf openssl-1.0.0.cnf openssl-0.9.8.cnf
amazon-ebs: TASK [openvpn : Generate Server keys] ****************************************** amazon-ebs: fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": ["/etc/openvpn/build-server.sh"], "delta": "0:00:00.047019", "end": "2020-04-26 23:04:19.503989", "failed": true, "msg": "non-zero return code", "rc": 1, "start": "2020-04-26 23:04:19.456970", "stderr": "**************************************************************\n No /etc/openvpn/easy-rsa/openssl.cnf file could be found\n Further invocations will fail\n**************************************************************\ngrep: /etc/openvpn/easy-rsa/openssl.cnf: No such file or directory\ngrep: /etc/openvpn/easy-rsa/openssl.cnf: No such file or directory\ngrep: /etc/openvpn/easy-rsa/openssl.cnf: No such file or directory\ngrep: /etc/openvpn/easy-rsa/openssl.cnf: No such file or directory\ngrep: /etc/openvpn/easy-rsa/openssl.cnf: No such file or directory\ngrep: /etc/openvpn/easy-rsa/openssl.cnf: No such file or directory", "stderr_lines": ["**************************************************************", " No /etc/openvpn/easy-rsa/openssl.cnf file could be found", " Further invocations will fail", "**************************************************************", "grep: /etc/openvpn/easy-rsa/openssl.cnf: No such file or directory", "grep: /etc/openvpn/easy-rsa/openssl.cnf: No such file or directory", "grep: /etc/openvpn/easy-rsa/openssl.cnf: No such file or directory", "grep: /etc/openvpn/easy-rsa/openssl.cnf: No such file or directory", "grep: /etc/openvpn/easy-rsa/openssl.cnf: No such file or directory", "grep: /etc/openvpn/easy-rsa/openssl.cnf: No such file or directory"], "stdout": "NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/keys\nUsing CA Common Name: InvGate CA\npkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong\nversion of openssl.cnf: /etc/openvpn/easy-rsa/openssl.cnf\nThe correct version should have a comment that says: easy-rsa version 2.x\npkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong\nversion of openssl.cnf: /etc/openvpn/easy-rsa/openssl.cnf\nThe correct version should have a comment that says: easy-rsa version 2.x\npkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong\nversion of openssl.cnf: /etc/openvpn/easy-rsa/openssl.cnf\nThe correct version should have a comment that says: easy-rsa version 2.x\npkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong\nversion of openssl.cnf: /etc/openvpn/easy-rsa/openssl.cnf\nThe correct version should have a comment that says: easy-rsa version 2.x\npkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong\nversion of openssl.cnf: /etc/openvpn/easy-rsa/openssl.cnf\nThe correct version should have a comment that says: easy-rsa version 2.x\npkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong\nversion of openssl.cnf: /etc/openvpn/easy-rsa/openssl.cnf\nThe correct version should have a comment that says: easy-rsa version 2.x", "stdout_lines": ["NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/keys", "Using CA Common Name: InvGate CA", "pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong", "version of openssl.cnf: /etc/openvpn/easy-rsa/openssl.cnf", "The correct version should have a comment that says: easy-rsa version 2.x", "pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong", "version of openssl.cnf: /etc/openvpn/easy-rsa/openssl.cnf", "The correct version should have a comment that says: easy-rsa version 2.x", "pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong", "version of openssl.cnf: /etc/openvpn/easy-rsa/openssl.cnf", "The correct version should have a comment that says: easy-rsa version 2.x", "pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong", "version of openssl.cnf: /etc/openvpn/easy-rsa/openssl.cnf", "The correct version should have a comment that says: easy-rsa version 2.x", "pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong", "version of openssl.cnf: /etc/openvpn/easy-rsa/openssl.cnf", "The correct version should have a comment that says: easy-rsa version 2.x", "pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong", "version of openssl.cnf: /etc/openvpn/easy-rsa/openssl.cnf", "The correct version should have a comment that says: easy-rsa version 2.x"]}What i've done? I've just created a little fix that create a symlink in there. Pushed in "new-openssl-version-easy-rsa". Regards