duplicate configs installed

[letoams]

When I tried certificate based deployment, I noticed duplicate configs were installed. eg for a two node inventory with "east" and "west", both machines end up with east-to-west.conf and west-to-east.conf with basically the same config (but left/right mirrored)

They should only get one config file for this.

[letoams]

It seems a little more complicated. Possibly a race condition or perhaps the first node and second node being treated differently. This is my inventory:

all:
  hosts:
    west:
      ansible_host: 192.1.2.45
      ansible_user: root
      ansible_password: swan
      ansible_ssh_common_args: -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
    east:
      ansible_host: 192.1.2.23
      ansible_user: root
      ansible_password: swan
      ansible_ssh_common_args: -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
  vars:
    vpn_auth_method: cert
    vpn_connections:
      - hosts:
          west:
            cert_name: west
          east:
            cert_name: east
        auto: ondemand

I run this with:

---
- name: Ensure that the role runs with default parameters
  hosts: all

  roles:
    - linux-system-roles.vpn

Then on west, I only seem to have east's configuration, that is with leftcert=east On east, I end up with both configurations, east-to-west. and west-to-east.

[letoams]

The same happens for the mesh.conf. It seems when adding a mesh for east and west, I ended up with only the mesh.conf of east on both nodes, so both had leftcert=east configured

[letoams]

Duh. This was a bug in my test cases in the upstream libreswan. Fixed in https://github.com/libreswan/libreswan/commit/8db1d6e8e37a12de65836d611f950fcbf1190d6d