aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRomain Gonçalves <me@rgoncalves.se>2021-12-12 14:52:04 +0000
committerRomain Gonçalves <me@rgoncalves.se>2021-12-12 14:54:58 +0000
commitc72bba3be432c661788d93a8cb40defba213a226 (patch)
tree7369313f401ab344610749cd7f2f9851131352ad
parent4a16c10dd3b870ce62fdae9b590ff207e30a2bdd (diff)
downloadinfrastructure-c72bba3be432c661788d93a8cb40defba213a226.tar.gz
roles/wireguard: Daemon hang with shell module
Using the raw module is a workaround for having wg-quick working in background.
Diffstat
-rw-r--r--roles/wireguard/tasks/cron.yml5
-rw-r--r--roles/wireguard/tasks/main.yml11
-rw-r--r--roles/wireguard/tasks/service.yml16
3 files changed, 22 insertions, 10 deletions
diff --git a/roles/wireguard/tasks/cron.yml b/roles/wireguard/tasks/cron.yml
new file mode 100644
index 0000000..482b34f
--- /dev/null
+++ b/roles/wireguard/tasks/cron.yml
@@ -0,0 +1,5 @@
+- name: add cronjob for keepalive
+ ansible.builtin.cron:
+ name: keepalive network traffic to domain controller
+ user: nobody
+ job: ping -c 1 {{ hostvars[wireguard_domain_controller].__ip.external }}
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index 9f1d01d..d1ff496 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -25,10 +25,15 @@
name: wireguard-tools
state: present
-- name: include service configuration for server
+- name: include service configuration for hosts
include_tasks: service.yml
when: inventory_hostname == wireguard_domain_controller
-- name: include service configuration for hosts
- include_tasks: service.yml
+- name: include service configuration for server
+ include_tasks: "{{ task }}"
when: inventory_hostname != wireguard_domain_controller
+ loop_control:
+ loop_var: task
+ loop:
+ - service.yml
+ - cron.yml
diff --git a/roles/wireguard/tasks/service.yml b/roles/wireguard/tasks/service.yml
index d1a1007..37f3cec 100644
--- a/roles/wireguard/tasks/service.yml
+++ b/roles/wireguard/tasks/service.yml
@@ -10,11 +10,13 @@
when: ansible_distribution == "OpenBSD"
- name: restart wireguard interface
- command: wg-quick "{{ item }}" "{{ wireguard_domain_controller }}"
- ignore_errors: true
- loop:
- - down
- - up
- loop_control:
- pause: 5
+ raw: |
+ wg-quick down {{ wireguard_domain_controller }}
+ sleep {{ 10 | random(start=1) }}
+ wg-quick up {{ wireguard_domain_controller }}
when: ansible_distribution == "OpenBSD"
+ register: result
+
+- name: show wireguard output
+ debug:
+ var: result
remember that computers suck.