Make LDAP client certificates optional/configurable and add new options for Bridge interface #52
Conversation
jangrewe
changed the title
|
Thanks for submitting this, @jangrewe. Thoughts, @nemesisdesign? Since the proposed changes politely respect current role default behavior, and are opt-in, I'm inclined to merge, but holler if you have feedback on these changes. |
|
The line that changes the I suggest something like the following: |
|
Agreed, @nemesisdesign. I have commited a fix for this situation. |
|
Thank you @jangrewe, I'm not 100% sure the syntax is correct, I'll leave an inline comment on the code. |
| bridge_ports {{ openvpn_dev }} | ||
| bridge_ports {% if 'ports' in openvpn_bridge %}{{ openvpn_bridge.ports }} | ||
| {% else %}{{ openvpn_dev }} | ||
| {% endif -%} |
There was a problem hiding this comment.
Are you sure the - at the end is ok? Shouldn't it be {% endif %}, or is it a jinja2 feature I don't know?
There was a problem hiding this comment.
The - removes the whitespace/newline, depending on where you put it.
| @@ -11,9 +11,14 @@ iface {{ openvpn_dev }} inet manual | |||
| # Bridge | |||
| auto br-{{ openvpn_dev }} | |||
| iface br-{{ openvpn_dev }} inet static | |||
| bridge_ports {{ openvpn_dev }} | |||
| bridge_ports {% if 'ports' in openvpn_bridge %}{{ openvpn_bridge.ports }} | |||
There was a problem hiding this comment.
(this is just a style related comment)
even if it would be long, I would prefer having everything on oneline, the resulting configuration would look more readable, although I would have to test it, which I haven't yet. Have you tested it and if yes does the resulting configuration file look ok and works?
There was a problem hiding this comment.
I know that the formatting is ugly this way, but otherwise you have the next line either indented one tabstop too much, or on the same line. If there was any way to force a newline character, i'd put it as a oneliner, too! =)
|
The |
|
Thanks for the explaination, ok for me 👍 |
| bridge_stp off | ||
| address {{openvpn_bridge.address}} | ||
| netmask {{openvpn_bridge.netmask}} | ||
| network {{openvpn_bridge.network}} | ||
| broadcast {{openvpn_bridge.broadcast}} | ||
| {% for line in openvpn_bridge.script -%} | ||
| {{ line }} | ||
| {% endfor %} |
There was a problem hiding this comment.
Given this structure, the dict openvpn_bridge must contain a script list element. If that's truly a requirement, fine as-is, otherwise a |default([]) would come in handy here.
|
@nemesisdesign @jangrewe Can you both +1 here if you're satisfied for merge? I am not using bridged connections, but these changes look solid. If they work well for both of your uses cases, happy to include. |
|
👍 |
|
Was this forgotten? |
|
Hey, any chance this could be merged in? |
|
I don't have the time right now to go through this PR and resolve the conflicts, but if someone does, I would be glad to merge. |
nkakouros
force-pushed
the
develop
branch
2 times, most recently
from
4845328
to
b7bb783
Compare
We don't use a client cert for connecting to LDAP, and the CA certificate path didn't match on Ubuntu 16.04, so this makes it optional and configurable.