Use a separate data directory for CCD files

Fixes CCD files being ignored on 3541.x stemcells due to umask changes
dpb587 · Feb 13, 2018 · efd50e6 · efd50e6
1 parent 544d52c
commit efd50e6
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 10 deletions.
diff --git a/ci/tasks/integration-test/run.sh b/ci/tasks/integration-test/run.sh
@@ -12,9 +12,9 @@ source /tmp/local-bosh/director/env
 
 bosh upload-stemcell \
   --name=bosh-warden-boshlite-ubuntu-trusty-go_agent \
-  --version=3421.9 \
-  --sha1=1396d7877204e630b9e77ae680f492d26607461d \
-  https://s3.amazonaws.com/bosh-core-stemcells/warden/bosh-stemcell-3421.9-warden-boshlite-ubuntu-trusty-go_agent.tgz
+  --version=3541.2 \
+  --sha1=314b3144192db02f29e086ffbf928792ae3789fa \
+  https://s3.amazonaws.com/bosh-core-stemcells/warden/bosh-stemcell-3541.2-warden-boshlite-ubuntu-trusty-go_agent.tgz
 
 export BOSH_DEPLOYMENT=integration-test
 

diff --git a/jobs/openvpn/templates/bin/write-ccd.erb b/jobs/openvpn/templates/bin/write-ccd.erb
@@ -1,15 +1,15 @@
 #!/bin/bash
 
-cd /var/vcap/jobs/openvpn/etc
+[ ! -d /var/vcap/data/openvpn-ccd ] || rm -fr /var/vcap/data/openvpn-ccd
 
-if [ -d ccd ] ; then
-    rm -fr ccd
-fi
+mkdir /var/vcap/data/openvpn-ccd
+chmod 755 /var/vcap/data/openvpn-ccd
 
-mkdir ccd
+cd /var/vcap/data/openvpn-ccd
 
 <% p('ccd').each do | ccd | %>
-cat > ccd/<%= ccd[0] %> << EOF
+cat > "<%= ccd[0] %>" << EOF
 <%= ccd[1] %>
 EOF
+chmod 644 "<%= ccd[0] %>"
 <% end %>
diff --git a/jobs/openvpn/templates/etc/openvpn.conf.erb b/jobs/openvpn/templates/etc/openvpn.conf.erb
@@ -1,6 +1,6 @@
 mode server
 writepid /var/vcap/sys/run/openvpn/openvpn.pid
-client-config-dir /var/vcap/jobs/openvpn/etc/ccd
+client-config-dir /var/vcap/data/openvpn-ccd
 cipher <%= p('cipher') %>
 keysize <%= p('keysize') %>
 <% if_p('tls_cipher') do | v | %>

diff --git a/releases/openvpn/openvpn-4.2.1.md b/releases/openvpn/openvpn-4.2.1.md
@@ -0,0 +1 @@
+* fix: client config directories cannot be used on stemcells v3541+