Skip to content

Commit

Permalink
Refresh PKI assets from config endpoint
Browse files Browse the repository at this point in the history 
* Fixes #2569
* ensure OpenVPN client always starts with the latest CA certificate
  from API config endpoint as this certificate may have changed and
  we don't want VPN to be down for ~24 hours until os-config is triggered
  by systemd timer

Change-type: minor
  • Loading branch information
@ab77 @klutchell
ab77 authored and klutchell committed Apr 21, 2022
1 parent 29b972b commit 07fac02
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions meta-balena-common/recipes-connectivity/openvpn/files/openvpn.service
View file
Expand Up @@ -11,6 +11,7 @@ RestartSec=10s
#Adjust OOMscore to -1000 to disable OOM killing for openvpn
OOMScoreAdjust=-1000
PIDFile=/run/openvpn/openvpn.pid
ExecStartPre=-/bin/systemctl restart os-config
ExecStart=/usr/sbin/openvpn --writepid /run/openvpn/openvpn.pid --cd /etc/openvpn/ --config /etc/openvpn/openvpn.conf --connect-retry 5 120

[Install]
Expand Down

0 comments on commit 07fac02

Please sign in to comment.