Merge pull request #1001 from holta/openvpn-handle2

OpenVPN code readability

roles/openvpn/tasks/main.yml

@@ -70,8 +70,8 @@
 #    backup: yes
 #  when: openvpn_handle is defined
 
-# Comment out in future?  up_wan was being installed twice (also above) and
+# up_wan was being installed twice (also above) and was unused for ~2 years
-# was unused for ~2 years as of August 2018: (see 15-openvpn below)
+# as of August 2018: (see 15-openvpn below)
 #- name: Put up_wan in place (debuntu)
 #  template:
 #    src: up_wan
@@ -79,8 +79,8 @@
 #  when: is_debuntu
 
 # Comment out in future?  Contained serious bug (15-openvpn called
-# up-wan instead of up_wan in /usr/lib/iiab/) so evidently unused
+# up-wan instead of up_wan in /usr/lib/iiab/ as of August 2018) so
-# for ~2 years, as of Aug 2018:
+# evidently unused for ~2 years:
 - name: Put dispatcher up for NM (not debuntu)
   template:
     src: 15-openvpn
@@ -174,7 +174,7 @@
     value: "OpenVPN is a means of connecting to other machines anywhere on the internet, via a middleman server, using Virtual Private Network techniques to create secure connections."
   - option: enabled
     value: "{{ openvpn_enabled }}"
-# Uncommented as openvpn_handle variable is now mandatory: (if set to "", /etc/iiab/uuid will be used instead)
+# openvpn_handle variable is mandatory as of August 2018 (if set to "", /etc/iiab/uuid will be used instead)
   - option: handle
     value: "{{ openvpn_handle }}"
   - option: cron_enabled

roles/openvpn/templates/15-openvpn

@@ -1,4 +1,5 @@
 #!/bin/bash
+# Not really used as of August 2018, but perhaps can be revived for CentOS etc
 
 export LC_ALL=C
 

roles/openvpn/templates/announce

@@ -1,4 +1,5 @@
 #!/bin/bash
-# disconnect our worker from everything
+# Disconnect our worker from everything
+
 DIR=$(dirname $0)
 nohup $DIR/announcer 0<&- &>/dev/null & 

roles/openvpn/templates/up_wan

@@ -1,5 +1,8 @@
 #!/bin/bash
-# if the wan has recently come up, see if we need to start openvpn
+# Not really used as of August 2018, but perhaps can be revived for CentOS etc
+
+# If the wan has recently come up, see if we need to start openvpn
+
 systemctl is-enabled openvpn
 if [ $? -eq 0 ]; then
     pgrep openvpn

roles/openvpn/templates/xscenet.conf.j2

@@ -1,32 +1,24 @@
-#########################################
+# Sample client-side OpenVPN config file for connecting to multi-client server.
-# Sample client-side OpenVPN config file
-# for connecting to multi-client server.
 #
 # Adapted from http://openvpn.sourceforge.net/20notes.html
 #
 # The server can be pinged at {{ openvpn_server_virtual_ip }}
-#
 
 port {{ openvpn_server_port }}
 dev tun
 remote {{ openvpn_server }}
 
-# TLS parms
+# TLS parameters
-
 tls-client
 ca keys/ca.crt
 cert keys/client1.crt
 key keys/client1.key
 
-# This parm is required for connecting
+# This parameter is required for connecting to a multi-client server.
-# to a multi-client server.  It tells
+# It tells the client to accept options which the server pushes to us.
-# the client to accept options which
-# the server pushes to us.
 pull
 
-# Scripts can be used to do various
+# Scripts can be used to do various things (change nameservers, for example).
-# things (change nameservers, for
-# example.
 script-security 2
 up scripts/announce
 down scripts/silence