refactor(obs): convert stunnel and openvpn configs to templates

Convert static stunnel.conf and openvpn-obs.conf files to templates to
enable dynamic configuration via ansible variables. Also, add task to
include ohpc-lenovo-common.yml.

Assisted-by: Gemini 2.5 Flash
Signed-off-by: Adrian Reber <[email protected]>

Author: adrianreber

ansible/roles/obs/ohpc-lenovo-c3.yml

@@ -9,6 +9,8 @@
     obs_worker_jobs: 6
     container_tag: amd64
     obs_repository_server: 10.255.254.0
+    stunnel_remote_port: 8444
+    openvpn_ifconfig: "10.255.254.1 10.255.254.0"
 
   handlers:
     - name: Include handlers
@@ -21,6 +23,9 @@
     - name: Include automatic-updates.yml
       ansible.builtin.include_tasks: ../common/automatic-updates.yml
 
+    - name: Import ohpc-lenovo-common.yml
+      ansible.builtin.import_tasks: ../test/ohpc-lenovo-common.yml
+
     - name: Create OBS directories
       ansible.builtin.file:
         dest: "{{ item }}"
@@ -65,15 +70,15 @@
           - git
 
     - name: Install stunnel configuration
-      ansible.builtin.copy:
+      ansible.builtin.template:
         src: stunnel.conf
         dest: /etc/stunnel/stunnel.conf
         owner: root
         group: root
         mode: "0600"
 
     - name: Install openvpn configuration
-      ansible.builtin.copy:
+      ansible.builtin.template:
         src: openvpn-obs.conf
         dest: /etc/openvpn/client/obs.conf
         owner: root

ansible/roles/obs/ohpc-lenovo-repo.yml

@@ -9,6 +9,8 @@
     obs_worker_jobs: 6
     container_tag: amd64
     obs_repository_server: 10.255.255.0
+    stunnel_remote_port: 8443
+    openvpn_ifconfig: "10.255.255.1 10.255.255.0"
 
   handlers:
     - name: Include handlers
@@ -50,15 +52,15 @@
           - git
 
     - name: Install stunnel configuration
-      ansible.builtin.copy:
+      ansible.builtin.template:
         src: stunnel.conf
         dest: /etc/stunnel/stunnel.conf
         owner: root
         group: root
         mode: "0600"
 
     - name: Install openvpn configuration
-      ansible.builtin.copy:
+      ansible.builtin.template:
         src: openvpn-obs.conf
         dest: /etc/openvpn/client/obs.conf
         owner: root

ansible/roles/obs/files/openvpn-obs.conf renamed to ansible/roles/obs/templates/openvpn-obs.conf

@@ -1,6 +1,6 @@
 dev tun1
 remote localhost
-ifconfig 10.255.255.1 10.255.255.0
+ifconfig {{ openvpn_ifconfig }}
 secret /etc/openvpn/client/obs.key
 cipher AES-256-CBC
 keepalive 10 60

ansible/roles/obs/files/stunnel.conf renamed to ansible/roles/obs/templates/stunnel.conf

@@ -1,5 +1,5 @@
 [openvpn]
 client = yes
 accept = 30000
-connect = obs.openhpc.community:8443
+connect = obs.openhpc.community:{{ stunnel_remote_port }}
 cert = /etc/stunnel/stunnel.pem