Streisand: WireGuard not fully upgraded on the fly

Created on 11 Jun 2018  路  8Comments  路  Source: StreisandEffect/streisand

Expected behavior:

WireGuard kernel modules reloaded and units restarted on unattended upgrade.

Actual Behavior:

On upgrade, I see this:

You appear to have just upgraded WireGuard from version v0.0.20180513 to v0.0.20180531.
However, the old version is still running on your system. In order to use the
new version, you will need to remove the old module and load the new one.
You can accomplish this with the following commands:

    # sudo rmmod wireguard
    # sudo modprobe wireguard

Do note that doing this will remove current WireGuard interfaces, so you may want
to gracefully remove them yourself prior.

In order to have all [email protected] units restarted and the new module inserted
when a new version is installed, run `touch /etc/wireguard/.reload-module-on-update'.

One system told me I needed to sysctl daemon-reload too.

Steps to Reproduce:

  1. Force an upgrade from the wireguard PPA.

    Ansible Information

  • Ansible version: 2.5.4
  • Ansible system: Darwin
  • Host OS: MacOSX
  • Python interpreter: python2.7
  • Python version: 2.7.15

Streisand Information

  • Streisand Git revision: f8d96387c0861c59600b0a947cbeeac0350600f8
  • Streisand Git clone has untracked changes: yes
  • Genesis role: genesis-amazon
  • Custom SSH key: False

Enabled Roles

  • Shadowsocks enabled: True
  • Wireguard enabled: True
  • OpenVPN enabled: True
  • stunnel enabled: True
  • Tor enabled: False
  • Openconnect enabled: True
  • TinyProxy enabled: True
  • SSH forward user enabled: True
  • Configured number of VPN clients: 5
arewireguard kinbug kinserver-upgrade

Most helpful comment

It might be better to do it with the file: task. https://docs.ansible.com/ansible/latest/modules/file_module.html#examples

All 8 comments

I confirm this behavior, it always ask to remove old module.
Would adding touch /etc/wireguard/.reload-module-on-update to the streisand installation help ?

@tiliarou: Yeah, adding it would help I think--do you have time to make a PR for it?

It might be better to do it with the file: task. https://docs.ansible.com/ansible/latest/modules/file_module.html#examples

I can try to make PR but I'm really not that proficient in coding, I barely know any language to be honest, although ansible seems simple enough.
I assume an ansible file: command should come after having installed wireguard and generated all clients configurations ? Or should it come at the very end when we restart all services ?

Ok I wrote my commit, just need to send it.
I used

streisand/playbooks/roles/wireguard/tasks/main.yml

And just added a touch via ansible file module after the Generate the server configuration. I believe there are no permission to set.

This is my first PR ever so I don't know if it's properly done, referenced, and coded...
I used to edit in browser on gitlab only.
Let me know if there are any issue.

Build failed first time due to "stupid" spaces indent when a new line is created...
Corrected and now build succeeded. But how to test if it's actually working when a new wireguard version is released ?

Fixed in #1378

Was this page helpful?
0 / 5 - 0 ratings