I don't want to get this wrong, and I don't want to waste time getting it right ...
Here's my scenario:
- All of the servers, of which "this server" is a part, communicate with one another through OpenVPN. Therefore, OpenVPN must start, and must finish initializing itself, before the startup-sequence may proceed.
- Next, "this server" must successfully initiate OpenVPN tunnel connections with all of its peers, before it may proceed to start any services which depend on it. (And, since individual servers may start at slightly-different times, it must be prepared to wait-and-retry.)
- Services which depend on the existence of established OpenVPN tunnels, such as MySQL, must list the "tunnel-is-connected" services as dependencies.
- The environment is Ubuntu server.
Please point me in the right direction.
You may, please,
assume(!) that I already have all of the servers correctly set-up to "talk to one another." Therefore, I don't need to be pointed to tutorials about EasyRSA, public or private keys and such.
Rather, my question pertains
very specifically to the startup-sequence, dependencies and pre-requisites. Making sure that the startup sequence "waits for" things that must be waited-for, and that
re-starts initiate prerequisites appropriately.
(I am also interested in pointers as to how best to
secure the arrangement, so that a web-server, say, could not possibly be hijacked into "stealing" any keys.)
I am, of course, "not altogether ignorant"
about such matters, but, "time is
not on my side, here" ...
... and your greater experience is most-kindly appreciated.