Emit the new config, but do not write it to the disk yet.
Make sure we can take the config file lock before proceeding.
If we cannot get the lock the work is already being done so
exit in this case.
While here bail early on empty listeners and restructure and
consolidate the config dir path with the resulting config out
of /var/etc.
In the classic, legacy server variant there was an option called
"dynamic_ip" which injected the options `persist-remote-ip` and `float`
into the generated configuration file. In the modern variant
`persist-remote-ip` is already available, but `float` isn't available
anymore.
The OpenVPN `float` option is used to allow client to change IP
addresses during an ongoing connection to allow roaming e.g. in mobile
networks or changes in the client WiFi.
The sysctls specify "cpu" so it makes sense to follow that especially
since some systems will report the same temperature for the HT sibling
so it's not a core it's a thread.
When a status code is not mapped, it will always fall back to failed in the tooltip,
and text-danger as color. Fixes issue with ping check, the status is 16384 when
failed. Since it can be assumed that all statuses other than 0 are bad, this change
in logic seems pragmatic. (#7705)
It looks like out atob() resulted in sending broken data back to the client, the easiest way to prevent this is to keep our endpoint b64 encoded data as is and let the client handle it.
Accoring to https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs, we should be able to suffix ;base64 in these cases.
While here, also make sure the result status is as expected.
It looks like we left some old code in the openvpn export, since our model parses the certificate data already, we should be able to reuse the same data for a more consistent approach.
Common name is the only relevant linking pin between a user and the certificate, which also means there can only be one link. To avoid api breakage, keep the return format as it was, but make sure we only return one name when found. In the long run we might consider changing the ui to just mark the record with an icon so the user knows an entity exists.
This requires KASSERT_PANIC_OPTIONAL but it also allows us
to trace actual non-INVARIANTS panics seen in the wild without
running into INVARANTS panics that may or may not be related.
The number of php processes we offer to lighttpd is quite low (2 x 3), which results in a global lock when 2 dashboards are open at the same time.
Although we should increase the limit, we also should figure out a way to limit the number of long running processes as well.
