[fix] Made OpenVPN container optional #490

Fixes #490

(cherry picked from commit 94908a3)

Author: pandafy

.env

@@ -58,6 +58,7 @@ OPENWISP_CELERY_MONITORING_COMMAND_FLAGS=--concurrency=1
 OPENWISP_CELERY_MONITORING_CHECKS_COMMAND_FLAGS=--concurrency=1
 USE_OPENWISP_CELERY_FIRMWARE=True
 OPENWISP_CELERY_FIRMWARE_COMMAND_FLAGS=--concurrency=1
+CELERY_SERVICE_NETWORK_MODE=service:openvpn
 # Metric collection
 METRIC_COLLECTION=True
 # collectstatic

deploy/auto-install.sh

@@ -148,8 +148,10 @@ setup_docker_openwisp() {
 		# VPN domain
 		if [[ -z "$vpn_domain" ]]; then
 			set_env "VPN_DOMAIN" "openvpn.${domain}"
+			set_env CELERY_SERVICE_NETWORK_MODE "service:openvpn"
 		elif [[ "${vpn_domain,,}" == "n" ]]; then
-			set_env "VPN_DOMAIN" "example.com"
+			set_env "VPN_DOMAIN" ""
+			set_env CELERY_SERVICE_NETWORK_MODE ""
 		else
 			set_env "VPN_DOMAIN" "$vpn_domain"
 		fi

docker-compose.yml

@@ -7,6 +7,7 @@ x-celery-depends-on: &celery-depends-on
     dashboard:
       condition: service_started
     openvpn:
+      required: false
       condition: service_healthy
 
 services:
@@ -81,7 +82,7 @@ services:
     env_file:
       - .env
     <<: *celery-depends-on
-    network_mode: "service:openvpn"
+    network_mode: "${CELERY_SERVICE_NETWORK_MODE-service:openvpn}"
 
   celery_monitoring:
     image: openwisp/openwisp-dashboard:latest
@@ -95,7 +96,7 @@ services:
     env_file:
       - .env
     <<: *celery-depends-on
-    network_mode: "service:openvpn"
+    network_mode: "${CELERY_SERVICE_NETWORK_MODE-service:openvpn}"
 
   celerybeat:
     image: openwisp/openwisp-dashboard:latest
@@ -167,7 +168,7 @@ services:
 
   openvpn:
     image: openwisp/openwisp-openvpn:latest
-    restart: always
+    restart: on-failure
     build:
       context: images
       dockerfile: openwisp_openvpn/Dockerfile

docs/user/settings.rst

@@ -399,6 +399,19 @@ framework.
 - **Valid Values:** STRING.
 - **Default:** ``--concurrency=1``.
 
+``CELERY_SERVICE_NETWORK_MODE``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- **Explanation:** Controls the Docker network mode for `celery` and
+  `celery_monitoring` workers. Default ``service:openvpn`` shares the
+  OpenVPN container's network namespace so workers can reach VPN-connected
+  devices. Set to an empty string ``""`` to use the default bridge network
+  when you need direct LAN access to devices (the auto-install script sets
+  this to ``""`` if OpenVPN is disabled).
+- **Valid Values:** Docker network mode (e.g. ``service:<name>``,
+  ``host``) or empty string (``""``).
+- **Default:** ``service:openvpn``
+
 ``OPENWISP_CUSTOM_OPENWRT_IMAGES``
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

images/openwisp_dashboard/load_init_data.py

@@ -241,18 +241,20 @@ def create_default_topology(vpn):
     create_admin()
     # Steps for creating new vpn client template with all the
     # required objects (CA, Certificate, VPN Server).
-    default_ca = create_default_ca()
-    default_cert = create_default_cert(default_ca)
-    default_vpn = create_default_vpn(
-        default_ca,
-        default_cert,
-    )
-    create_default_vpn_template(default_vpn)
+    is_vpn_enabled = os.environ.get("VPN_DOMAIN", "") != ""
+    if is_vpn_enabled:
+        default_ca = create_default_ca()
+        default_cert = create_default_cert(default_ca)
+        default_vpn = create_default_vpn(
+            default_ca,
+            default_cert,
+        )
+        create_default_vpn_template(default_vpn)
 
     create_default_credentials()
     create_ssh_key_template()
 
-    if env_bool(os.environ.get("USE_OPENWISP_TOPOLOGY")):
+    if is_vpn_enabled and env_bool(os.environ.get("USE_OPENWISP_TOPOLOGY")):
         Topology = load_model("topology", "Topology")
         create_default_topology(default_vpn)