xos/synchronizers/vpn/steps/sync_vpntenant.yaml - xos - Gitiles

 ---
 - hosts: {{ instance_name }}
   gather_facts: False
   connection: ssh
   user: ubuntu
   sudo: yes
   vars:
     ca_crt: {{ ca_crt }}
     server_crt: {{ server_crt }}
     server_key: {{ server_key }}
     server_network: {{ server_network }}
     is_persistent: {{ is_persistent }}
     vpn_subnet: {{ vpn_subnet }}
     clients_can_see_each_other: {{ clients_can_see_each_other }}
     dh: {{ dh }}

   tasks:
   - name: install openvpn
     apt: name=openvpn state=present update_cache=yes

   - name: stop openvpn
     shell: killall openvpn || true

   - name: erase server key
     shell: rm -f server.key

   - name: write server key
     shell: echo {{ '{{' }} item {{ '}}' }} >> server.key
     with_items: {{ server_key }}

   - name: erase server crt
     shell: rm -f server.crt

   - name: write server crt
     shell: echo {{ '{{' }} item {{ '}}' }} >> server.crt
     with_items: {{ server_crt }}

   - name: erase ca crt
     shell: rm -f ca.crt

   - name: write ca crt
     shell: echo {{ '{{' }} item {{ '}}' }} >> ca.crt
     with_items: {{ ca_crt }}

   - name: erase dh
     shell: rm -f dh.pem

   - name: write dh
     shell: echo {{ '{{' }} item {{ '}}' }} >> dh.pem
     with_items: {{ dh }}

   - name: erase config
     shell: rm -f server.conf

   - name: erase auth script
     shell: rm -f auth.sh

   - name: write auth script
     shell: echo "exit 0" > auth.sh

   - name: write base config
     shell:
        |
        printf "script-security 3 system
        port 1194
        proto udp
        dev tun
        cert server.crt
        key server.key
        dh dh.pem
        server {{ server_network }} {{ vpn_subnet }}
        ifconfig-pool-persist ipp.txt
        comp-lzo
        status openvpn-status.log
        verb 3
        auth-user-pass-verify auth.sh via-file
        client-cert-not-required
        username-as-common-name
        " > server.conf

   - name: write persistent config
     shell:
       |
       printf "\nkeepalive 10 60
       persist-tun
       persist-key" >> server.conf
     when: {{ is_persistent }}

   - name: start openvpn
     shell: openvpn server.conf &
	---
	- hosts: {{ instance_name }}
	gather_facts: False
	connection: ssh
	user: ubuntu
	sudo: yes
	vars:
	ca_crt: {{ ca_crt }}
	server_crt: {{ server_crt }}
	server_key: {{ server_key }}
	server_network: {{ server_network }}
	is_persistent: {{ is_persistent }}
	vpn_subnet: {{ vpn_subnet }}
	clients_can_see_each_other: {{ clients_can_see_each_other }}
	dh: {{ dh }}

	tasks:
	- name: install openvpn
	apt: name=openvpn state=present update_cache=yes

	- name: stop openvpn
	shell: killall openvpn \|\| true

	- name: erase server key
	shell: rm -f server.key

	- name: write server key
	shell: echo {{ '{{' }} item {{ '}}' }} >> server.key
	with_items: {{ server_key }}

	- name: erase server crt
	shell: rm -f server.crt

	- name: write server crt
	shell: echo {{ '{{' }} item {{ '}}' }} >> server.crt
	with_items: {{ server_crt }}

	- name: erase ca crt
	shell: rm -f ca.crt

	- name: write ca crt
	shell: echo {{ '{{' }} item {{ '}}' }} >> ca.crt
	with_items: {{ ca_crt }}

	- name: erase dh
	shell: rm -f dh.pem

	- name: write dh
	shell: echo {{ '{{' }} item {{ '}}' }} >> dh.pem
	with_items: {{ dh }}

	- name: erase config
	shell: rm -f server.conf

	- name: erase auth script
	shell: rm -f auth.sh

	- name: write auth script
	shell: echo "exit 0" > auth.sh

	- name: write base config
	shell:
	\|
	printf "script-security 3 system
	port 1194
	proto udp
	dev tun
	cert server.crt
	key server.key
	dh dh.pem
	server {{ server_network }} {{ vpn_subnet }}
	ifconfig-pool-persist ipp.txt
	comp-lzo
	status openvpn-status.log
	verb 3
	auth-user-pass-verify auth.sh via-file
	client-cert-not-required
	username-as-common-name
	" > server.conf

	- name: write persistent config
	shell:
	\|
	printf "\nkeepalive 10 60
	persist-tun
	persist-key" >> server.conf
	when: {{ is_persistent }}

	- name: start openvpn
	shell: openvpn server.conf &