xos/synchronizers/vpn/steps/sync_vpntenant.yaml - xos - Gitiles

 ---
 - hosts: {{ instance_name }}
   gather_facts: False
   connection: ssh
   user: ubuntu
   sudo: yes
   vars:
     server_network: {{ server_network }}
     is_persistent: {{ is_persistent }}
     vpn_subnet: {{ vpn_subnet }}
     clients_can_see_each_other: {{ clients_can_see_each_other }}
     port_number: {{ port_number }}
     protocol: {{ protocol }}
     pki_dir: {{ pki_dir }}

   tasks:
   - name: install openvpn
     apt: name=openvpn state=present update_cache=yes

   - name: stop openvpn
     shell: kill -9 $(cat {{ pki_dir }}/pid) || true

   - name: make sure /opt/openvpn exists
     file: path=/opt/openvpn state=directory

   - name: make sure directory for this server exists
     file: path={{ pki_dir }} state=directory

   - name: get server key
     copy: src={{ pki_dir }}/private/server.key dest={{ pki_dir }}/server.key

   - name: get server crt
     copy: src={{ pki_dir }}/issued/server.crt dest={{ pki_dir }}/server.crt

   - name: get ca crt
     copy: src={{ pki_dir }}/ca.crt dest={{ pki_dir }}/ca.crt

   - name: get crl
     copy: src={{ pki_dir }}/crl.pem dest={{ pki_dir }}/crl.pem

   - name: get dh
     copy: src=/opt/openvpn/init_pki/dh.pem dest={{ pki_dir }}/dh.pem

   - name: erase config
     shell: rm -f {{ pki_dir }}/server.conf

   - name: write base config
     shell:
        |
        printf "script-security 3 system
        port {{ port_number }}
        proto {{ protocol }}
        dev tun
        ca {{ pki_dir }}/ca.crt
        cert {{ pki_dir }}/server.crt
        key {{ pki_dir }}/server.key
        dh {{ pki_dir }}/dh.pem
        crl-verify {{ pki_dir }}/crl.pem
        server {{ server_network }} {{ vpn_subnet }}
        ifconfig-pool-persist {{ pki_dir }}/ipp.txt
        comp-lzo
        status {{ pki_dir }}/openvpn-status.log
        verb 3
        " > {{ pki_dir }}/server.conf

   - name: write persistent config
     shell:
       |
       printf "keepalive 10 60
       persist-tun
       persist-key
       " >> {{ pki_dir }}/server.conf
     when: {{ is_persistent }}

   - name: write client-to-client config
     shell: printf "client-to-client\n" >> {{ pki_dir }}/server.conf
     when: {{ clients_can_see_each_other }}

   - name: start openvpn
     shell: openvpn --writepid {{ pki_dir }}/pid {{ pki_dir }}/server.conf &
	---
	- hosts: {{ instance_name }}
	gather_facts: False
	connection: ssh
	user: ubuntu
	sudo: yes
	vars:
	server_network: {{ server_network }}
	is_persistent: {{ is_persistent }}
	vpn_subnet: {{ vpn_subnet }}
	clients_can_see_each_other: {{ clients_can_see_each_other }}
	port_number: {{ port_number }}
	protocol: {{ protocol }}
	pki_dir: {{ pki_dir }}

	tasks:
	- name: install openvpn
	apt: name=openvpn state=present update_cache=yes

	- name: stop openvpn
	shell: kill -9 $(cat {{ pki_dir }}/pid) \|\| true

	- name: make sure /opt/openvpn exists
	file: path=/opt/openvpn state=directory

	- name: make sure directory for this server exists
	file: path={{ pki_dir }} state=directory

	- name: get server key
	copy: src={{ pki_dir }}/private/server.key dest={{ pki_dir }}/server.key

	- name: get server crt
	copy: src={{ pki_dir }}/issued/server.crt dest={{ pki_dir }}/server.crt

	- name: get ca crt
	copy: src={{ pki_dir }}/ca.crt dest={{ pki_dir }}/ca.crt

	- name: get crl
	copy: src={{ pki_dir }}/crl.pem dest={{ pki_dir }}/crl.pem

	- name: get dh
	copy: src=/opt/openvpn/init_pki/dh.pem dest={{ pki_dir }}/dh.pem

	- name: erase config
	shell: rm -f {{ pki_dir }}/server.conf

	- name: write base config
	shell:
	\|
	printf "script-security 3 system
	port {{ port_number }}
	proto {{ protocol }}
	dev tun
	ca {{ pki_dir }}/ca.crt
	cert {{ pki_dir }}/server.crt
	key {{ pki_dir }}/server.key
	dh {{ pki_dir }}/dh.pem
	crl-verify {{ pki_dir }}/crl.pem
	server {{ server_network }} {{ vpn_subnet }}
	ifconfig-pool-persist {{ pki_dir }}/ipp.txt
	comp-lzo
	status {{ pki_dir }}/openvpn-status.log
	verb 3
	" > {{ pki_dir }}/server.conf

	- name: write persistent config
	shell:
	\|
	printf "keepalive 10 60
	persist-tun
	persist-key
	" >> {{ pki_dir }}/server.conf
	when: {{ is_persistent }}

	- name: write client-to-client config
	shell: printf "client-to-client\n" >> {{ pki_dir }}/server.conf
	when: {{ clients_can_see_each_other }}

	- name: start openvpn
	shell: openvpn --writepid {{ pki_dir }}/pid {{ pki_dir }}/server.conf &