become, undefined provider, readme, ansible_ssh

README.md

@@ -26,7 +26,8 @@ Algo (short for "Al Gore", the **V**ice **P**resident of **N**etworks everywhere
 
 * ansible >= 2.2.0
 * python >= 2.6
-* [dopy](https://github.com/Wiredcraft/dopy)
+* libselinux-python (For RedHat base distros)
+* [dopy=0.3.5](https://github.com/Wiredcraft/dopy)
 
 ## Usage
 

ansible.cfg

@@ -2,3 +2,10 @@
 inventory = inventory
 pipelining = True
 retry_files_enabled = False
+host_key_checking = False
+
+[paramiko_connection]
+record_host_keys = False
+
+[ssh_connection]
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null

common.yml

@@ -9,15 +9,15 @@
     - config.cfg    
   
   pre_tasks:
-    - name: Install prerequisites.
+    - name: Install prerequisites
       raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
-    - name: Configure defaults.
+    - name: Configure defaults
       raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1 
 
   tasks:
-
   - name: Wait for port 22 to become available
     local_action: "wait_for port=22 host={{ inventory_hostname }}"
+    become: false
 
   - name: Gather Facts
     setup:
@@ -42,10 +42,12 @@
   - name: Wait for shutdown
     local_action: wait_for host={{ inventory_hostname }} port=22 state=stopped timeout=120
     when: reboot_required is defined and reboot_required.stdout == 'required'
+    become: false    
 
   - name: Wait until SSH becomes ready...
     local_action: wait_for host={{ inventory_hostname }} port=22 state=started timeout=120
-    when: reboot_required is defined and reboot_required.stdout == 'required'    
+    when: reboot_required is defined and reboot_required.stdout == 'required'
+    become: false    
     
   # SSH fixes
       
@@ -100,19 +102,3 @@
     - name: flush routing cache
       shell: echo 1 > /proc/sys/net/ipv4/route/flush     
 
-- hosts: localhost
-  gather_facts: false
-  vars_files:
-    - config.cfg    
-  
-  tasks:
-  - debug:
-      msg:
-        - "#----------------------------------------------------------------------#"
-        - "#                          Congratulations!                            #"
-        - "#                    Your IPsec server is running.                     #"
-        - "#  Config files and X.509 certificates in the directory: ./configs/    #"
-        - "#          After connect go to https://www.dnsleaktest.com/            #"
-        - "#        and ensure that all your traffic passes through the VPN.      #"
-        - "#----------------------------------------------------------------------#"    
-  

deploy.yml

@@ -1,6 +1,15 @@
 ---
 
+- hosts: localhost
+  gather_facts: false
+  tasks:
+  - fail:
+      msg:
+        - 'You need to define `provider` variable. Read README.md for more details'
+    when: provider is not defined            
+
 - include: "{{ provider }}.yml"
+  when: provider is defined 
 - include: common.yml
 - include: security.yml
 - include: features.yml

digiocean.yml

@@ -78,10 +78,10 @@
     add_host:
       name: "{{ do.droplet.ip_address }}"
       groups: vpn-host
-      remote_user: root
+      ansible_ssh_user: root
       ansible_python_interpreter: "/usr/bin/python2.7"
 
   - name: Wait for SSH to become available
-    wait_for: host={{ do.droplet.ip_address }} port=22 delay=60 timeout=320 state=started
+    local_action: "wait_for port=22 host={{ do.droplet.ip_address }} timeout=320"
 
 

inventory_users

@@ -1 +1,2 @@
 [user-management]
+37.139.11.102

vpn.yml

@@ -35,14 +35,14 @@
   - name: Setup the ipsec.conf file from our template
     template: src=ipsec.conf.j2 dest=/etc/ipsec.conf owner=root group=root mode=644
     notify:
-    - restart strongswan    
+    - restart strongswan  
 
   - name: Setup the ipsec.secrets file
     template: src=ipsec.secrets.j2 dest=/etc/ipsec.secrets owner=root group=root mode=600
     notify:
     - restart strongswan    
     
-  - name: Fetch easy-rsa-ipsec repo
+  - name: Fetch easy-rsa-ipsec from git
     git: repo=git://github.com/ValdikSS/easy-rsa-ipsec.git dest="{{ easyrsa_dir }}"
 
   - name: Setup the vars file from our template
@@ -144,6 +144,9 @@
     
   - name: Add server to the inventory file
     local_action: lineinfile dest=inventory_users line="{{ inventory_hostname }}" insertafter='\[user-management\]\n' state=present
+    become: false    
+    notify:
+      - congrats
     
   handlers:
     - name: restart strongswan
@@ -153,4 +156,15 @@
       service: name=apparmor state=restarted
       
     - name: save iptables
-      command: service netfilter-persistent save
+      command: service netfilter-persistent save      
+      
+    - name: congrats
+      debug:
+        msg:
+          - "#----------------------------------------------------------------------#"
+          - "#                          Congratulations!                            #"
+          - "#                    Your IPsec server is running.                     #"
+          - "#  Config files and X.509 certificates in the directory: ./configs/    #"
+          - "#          After connect go to https://www.dnsleaktest.com/            #"
+          - "#        and ensure that all your traffic passes through the VPN.      #"
+          - "#----------------------------------------------------------------------#"