From 37f343c7ca7ec7a851ef70812e26c8e50de9cc26 Mon Sep 17 00:00:00 2001 From: jack Date: Mon, 1 Aug 2016 20:03:24 +0300 Subject: [PATCH] become, undefined provider, readme, ansible_ssh --- README.md | 3 ++- ansible.cfg | 7 +++++++ common.yml | 26 ++++++-------------------- deploy.yml | 9 +++++++++ digiocean.yml | 4 ++-- inventory_users | 1 + vpn.yml | 20 +++++++++++++++++--- 7 files changed, 44 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 21da21a..bfa298a 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,8 @@ Algo (short for "Al Gore", the **V**ice **P**resident of **N**etworks everywhere * ansible >= 2.2.0 * python >= 2.6 -* [dopy](https://github.com/Wiredcraft/dopy) +* libselinux-python (For RedHat base distros) +* [dopy=0.3.5](https://github.com/Wiredcraft/dopy) ## Usage diff --git a/ansible.cfg b/ansible.cfg index 4d407ab..4abecdf 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,3 +2,10 @@ inventory = inventory pipelining = True retry_files_enabled = False +host_key_checking = False + +[paramiko_connection] +record_host_keys = False + +[ssh_connection] +ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null diff --git a/common.yml b/common.yml index 13b5773..d3135ce 100644 --- a/common.yml +++ b/common.yml @@ -9,15 +9,15 @@ - config.cfg pre_tasks: - - name: Install prerequisites. + - name: Install prerequisites raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7 - - name: Configure defaults. + - name: Configure defaults raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1 tasks: - - name: Wait for port 22 to become available local_action: "wait_for port=22 host={{ inventory_hostname }}" + become: false - name: Gather Facts setup: @@ -42,10 +42,12 @@ - name: Wait for shutdown local_action: wait_for host={{ inventory_hostname }} port=22 state=stopped timeout=120 when: reboot_required is defined and reboot_required.stdout == 'required' + become: false - name: Wait until SSH becomes ready... local_action: wait_for host={{ inventory_hostname }} port=22 state=started timeout=120 - when: reboot_required is defined and reboot_required.stdout == 'required' + when: reboot_required is defined and reboot_required.stdout == 'required' + become: false # SSH fixes @@ -100,19 +102,3 @@ - name: flush routing cache shell: echo 1 > /proc/sys/net/ipv4/route/flush -- hosts: localhost - gather_facts: false - vars_files: - - config.cfg - - tasks: - - debug: - msg: - - "#----------------------------------------------------------------------#" - - "# Congratulations! #" - - "# Your IPsec server is running. #" - - "# Config files and X.509 certificates in the directory: ./configs/ #" - - "# After connect go to https://www.dnsleaktest.com/ #" - - "# and ensure that all your traffic passes through the VPN. #" - - "#----------------------------------------------------------------------#" - diff --git a/deploy.yml b/deploy.yml index 9e06c58..f1ca5c4 100644 --- a/deploy.yml +++ b/deploy.yml @@ -1,6 +1,15 @@ --- +- hosts: localhost + gather_facts: false + tasks: + - fail: + msg: + - 'You need to define `provider` variable. Read README.md for more details' + when: provider is not defined + - include: "{{ provider }}.yml" + when: provider is defined - include: common.yml - include: security.yml - include: features.yml diff --git a/digiocean.yml b/digiocean.yml index fe54f45..a100dd0 100644 --- a/digiocean.yml +++ b/digiocean.yml @@ -78,10 +78,10 @@ add_host: name: "{{ do.droplet.ip_address }}" groups: vpn-host - remote_user: root + ansible_ssh_user: root ansible_python_interpreter: "/usr/bin/python2.7" - name: Wait for SSH to become available - wait_for: host={{ do.droplet.ip_address }} port=22 delay=60 timeout=320 state=started + local_action: "wait_for port=22 host={{ do.droplet.ip_address }} timeout=320" diff --git a/inventory_users b/inventory_users index cafed48..9d134a5 100644 --- a/inventory_users +++ b/inventory_users @@ -1 +1,2 @@ [user-management] +37.139.11.102 diff --git a/vpn.yml b/vpn.yml index 5a27ef3..13e68f4 100644 --- a/vpn.yml +++ b/vpn.yml @@ -35,14 +35,14 @@ - name: Setup the ipsec.conf file from our template template: src=ipsec.conf.j2 dest=/etc/ipsec.conf owner=root group=root mode=644 notify: - - restart strongswan + - restart strongswan - name: Setup the ipsec.secrets file template: src=ipsec.secrets.j2 dest=/etc/ipsec.secrets owner=root group=root mode=600 notify: - restart strongswan - - name: Fetch easy-rsa-ipsec repo + - name: Fetch easy-rsa-ipsec from git git: repo=git://github.com/ValdikSS/easy-rsa-ipsec.git dest="{{ easyrsa_dir }}" - name: Setup the vars file from our template @@ -144,6 +144,9 @@ - name: Add server to the inventory file local_action: lineinfile dest=inventory_users line="{{ inventory_hostname }}" insertafter='\[user-management\]\n' state=present + become: false + notify: + - congrats handlers: - name: restart strongswan @@ -153,4 +156,15 @@ service: name=apparmor state=restarted - name: save iptables - command: service netfilter-persistent save + command: service netfilter-persistent save + + - name: congrats + debug: + msg: + - "#----------------------------------------------------------------------#" + - "# Congratulations! #" + - "# Your IPsec server is running. #" + - "# Config files and X.509 certificates in the directory: ./configs/ #" + - "# After connect go to https://www.dnsleaktest.com/ #" + - "# and ensure that all your traffic passes through the VPN. #" + - "#----------------------------------------------------------------------#"