From b41a8d58cdfb142d022097bb5cb9ec8e806eafb2 Mon Sep 17 00:00:00 2001 From: Jack Ivanov Date: Sun, 18 Sep 2016 13:14:32 +0300 Subject: [PATCH] extend README to use roles --- README.md | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 83 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7896c9a..2292452 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,86 @@ Ansible scripts are organized into roles. The roles used by Algo are described i * SHell or BASH * libselinux-python (for RedHat based distros) +### Roles and Tags +**Cloud roles:** +- role: cloud-digitalocean, tags: digitalocean +- role: cloud-ec2, tags: ec2 +- role: cloud-gce, tags: gce + +**Server roles:** +- role: vpn, tags: vpn +- role: dns_adblocking, tags: dns, adblock +- role: proxy, tags: proxy, adblock +- role: logging, tags: logging +- role: security, tags: security +- role: ssh_tunneling, tags: ssh_tunneling + +### Cloud Providers + +**digitalocean** +*Requirement variables:* +- do_access_token +- do_ssh_name +- do_server_name +- do_region + +*Possible regions:* +- ams2 +- ams3 +- fra1 +- lon1 +- nyc1 +- nyc2 +- nyc3 +- sfo1 +- sfo2 +- sgp1 +- tor1 +- blr1 + +**gce** +*Requirement variables:* +- credentials_file +- server_name +- ssh_public_key +- zone + +*Possible zones:* +- us-central1-a +- us-central1-b +- us-central1-c +- us-central1-f +- us-east1-b +- us-east1-c +- us-east1-d +- europe-west1-b +- europe-west1-c +- europe-west1-d +- asia-east1-a +- asia-east1-b +- asia-east1-c + +**ec2** +*Requirement variables:* +- aws_access_key +- aws_secret_key +- aws_server_name +- ssh_public_key +- region + +*Possible regions:* +- us-east-1 +- us-west-1 +- us-west-2 +- ap-south-1 +- ap-northeast-2 +- ap-southeast-1 +- ap-southeast-2 +- ap-northeast-1 +- eu-central-1 +- eu-west-1 +- sa-east-1 + ### Cloud Deployment To install the dependencies on OS X or Linux: @@ -84,10 +164,11 @@ sudo pip install -r requirements.txt Open the file `config.cfg` in your favorite text editor. Specify the users you wish to create in the `users` list. -Start the deploy and follow the instructions: +Start the deploy with extra variables and tags that you need. +Example for DigitalOcean: ``` -./algo +ansible-playbook deploy.yml -t digitalocean,vpn -e 'do_access_token=secret_token do_ssh_name=my_ssh_key do_server_name=algo.local do_region=ams2' ``` When the process is done, you can find `.mobileconfig` files and certificates in the `configs` directory. Send the `.mobileconfig` profile to users with Apple devices. Note that profile installation is supported over AirDrop. Do not send the mobileconfig file over plaintext (e.g., e-mail) since it contains the keys to access the VPN. For those using other clients, like Windows or Android, securely send them the X.509 certificates for the server and their user.