Google cloud, Roles, Azure base

README.md

@@ -30,6 +30,10 @@ Algo (short for "Al Gore", the **V**ice **P**resident of **N**etworks everywhere
 * python >= 2.6
 * [dopy=0.3.5](https://github.com/Wiredcraft/dopy)
 * [boto](https://github.com/boto/boto)
+* [azure >= 0.7.1](https://github.com/Azure/azure-sdk-for-python)
+* [apache-libcloud](https://github.com/apache/libcloud)
+* [libcloud](https://curl.haxx.se/docs/caextract.html) (for Mac OS)
+* [six](https://github.com/JioCloud/python-six) 
 * SHell or BASH
 * libselinux-python (for RedHat based distros)
 

algo

@@ -5,17 +5,19 @@ algo_provisioning () {
   What provider would you like to use?
     1. DigitalOcean
     2. Amazon EC2
-    3. Local installation (non-cloud or a server already deployed)
+    3. Google-cloud
+    0. Local installation (non-cloud or a server already deployed)
 
-  Enter the number of your desired provider  
-  : "
+Enter the number of your desired provider  
+: "
 
   read N
 
   case "$N" in
     1) CLOUD="digitalocean"  ;;
     2) CLOUD="ec2" ;;
-    3) CLOUD="non-cloud" ;;
+    3) CLOUD="google_cloud" ;;    
+    0) CLOUD="non-cloud" ;;
     *) exit 1 ;;
   esac  
 

azure.yml

@@ -0,0 +1,99 @@
+- name: Configure the server and install required software
+  hosts: localhost
+  gather_facts: false
+
+  vars:
+    regions:
+      "1":  "East US"
+      "2":  "West US"
+      "3":  "South Central US"
+      "4":  "North Europe"
+      "5":  "East Asia"
+      "6":  "Japan East"
+      "7":  "West Europe"
+      "8":  "Southeast Asia"
+      "9":  "Japan West"
+      "10": "North Central US"
+      "11": "Central US"
+      "12": "Brazil South"
+      "13": "East US 2"
+      "14": "Australia Southeast"
+      "15": "Australia East"
+
+  #vars_prompt:
+  #- name: "azure_subscription_id"
+    #prompt: "Enter your subscription ID (https://blogs.msdn.microsoft.com/mschray/2015/05/13/getting-your-azure-guid-subscription-id/):\n"
+    #private: yes
+
+  #- name: "management_cert_path"
+    #prompt: "Enter the local path to your management cert [ex: ~/.ssh/id_rsa.pub] (https://azure.microsoft.com/en-us/documentation/articles/azure-api-management-certs/):\n"
+    #private: no
+    
+  #- name: "ssh_public_key"
+    #prompt: "Enter the local path to your SSH public key [ex: ~/.ssh/id_rsa.pub] :\n"
+    #private: no      
+
+  #- name: "region"
+    #prompt: >
+      #What region should the server be located in?
+        #1.  East US
+        #2.  West US
+        #3.  South Central US
+        #4.  North Europe
+        #5.  East Asia
+        #6.  Japan East
+        #7.  West Europe
+        #8.  Southeast Asia
+        #9.  Japan West
+        #10. North Central US
+        #11. Central US
+        #12. Brazil South
+        #13. East US 2
+        #14. Australia Southeast
+        #15. Australia East
+      #Enter the number of your desired region:
+    #default: "7"
+    #private: no
+    
+  #- name: "azure_server_name"
+    #prompt: "Name the vpn server:\n"
+    #default: "algo.local"
+    #private: no
+    
+  #- name: "dns_enabled"
+    #prompt: "Do you want to use a local DNS resolver to block ads while surfing? (Y or N):\n"
+    #default: "Y"
+    #private: no
+    
+  #- name: "auditd_enabled"
+    #prompt: "Do you want to use auditd ? (Y or N):\n"
+    #default: "Y"
+    #private: no    
+    
+  roles:
+    - azure
+
+- name: Post-provisioning tasks
+  hosts: vpn-host
+  gather_facts: false
+  become: true
+  vars_files:
+    - config.cfg
+    
+  pre_tasks:
+    - name: Install prerequisites
+      raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
+    - name: Configure defaults
+      raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1    
+
+  roles:
+    - common
+    - security
+    - features
+    - vpn
+    - { role: logging, when: auditd_enabled is defined and auditd_enabled == 'Y' }     
+     
+    
+
+
+

config.cfg

@@ -30,6 +30,3 @@ users:
 # auditd options
 # email for auditd actions:
 auditd_action_mail_acct: email@example.com
-
-
-

digitalocean.yml

@@ -94,7 +94,7 @@
       register: droplet_info
 
     - name: IPv6 configured
-      template: src=20-ipv6.cfg.j2 dest=/etc/network/interfaces.d/20-ipv6.cfg owner=root group=root mode=0644
+      template: src=roles/digitalocean/templates/20-ipv6.cfg.j2 dest=/etc/network/interfaces.d/20-ipv6.cfg owner=root group=root mode=0644
       with_items: "{{ droplet_info.json.droplet.networks.v6 }}"
       notify:
         - reload eth0  

google_cloud.yml

@@ -0,0 +1,91 @@
+- name: Configure the server and install required software
+  hosts: localhost
+  gather_facts: false
+
+  vars:
+    zones:
+      "1": "us-central1-a"
+      "2": "us-central1-b"
+      "3": "us-central1-c"
+      "4": "us-central1-f"
+      "5": "us-east1-b"
+      "6": "us-east1-c"
+      "7": "us-east1-d"
+      "8": "europe-west1-b"
+      "9": "europe-west1-c"
+      "10": "europe-west1-d"
+      "11": "asia-east1-a"
+      "12": "asia-east1-b"
+      "13": "asia-east1-c"
+
+  vars_prompt:
+  - name: "credentials_file"
+    prompt: "Enter the local path to your credentials JSON file [ex: ~/gogle_cloud.json] (https://support.google.com/cloud/answer/6158849?hl=en&ref_topic=6262490#serviceaccounts):\n"
+    private: no
+    
+  - name: "ssh_public_key"
+    prompt: "Enter the local path to your SSH public key [ex: ~/.ssh/id_rsa.pub] :\n"
+    private: no      
+
+  - name: "zone"
+    prompt: >
+      What zone should the server be located in?
+        1. Central US       (Iowa A)
+        2. Central US       (Iowa B)
+        3. Central US       (Iowa C)
+        4. Central US       (Iowa F)
+        5. Eastern US       (South Carolina B)
+        6. Eastern US       (South Carolina C)
+        7. Eastern US       (South Carolina D)
+        8. Western Europe   (Belgium B)
+        9. Western Europe   (Belgium C)
+        10. Western Europe  (Belgium D)
+        11. East Asia       (Taiwan A)
+        12. East Asia       (Taiwan B)
+        13. East Asia       (Taiwan C)
+      Please choose the number of your zone. Press enter for default (#8) zone.
+    default: "8"
+    private: no
+    
+  - name: "server_name"
+    prompt: "Name the vpn server:\n"
+    default: "algo"
+    private: no
+    
+  - name: "dns_enabled"
+    prompt: "Do you want to use a local DNS resolver to block ads while surfing? (Y or N):\n"
+    default: "Y"
+    private: no
+    
+  - name: "auditd_enabled"
+    prompt: "Do you want to use auditd ? (Y or N):\n"
+    default: "Y"
+    private: no
+    
+  roles:
+    - google_cloud
+
+- name: Post-provisioning tasks
+  hosts: vpn-host
+  gather_facts: false
+  become: true
+  vars_files:
+    - config.cfg
+    
+  pre_tasks:
+    - name: Install prerequisites
+      raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
+    - name: Configure defaults
+      raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1    
+
+  roles:
+    - common
+    - security
+    - features
+    - vpn
+    - { role: logging, when: auditd_enabled is defined and auditd_enabled == 'Y' }     
+     
+    
+
+
+

roles/azure/tasks/main.yml

@@ -0,0 +1 @@
+

roles/features/tasks/main.yml

@@ -93,7 +93,7 @@
   - restart dnsmasq
   
 - name: Adblock script created
-  copy: src=templates/adblock.sh dest=/opt/adblock.sh owner=root group=root mode=755
+  template: src=adblock.sh dest=/opt/adblock.sh owner=root group=root mode=755
   when: dns_enabled is defined and dns_enabled == "Y"
   
 - name: Adblock script added to cron

roles/google_cloud/tasks/main.yml

@@ -0,0 +1,43 @@
+- set_fact:
+    credentials_file_lookup: "{{ lookup('file', '{{ credentials_file }}') }}"
+    ssh_public_key_lookup: "{{ lookup('file', '{{ ssh_public_key }}') }}"
+
+- name: "Creating a droplet..."
+  gce:
+    instance_names: "{{ server_name }}"
+    zone: "{{ zones[zone] }}"
+    machine_type: n1-standard-1
+    image: ubuntu-1604
+    service_account_email: "{{ credentials_file_lookup.client_email  }}"
+    credentials_file: "{{ credentials_file  }}"
+    project_id: "{{ credentials_file_lookup.project_id  }}"
+    metadata: '{"sshKeys":"root:{{ ssh_public_key_lookup }}"}'
+  register: google_vm
+  
+- name: Add the droplet to an inventory group
+  add_host:
+    name: "{{ google_vm.instance_data[0].public_ip}}"
+    groups: vpn-host
+    ansible_ssh_user: ubuntu
+    ansible_python_interpreter: "/usr/bin/python2.7"
+    dns_enabled: "{{ dns_enabled }}"
+    auditd_enabled: " {{ auditd_enabled }}"
+    
+- name: Firewall configured
+  local_action:
+    module: gce_net
+    name: "{{ google_vm.instance_data[0].network }}"
+    fwname: "algo-ikev2"
+    allowed: "udp:500,4500;tcp:22"
+    state: "present"
+    src_range: 0.0.0.0/0
+    service_account_email: "{{ credentials_file_lookup.client_email  }}"
+    credentials_file: "{{ credentials_file  }}"
+    project_id: "{{ credentials_file_lookup.project_id  }}"
+
+- name: Wait for SSH to become available
+  local_action: "wait_for port=22 host={{ google_vm.instance_data[0].public_ip }} timeout=320"
+  
+  
+   
+

users.yml

@@ -82,7 +82,7 @@
     register:  PayloadContentCA
    
   - name: Build the mobileconfigs
-    template: src=mobileconfig.j2 dest=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item.0 }}.mobileconfig mode=0600
+    template: src=roles/vpn/templates/mobileconfig.j2 dest=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item.0 }}.mobileconfig mode=0600
     with_together:
       - "{{ users }}"
       - "{{ PayloadContent.results }}"