diff --git a/config.cfg b/config.cfg index 18cb4e4..4277fe8 100644 --- a/config.cfg +++ b/config.cfg @@ -18,9 +18,6 @@ pki_in_tmpfs: true # If True re-init all existing certificates. Boolean keys_clean_all: False -# Clean up cloud python environments -clean_environment: false - # Deploy StrongSwan to enable IPsec support ipsec_enabled: true diff --git a/roles/cloud-azure/defaults/main.yml b/roles/cloud-azure/defaults/main.yml index baccc8b..ff3fa00 100644 --- a/roles/cloud-azure/defaults/main.yml +++ b/roles/cloud-azure/defaults/main.yml @@ -1,5 +1,4 @@ --- -azure_venv: "{{ playbook_dir }}/configs/.venvs/azure" _azure_regions: > [ { diff --git a/roles/cloud-azure/tasks/main.yml b/roles/cloud-azure/tasks/main.yml index 7068228..9ff0925 100644 --- a/roles/cloud-azure/tasks/main.yml +++ b/roles/cloud-azure/tasks/main.yml @@ -2,40 +2,37 @@ - name: Build python virtual environment import_tasks: venv.yml -- block: - - name: Include prompts - import_tasks: prompts.yml +- name: Include prompts + import_tasks: prompts.yml - - set_fact: - algo_region: >- - {% if region is defined %}{{ region }} - {%- elif _algo_region.user_input %}{{ azure_regions[_algo_region.user_input | int -1 ]['name'] }} - {%- else %}{{ azure_regions[default_region | int - 1]['name'] }}{% endif %} +- set_fact: + algo_region: >- + {% if region is defined %}{{ region }} + {%- elif _algo_region.user_input %}{{ azure_regions[_algo_region.user_input | int -1 ]['name'] }} + {%- else %}{{ azure_regions[default_region | int - 1]['name'] }}{% endif %} - - name: Create AlgoVPN Server - azure_rm_deployment: - state: present - deployment_name: "{{ algo_server_name }}" - template: "{{ lookup('file', role_path + '/files/deployment.json') }}" - secret: "{{ secret }}" - tenant: "{{ tenant }}" - client_id: "{{ client_id }}" - subscription_id: "{{ subscription_id }}" - resource_group_name: "{{ algo_server_name }}" - location: "{{ algo_region }}" - parameters: - sshKeyData: - value: "{{ lookup('file', '{{ SSH_keys.public }}') }}" - WireGuardPort: - value: "{{ wireguard_port }}" - vmSize: - value: "{{ cloud_providers.azure.size }}" - imageReferenceSku: - value: "{{ cloud_providers.azure.image }}" - register: azure_rm_deployment +- name: Create AlgoVPN Server + azure_rm_deployment: + state: present + deployment_name: "{{ algo_server_name }}" + template: "{{ lookup('file', role_path + '/files/deployment.json') }}" + secret: "{{ secret }}" + tenant: "{{ tenant }}" + client_id: "{{ client_id }}" + subscription_id: "{{ subscription_id }}" + resource_group_name: "{{ algo_server_name }}" + location: "{{ algo_region }}" + parameters: + sshKeyData: + value: "{{ lookup('file', '{{ SSH_keys.public }}') }}" + WireGuardPort: + value: "{{ wireguard_port }}" + vmSize: + value: "{{ cloud_providers.azure.size }}" + imageReferenceSku: + value: "{{ cloud_providers.azure.image }}" + register: azure_rm_deployment - - set_fact: - cloud_instance_ip: "{{ azure_rm_deployment.deployment.outputs.publicIPAddresses.value }}" - ansible_ssh_user: ubuntu - environment: - PYTHONPATH: "{{ azure_venv }}/lib/python2.7/site-packages/" +- set_fact: + cloud_instance_ip: "{{ azure_rm_deployment.deployment.outputs.publicIPAddresses.value }}" + ansible_ssh_user: ubuntu diff --git a/roles/cloud-azure/tasks/venv.yml b/roles/cloud-azure/tasks/venv.yml index fe3373a..4d32678 100644 --- a/roles/cloud-azure/tasks/venv.yml +++ b/roles/cloud-azure/tasks/venv.yml @@ -1,10 +1,4 @@ --- -- name: Clean up the environment - file: - dest: "{{ azure_venv }}" - state: absent - when: clean_environment - - name: Install requirements pip: name: @@ -45,5 +39,4 @@ - azure-mgmt-devtestlabs==3.0.0 - azure-mgmt-loganalytics==0.2.0 state: latest - virtualenv: "{{ azure_venv }}" - virtualenv_python: python2.7 + virtualenv_python: python3 diff --git a/roles/cloud-cloudstack/defaults/main.yml b/roles/cloud-cloudstack/defaults/main.yml deleted file mode 100644 index b3f545d..0000000 --- a/roles/cloud-cloudstack/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -cloudstack_venv: "{{ playbook_dir }}/configs/.venvs/cloudstack" diff --git a/roles/cloud-cloudstack/tasks/main.yml b/roles/cloud-cloudstack/tasks/main.yml index e370e02..e65ad42 100644 --- a/roles/cloud-cloudstack/tasks/main.yml +++ b/roles/cloud-cloudstack/tasks/main.yml @@ -60,7 +60,6 @@ cloud_instance_ip: "{{ cs_server.default_ip }}" ansible_ssh_user: ubuntu environment: - PYTHONPATH: "{{ cloudstack_venv }}/lib/python2.7/site-packages/" CLOUDSTACK_CONFIG: "{{ algo_cs_config }}" CLOUDSTACK_REGION: "{{ algo_cs_region }}" diff --git a/roles/cloud-cloudstack/tasks/venv.yml b/roles/cloud-cloudstack/tasks/venv.yml index cffda77..2883342 100644 --- a/roles/cloud-cloudstack/tasks/venv.yml +++ b/roles/cloud-cloudstack/tasks/venv.yml @@ -1,15 +1,8 @@ --- -- name: Clean up the environment - file: - dest: "{{ cloudstack_venv }}" - state: absent - when: clean_environment - - name: Install requirements pip: name: - cs - sshpubkeys state: latest - virtualenv: "{{ cloudstack_venv }}" - virtualenv_python: python2.7 + virtualenv_python: python3 diff --git a/roles/cloud-ec2/defaults/main.yml b/roles/cloud-ec2/defaults/main.yml index 86ae995..6204430 100644 --- a/roles/cloud-ec2/defaults/main.yml +++ b/roles/cloud-ec2/defaults/main.yml @@ -4,5 +4,4 @@ encrypted: "{{ cloud_providers.ec2.encrypted }}" ec2_vpc_nets: cidr_block: 172.16.0.0/16 subnet_cidr: 172.16.254.0/23 -ec2_venv: "{{ playbook_dir }}/configs/.venvs/aws" existing_eip: "" diff --git a/roles/cloud-ec2/tasks/main.yml b/roles/cloud-ec2/tasks/main.yml index 7d63217..9acb102 100644 --- a/roles/cloud-ec2/tasks/main.yml +++ b/roles/cloud-ec2/tasks/main.yml @@ -2,35 +2,32 @@ - name: Build python virtual environment import_tasks: venv.yml -- block: - - name: Include prompts - import_tasks: prompts.yml +- name: Include prompts + import_tasks: prompts.yml - - name: Locate official AMI for region - ec2_ami_facts: - aws_access_key: "{{ access_key }}" - aws_secret_key: "{{ secret_key }}" - owners: "{{ cloud_providers.ec2.image.owner }}" - region: "{{ algo_region }}" - filters: - name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*" - register: ami_search +- name: Locate official AMI for region + ec2_ami_facts: + aws_access_key: "{{ access_key }}" + aws_secret_key: "{{ secret_key }}" + owners: "{{ cloud_providers.ec2.image.owner }}" + region: "{{ algo_region }}" + filters: + name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*" + register: ami_search - - import_tasks: encrypt_image.yml - when: encrypted +- import_tasks: encrypt_image.yml + when: encrypted - - name: Set the ami id as a fact - set_fact: - ami_image: >- - {% if ami_search_encrypted.image_id is defined %}{{ ami_search_encrypted.image_id }} - {%- elif search_crypt.images is defined and search_crypt.images|length >= 1 %}{{ (search_crypt.images | sort(attribute='creation_date') | last)['image_id'] }} - {%- else %}{{ (ami_search.images | sort(attribute='creation_date') | last)['image_id'] }}{% endif %} +- name: Set the ami id as a fact + set_fact: + ami_image: >- + {% if ami_search_encrypted.image_id is defined %}{{ ami_search_encrypted.image_id }} + {%- elif search_crypt.images is defined and search_crypt.images|length >= 1 %}{{ (search_crypt.images | sort(attribute='creation_date') | last)['image_id'] }} + {%- else %}{{ (ami_search.images | sort(attribute='creation_date') | last)['image_id'] }}{% endif %} - - name: Deploy the stack - import_tasks: cloudformation.yml +- name: Deploy the stack + import_tasks: cloudformation.yml - - set_fact: - cloud_instance_ip: "{{ stack.stack_outputs.ElasticIP }}" - ansible_ssh_user: ubuntu - environment: - PYTHONPATH: "{{ ec2_venv }}/lib/python2.7/site-packages/" +- set_fact: + cloud_instance_ip: "{{ stack.stack_outputs.ElasticIP }}" + ansible_ssh_user: ubuntu diff --git a/roles/cloud-ec2/tasks/venv.yml b/roles/cloud-ec2/tasks/venv.yml index be2eece..1ab85bd 100644 --- a/roles/cloud-ec2/tasks/venv.yml +++ b/roles/cloud-ec2/tasks/venv.yml @@ -1,15 +1,8 @@ --- -- name: Clean up the environment - file: - dest: "{{ ec2_venv }}" - state: absent - when: clean_environment - - name: Install requirements pip: name: - boto>=2.5 - boto3 state: latest - virtualenv: "{{ ec2_venv }}" - virtualenv_python: python2.7 + virtualenv_python: python3 diff --git a/roles/cloud-gce/defaults/main.yml b/roles/cloud-gce/defaults/main.yml deleted file mode 100644 index d771cc8..0000000 --- a/roles/cloud-gce/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -gce_venv: "{{ playbook_dir }}/configs/.venvs/gce" diff --git a/roles/cloud-gce/tasks/venv.yml b/roles/cloud-gce/tasks/venv.yml index 71be67a..e200624 100644 --- a/roles/cloud-gce/tasks/venv.yml +++ b/roles/cloud-gce/tasks/venv.yml @@ -5,3 +5,4 @@ - requests>=2.18.4 - google-auth>=1.3.0 state: latest + virtualenv_python: python3 diff --git a/roles/cloud-hetzner/defaults/main.yml b/roles/cloud-hetzner/defaults/main.yml deleted file mode 100644 index 12ad96d..0000000 --- a/roles/cloud-hetzner/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -hetzner_venv: "{{ playbook_dir }}/configs/.venvs/hetzner" diff --git a/roles/cloud-hetzner/tasks/main.yml b/roles/cloud-hetzner/tasks/main.yml index 0c78b21..629e721 100644 --- a/roles/cloud-hetzner/tasks/main.yml +++ b/roles/cloud-hetzner/tasks/main.yml @@ -2,33 +2,30 @@ - name: Build python virtual environment import_tasks: venv.yml -- block: - - name: Include prompts - import_tasks: prompts.yml +- name: Include prompts + import_tasks: prompts.yml - - name: Create an ssh key - hcloud_ssh_key: - name: "algo-{{ 999999 | random(seed=lookup('file', SSH_keys.public)) }}" - public_key: "{{ lookup('file', SSH_keys.public) }}" - state: present - api_token: "{{ algo_hcloud_token }}" - register: hcloud_ssh_key +- name: Create an ssh key + hcloud_ssh_key: + name: "algo-{{ 999999 | random(seed=lookup('file', SSH_keys.public)) }}" + public_key: "{{ lookup('file', SSH_keys.public) }}" + state: present + api_token: "{{ algo_hcloud_token }}" + register: hcloud_ssh_key - - name: Create a server... - hcloud_server: - name: "{{ algo_server_name }}" - location: "{{ algo_hcloud_region }}" - server_type: "{{ cloud_providers.hetzner.server_type }}" - image: "{{ cloud_providers.hetzner.image }}" - state: present - api_token: "{{ algo_hcloud_token }}" - ssh_keys: "{{ hcloud_ssh_key.hcloud_ssh_key.name }}" - labels: - Environment: algo - register: hcloud_server +- name: Create a server... + hcloud_server: + name: "{{ algo_server_name }}" + location: "{{ algo_hcloud_region }}" + server_type: "{{ cloud_providers.hetzner.server_type }}" + image: "{{ cloud_providers.hetzner.image }}" + state: present + api_token: "{{ algo_hcloud_token }}" + ssh_keys: "{{ hcloud_ssh_key.hcloud_ssh_key.name }}" + labels: + Environment: algo + register: hcloud_server - - set_fact: - cloud_instance_ip: "{{ hcloud_server.hcloud_server.ipv4_address }}" - ansible_ssh_user: root - environment: - PYTHONPATH: "{{ hetzner_venv }}/lib/python2.7/site-packages/" +- set_fact: + cloud_instance_ip: "{{ hcloud_server.hcloud_server.ipv4_address }}" + ansible_ssh_user: root diff --git a/roles/cloud-hetzner/tasks/venv.yml b/roles/cloud-hetzner/tasks/venv.yml index 80bb69b..52f588a 100644 --- a/roles/cloud-hetzner/tasks/venv.yml +++ b/roles/cloud-hetzner/tasks/venv.yml @@ -1,14 +1,7 @@ --- -- name: Clean up the environment - file: - dest: "{{ hetzner_venv }}" - state: absent - when: clean_environment - - name: Install requirements pip: name: - hcloud state: latest - virtualenv: "{{ hetzner_venv }}" - virtualenv_python: python2.7 + virtualenv_python: python3 diff --git a/roles/cloud-lightsail/defaults/main.yml b/roles/cloud-lightsail/defaults/main.yml deleted file mode 100644 index 06ae0ee..0000000 --- a/roles/cloud-lightsail/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -lightsail_venv: "{{ playbook_dir }}/configs/.venvs/aws" diff --git a/roles/cloud-lightsail/tasks/main.yml b/roles/cloud-lightsail/tasks/main.yml index 122745d..b41feb4 100644 --- a/roles/cloud-lightsail/tasks/main.yml +++ b/roles/cloud-lightsail/tasks/main.yml @@ -2,43 +2,40 @@ - name: Build python virtual environment import_tasks: venv.yml -- block: - - name: Include prompts - import_tasks: prompts.yml +- name: Include prompts + import_tasks: prompts.yml - - name: Create an instance - lightsail: - aws_access_key: "{{ access_key }}" - aws_secret_key: "{{ secret_key }}" - name: "{{ algo_server_name }}" - state: present - region: "{{ algo_region }}" - zone: "{{ algo_region }}a" - blueprint_id: "{{ cloud_providers.lightsail.image }}" - bundle_id: "{{ cloud_providers.lightsail.size }}" - wait_timeout: "300" - open_ports: - - from_port: 4500 - to_port: 4500 - protocol: udp - - from_port: 500 - to_port: 500 - protocol: udp - - from_port: "{{ wireguard_port }}" - to_port: "{{ wireguard_port }}" - protocol: udp - user_data: | - #!/bin/bash - mkdir -p /home/ubuntu/.ssh/ - echo "{{ lookup('file', '{{ SSH_keys.public }}') }}" >> /home/ubuntu/.ssh/authorized_keys - chown -R ubuntu: /home/ubuntu/.ssh/ - chmod 0700 /home/ubuntu/.ssh/ - chmod 0600 /home/ubuntu/.ssh/* - test - register: algo_instance +- name: Create an instance + lightsail: + aws_access_key: "{{ access_key }}" + aws_secret_key: "{{ secret_key }}" + name: "{{ algo_server_name }}" + state: present + region: "{{ algo_region }}" + zone: "{{ algo_region }}a" + blueprint_id: "{{ cloud_providers.lightsail.image }}" + bundle_id: "{{ cloud_providers.lightsail.size }}" + wait_timeout: "300" + open_ports: + - from_port: 4500 + to_port: 4500 + protocol: udp + - from_port: 500 + to_port: 500 + protocol: udp + - from_port: "{{ wireguard_port }}" + to_port: "{{ wireguard_port }}" + protocol: udp + user_data: | + #!/bin/bash + mkdir -p /home/ubuntu/.ssh/ + echo "{{ lookup('file', '{{ SSH_keys.public }}') }}" >> /home/ubuntu/.ssh/authorized_keys + chown -R ubuntu: /home/ubuntu/.ssh/ + chmod 0700 /home/ubuntu/.ssh/ + chmod 0600 /home/ubuntu/.ssh/* + test + register: algo_instance - - set_fact: - cloud_instance_ip: "{{ algo_instance['instance']['public_ip_address'] }}" - ansible_ssh_user: ubuntu - environment: - PYTHONPATH: "{{ lightsail_venv }}/lib/python2.7/site-packages/" +- set_fact: + cloud_instance_ip: "{{ algo_instance['instance']['public_ip_address'] }}" + ansible_ssh_user: ubuntu diff --git a/roles/cloud-lightsail/tasks/venv.yml b/roles/cloud-lightsail/tasks/venv.yml index 9816fea..1ab85bd 100644 --- a/roles/cloud-lightsail/tasks/venv.yml +++ b/roles/cloud-lightsail/tasks/venv.yml @@ -1,15 +1,8 @@ --- -- name: Clean up the environment - file: - dest: "{{ lightsail_venv }}" - state: absent - when: clean_environment - - name: Install requirements pip: name: - boto>=2.5 - boto3 state: latest - virtualenv: "{{ lightsail_venv }}" - virtualenv_python: python2.7 + virtualenv_python: python3 diff --git a/roles/cloud-openstack/defaults/main.yml b/roles/cloud-openstack/defaults/main.yml deleted file mode 100644 index 3bec06b..0000000 --- a/roles/cloud-openstack/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -openstack_venv: "{{ playbook_dir }}/configs/.venvs/openstack" diff --git a/roles/cloud-openstack/tasks/main.yml b/roles/cloud-openstack/tasks/main.yml index bce0157..fd451c5 100644 --- a/roles/cloud-openstack/tasks/main.yml +++ b/roles/cloud-openstack/tasks/main.yml @@ -6,77 +6,74 @@ - name: Build python virtual environment import_tasks: venv.yml -- block: - - name: Security group created - os_security_group: - state: "{{ state|default('present') }}" - name: "{{ algo_server_name }}-security_group" - description: AlgoVPN security group - register: os_security_group +- name: Security group created + os_security_group: + state: "{{ state|default('present') }}" + name: "{{ algo_server_name }}-security_group" + description: AlgoVPN security group + register: os_security_group - - name: Security rules created - os_security_group_rule: - state: "{{ state|default('present') }}" - security_group: "{{ os_security_group.id }}" - protocol: "{{ item.proto }}" - port_range_min: "{{ item.port_min }}" - port_range_max: "{{ item.port_max }}" - remote_ip_prefix: "{{ item.range }}" - with_items: - - { proto: tcp, port_min: 22, port_max: 22, range: 0.0.0.0/0 } - - { proto: icmp, port_min: -1, port_max: -1, range: 0.0.0.0/0 } - - { proto: udp, port_min: 4500, port_max: 4500, range: 0.0.0.0/0 } - - { proto: udp, port_min: 500, port_max: 500, range: 0.0.0.0/0 } - - { proto: udp, port_min: "{{ wireguard_port }}", port_max: "{{ wireguard_port }}", range: 0.0.0.0/0 } +- name: Security rules created + os_security_group_rule: + state: "{{ state|default('present') }}" + security_group: "{{ os_security_group.id }}" + protocol: "{{ item.proto }}" + port_range_min: "{{ item.port_min }}" + port_range_max: "{{ item.port_max }}" + remote_ip_prefix: "{{ item.range }}" + with_items: + - { proto: tcp, port_min: 22, port_max: 22, range: 0.0.0.0/0 } + - { proto: icmp, port_min: -1, port_max: -1, range: 0.0.0.0/0 } + - { proto: udp, port_min: 4500, port_max: 4500, range: 0.0.0.0/0 } + - { proto: udp, port_min: 500, port_max: 500, range: 0.0.0.0/0 } + - { proto: udp, port_min: "{{ wireguard_port }}", port_max: "{{ wireguard_port }}", range: 0.0.0.0/0 } - - name: Keypair created - os_keypair: - state: "{{ state|default('present') }}" - name: "{{ SSH_keys.comment|regex_replace('@', '_') }}" - public_key_file: "{{ SSH_keys.public }}" - register: os_keypair +- name: Keypair created + os_keypair: + state: "{{ state|default('present') }}" + name: "{{ SSH_keys.comment|regex_replace('@', '_') }}" + public_key_file: "{{ SSH_keys.public }}" + register: os_keypair - - name: Gather facts about flavors - os_flavor_facts: - ram: "{{ cloud_providers.openstack.flavor_ram }}" +- name: Gather facts about flavors + os_flavor_facts: + ram: "{{ cloud_providers.openstack.flavor_ram }}" - - name: Gather facts about images - os_image_facts: - image: "{{ cloud_providers.openstack.image }}" +- name: Gather facts about images + os_image_facts: + image: "{{ cloud_providers.openstack.image }}" - - name: Gather facts about public networks - os_networks_facts: +- name: Gather facts about public networks + os_networks_facts: - - name: Set the network as a fact - set_fact: - public_network_id: "{{ item.id }}" - when: - - item['router:external']|default(omit) - - item['admin_state_up']|default(omit) - - item['status'] == 'ACTIVE' - with_items: "{{ openstack_networks }}" +- name: Set the network as a fact + set_fact: + public_network_id: "{{ item.id }}" + when: + - item['router:external']|default(omit) + - item['admin_state_up']|default(omit) + - item['status'] == 'ACTIVE' + with_items: "{{ openstack_networks }}" - - name: Set facts - set_fact: - flavor_id: "{{ (openstack_flavors | sort(attribute='ram'))[0]['id'] }}" - image_id: "{{ openstack_image['id'] }}" - keypair_name: "{{ os_keypair.key.name }}" - security_group_name: "{{ os_security_group['secgroup']['name'] }}" +- name: Set facts + set_fact: + flavor_id: "{{ (openstack_flavors | sort(attribute='ram'))[0]['id'] }}" + image_id: "{{ openstack_image['id'] }}" + keypair_name: "{{ os_keypair.key.name }}" + security_group_name: "{{ os_security_group['secgroup']['name'] }}" - - name: Server created - os_server: - state: "{{ state|default('present') }}" - name: "{{ algo_server_name }}" - image: "{{ image_id }}" - flavor: "{{ flavor_id }}" - key_name: "{{ keypair_name }}" - security_groups: "{{ security_group_name }}" - nics: - - net-id: "{{ public_network_id }}" - register: os_server +- name: Server created + os_server: + state: "{{ state|default('present') }}" + name: "{{ algo_server_name }}" + image: "{{ image_id }}" + flavor: "{{ flavor_id }}" + key_name: "{{ keypair_name }}" + security_groups: "{{ security_group_name }}" + nics: + - net-id: "{{ public_network_id }}" + register: os_server - - set_fact: - cloud_instance_ip: "{{ os_server['openstack']['public_v4'] }}" - ansible_ssh_user: ubuntu - environment: - PYTHONPATH: "{{ openstack_venv }}/lib/python2.7/site-packages/" +- set_fact: + cloud_instance_ip: "{{ os_server['openstack']['public_v4'] }}" + ansible_ssh_user: ubuntu diff --git a/roles/cloud-openstack/tasks/venv.yml b/roles/cloud-openstack/tasks/venv.yml index e2c4f86..7f386a0 100644 --- a/roles/cloud-openstack/tasks/venv.yml +++ b/roles/cloud-openstack/tasks/venv.yml @@ -1,13 +1,6 @@ --- -- name: Clean up the environment - file: - dest: "{{ openstack_venv }}" - state: absent - when: clean_environment - - name: Install requirements pip: name: shade state: latest - virtualenv: "{{ openstack_venv }}" - virtualenv_python: python2.7 + virtualenv_python: python3