LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
303 Commits
12 Branches
967 KiB
Tree: 83479809ad
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '83479809ad'
${ noResults }
lilik_playbook/roles/openvpn/tasks/main.yaml

113 lines
2.6 KiB
Raw Normal View History

use ca_dialog in openvpn role
7 years ago
add vpn
8 years ago
set default values for paths to openvpn files
7 years ago
add vpn
8 years ago
set default values for paths to openvpn files
7 years ago
add vpn
8 years ago
set default values for paths to openvpn files
7 years ago
add vpn
8 years ago
set default values for paths to openvpn files
7 years ago
add vpn
8 years ago
format nicely debug messages in openvpn role
7 years ago
add vpn
8 years ago
use ca_dialog in openvpn role
7 years ago
add vpn
8 years ago
update openvpn role, ssh_server role
7 years ago
add vpn
8 years ago
format nicely debug messages in openvpn role
7 years ago
add vpn
8 years ago
use ca_dialog in openvpn role
7 years ago
add vpn
8 years ago
update openvpn role, ssh_server role
7 years ago
add vpn
8 years ago
use ca_dialog in openvpn role
7 years ago
add vpn
8 years ago
update openvpn role, ssh_server role
7 years ago
add vpn
8 years ago
use ca_dialog in openvpn role
7 years ago
add vpn
8 years ago
update openvpn role, ssh_server role
7 years ago
add vpn
8 years ago
update openvpn role, ssh_server role
7 years ago
add vpn
8 years ago
set default values for paths to openvpn files
7 years ago
add vpn
8 years ago
Add fullchain template
7 years ago
add vpn
8 years ago
update openvpn role, ssh_server role
7 years ago
add vpn
8 years ago
 
  1. ---

  2. - name: install openvpn-openssl package

  3.   opkg:

  4.     name: openvpn-openssl

  5.     state: present

  6. 

  7. - name: create openvpn KEY

  8.   shell: 'openssl genrsa -out {{ openvpn_key }} 2047'

  9.   args:

  10.     creates: "{{ openvpn_key }}"

  11.   notify: reload openvpn

  12. 

  13. 

  14. - name: create openvpn dh2048

  15.   shell: 'openssl dhparam -out /etc/openvpn/dh2048.pem 2048'

  16.   args:

  17.     creates: /etc/openvpn/dh2048.pem

  18.   notify: reload openvpn

  19. 

  20. 

  21. - name: create CSR

  22.   shell: 'openssl req -new -sha256 -subj "/C=IT/ST=ITALY/L=TUSCANY/O=IT/CN={{ ansible_hostname }}.lilik.it" -key /etc/openvpn/openvpn.key -out /etc/openvpn/openvpn.csr'

  23.   args:

  24.     creates: "{{ openvpn_csr }}"

  25.   notify: reload openvpn

  26. 

  27. - name: check if openvpn cert key exist

  28.   stat:

  29.     path: "{{ openvpn_crt }}"

  30.   register: openvpn_cert_key

  31. 

  32. - block:

  33.     - name: get pub key

  34.       shell: "cat /etc/openvpn/openvpn.csr"

  35.       register: pub_key

  36. 

  37.     - debug:

  38.         var: pub_key

  39.         verbosity: 2

  40. 

  41.     - name: generate host request

  42.       set_fact:

  43.         ca_request:

  44.           type: 'sign_request'

  45.           request:

  46.             keyType: 'ssl_host'

  47.             hostName: '{{ inventory_hostname }}.lilik.it'

  48.             keyData: '{{ pub_key.stdout }}'

  49. 

  50.     - debug:

  51.         var: cert_request

  52.         verbosity: 2

  53. 

  54.     - name: start sign request

  55.       include: ca-dialog.yaml

  56. 

  57.     - set_fact:

  58.         request_output: "{{ request_result.stdout | string | from_json }}"

  59. 

  60.     - debug:

  61.         var: request_output

  62. 

  63.     - name: generate get request

  64.       set_fact:

  65.         ca_request:

  66.           type: 'get_certificate'

  67.           requestID: '{{ request_output.requestID }}'

  68. 

  69.     - debug:

  70.         msg: "Please manualy confirm sign request with id {{ request_output.requestID }}"

  71. 

  72.     - name: wait for cert

  73.       include: ca-dialog.yaml

  74. 

  75.     - set_fact:

  76.           cert_key: "{{ request_result.stdout | string | from_json }}"

  77. 

  78.     - debug:

  79.         var: request_result

  80.         verbosity: 2

  81. 

  82.     - name: set pub key

  83.       copy:

  84.         content: "{{ cert_key.result }}"

  85.         dest: "{{ openvpn_crt }}"

  86.       register: set_pub_key

  87.   when: not openvpn_cert_key.stat.exists

  88. 

  89. - set_fact:

  90.     certificates:

  91.       - files/lilik_ca_x1.pub

  92.       - files/lilik_ca_v1.pub

  93. 

  94. - name: create vpn fullchain

  95.   template:

  96.     src: fullchain.j2

  97.     dest: /etc/openvpn/fullchain.crt

  98.   notify: reload openvpn

  99. 

  100. - name: write openvpn configuration

  101.   template:

  102.     dest: /etc/config/openvpn

  103.     src: openvpn.j2

  104.     owner: root

  105.     group: root

  106.     mode: 0400

  107.   register: new_vpn_config

  108.   notify: reload openvpn

  109. 

  110. - name: commit openvpn configuration to uci

  111.   shell: 'uci commit openvpn'

  112.   notify: reload openvpn

  113.   when: new_vpn_config.changed