algo/users.yml

---

- hosts: localhost
  gather_facts: False
  tags: always
  vars_files:
    - config.cfg

  tasks:
    - block:
        - name: Add the server to the vpn-host group
          add_host:
            hostname: "{{ server_ip }}"
            groupname: vpn-host
            ansible_ssh_user: "{{ server_user }}"
            ansible_python_interpreter: "/usr/bin/python2.7"
            ssh_tunneling_enabled: "{{ ssh_tunneling_enabled }}"
            easyrsa_CA_password: "{{ easyrsa_CA_password }}"
            IP_subject: "{{ IP_subject_alt_name }}"
            ansible_ssh_private_key_file: "{{ SSH_keys.private }}"

        - name: Wait until SSH becomes ready...
          local_action:
            module: wait_for
            port: 22
            host: "{{ server_ip }}"
            search_regex: "OpenSSH"
            delay: 10
            timeout: 320
            state: present
          become: false
      rescue:
        - debug: var=fail_hint
          tags: always
        - fail:
          tags: always

- name: User management
  hosts: vpn-host
  gather_facts: true
  become: true
  vars_files:
    - config.cfg

  pre_tasks:
    - block:
        - name: Common pre-tasks
          include: playbooks/common.yml
          tags: always
      rescue:
        - debug: var=fail_hint
          tags: always
        - fail:
          tags: always

  roles:
    - { role: ssh_tunneling, tags: always, when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y" }
    - { role: vpn }

  post_tasks:
    - block:
        - debug:
            msg:
              - "{{ congrats.common.split('\n') }}"
              - "    {% if p12.changed %}{{ congrats.p12_pass }}{% endif %}"
          tags: always
      rescue:
        - debug: var=fail_hint
          tags: always
        - fail:
          tags: always
User management 2016-07-27 21:27:11 +00:00			`---`

Modify user-management function 2016-08-11 20:54:29 +00:00			`- hosts: localhost`
			`gather_facts: False`
delete tasks and move to roles (#519) 2017-05-08 20:34:45 +00:00			`tags: always`
Modify user-management function 2016-08-11 20:54:29 +00:00			`vars_files:`
linting 2016-08-16 03:32:44 +00:00			`- config.cfg`
the password for the CA private key #75 2016-12-15 10:33:29 +00:00
Modify user-management function 2016-08-11 20:54:29 +00:00			`tasks:`
Implementing blocks and additional fail hints #487 (#497) change the troubleshooting url 2017-04-29 14:48:25 +00:00			`- block:`
			`- name: Add the server to the vpn-host group`
			`add_host:`
			`hostname: "{{ server_ip }}"`
			`groupname: vpn-host`
			`ansible_ssh_user: "{{ server_user }}"`
			`ansible_python_interpreter: "/usr/bin/python2.7"`
			`ssh_tunneling_enabled: "{{ ssh_tunneling_enabled }}"`
			`easyrsa_CA_password: "{{ easyrsa_CA_password }}"`
update-users fix (#591) 2017-06-08 14:27:35 +00:00			`IP_subject: "{{ IP_subject_alt_name }}"`
Implementing blocks and additional fail hints #487 (#497) change the troubleshooting url 2017-04-29 14:48:25 +00:00			`ansible_ssh_private_key_file: "{{ SSH_keys.private }}"`

			`- name: Wait until SSH becomes ready...`
			`local_action:`
			`module: wait_for`
			`port: 22`
			`host: "{{ server_ip }}"`
			`search_regex: "OpenSSH"`
			`delay: 10`
			`timeout: 320`
			`state: present`
			`become: false`
			`rescue:`
			`- debug: var=fail_hint`
			`tags: always`
			`- fail:`
			`tags: always`
Modify user-management function 2016-08-11 20:54:29 +00:00
miscelllaneous cleanups 2016-07-30 17:26:30 +00:00			`- name: User management`
Modify user-management function 2016-08-11 20:54:29 +00:00			`hosts: vpn-host`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 2017-02-03 19:24:02 +00:00			`gather_facts: true`
EC2 Support 2016-07-30 16:05:04 +00:00			`become: true`
User management 2016-07-27 21:27:11 +00:00			`vars_files:`
linting 2016-08-16 03:32:44 +00:00			`- config.cfg`
linting 2016-08-25 20:59:16 +00:00
Update-users fixed #52 2016-08-18 18:49:20 +00:00			`pre_tasks:`
Implementing blocks and additional fail hints #487 (#497) change the troubleshooting url 2017-04-29 14:48:25 +00:00			`- block:`
			`- name: Common pre-tasks`
			`include: playbooks/common.yml`
delete tasks and move to roles (#519) 2017-05-08 20:34:45 +00:00			`tags: always`
Implementing blocks and additional fail hints #487 (#497) change the troubleshooting url 2017-04-29 14:48:25 +00:00			`rescue:`
			`- debug: var=fail_hint`
			`tags: always`
			`- fail:`
			`tags: always`
FreeBSD / HardenedBSD (#262) * FreeBSD draft ifconfig fix Pre-tasks fixes fix hardcoded IP some refactoring disable system-based tags disable freebsd tags FreeBSD vpn role add defaults ssh role freebsd default fix dns_adblocking freebsd ubuntu dict fix * HardenedBSD update-users BSD * Rebuild the kernel docs changing 2017-03-18 09:22:07 +00:00
Add the SSH role to the users-update playbook #92 fixed 2016-10-06 17:39:53 +00:00			`roles:`
delete tasks and move to roles (#519) 2017-05-08 20:34:45 +00:00			`- { role: ssh_tunneling, tags: always, when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y" }`
			`- { role: vpn }`
Add the SSH role to the users-update playbook #92 fixed 2016-10-06 17:39:53 +00:00
random password for the p12 certificates #135 2016-12-14 15:49:47 +00:00			`post_tasks:`
Implementing blocks and additional fail hints #487 (#497) change the troubleshooting url 2017-04-29 14:48:25 +00:00			`- block:`
			`- debug:`
			`msg:`
			`- "{{ congrats.common.split('\n') }}"`
Change the P12 and SSH passwords only for new users (#550) 2017-05-22 02:28:18 +00:00			`- " {% if p12.changed %}{{ congrats.p12_pass }}{% endif %}"`
Implementing blocks and additional fail hints #487 (#497) change the troubleshooting url 2017-04-29 14:48:25 +00:00			`tags: always`
			`rescue:`
			`- debug: var=fail_hint`
			`tags: always`
			`- fail:`
			`tags: always`