Linux clients installation vpn #44

deploy_client.yml

@@ -0,0 +1,31 @@
+- name: Configure the client
+  hosts: localhost
+  tasks:
+    - name: Add the droplet to an inventory group
+      add_host:
+        name: "{{ client_ip }}"
+        groups: client-host
+        ansible_ssh_user: "{{ server_user }}"
+
+- name: Configure the client and install required software
+  hosts: client-host
+  gather_facts: false
+  become: true
+  vars_files:
+    - config.cfg
+
+  pre_tasks:
+    - name: Get the OS
+      raw: uname -a
+      register: distribution
+
+    - name: Ubuntu Xenial | Install prerequisites 
+      raw: >
+        test -x /usr/bin/python2.7 ||
+        sudo apt-get update -qq && sudo apt-get install -qq -y python2.7 &&
+        sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
+      changed_when: false
+      when: "'ubuntu' in distribution.stdout"
+
+  roles:
+    - { role: client, tags: ['client'] }

roles/client/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+  
+- name: restart strongswan
+  service: name=strongswan state=restarted

roles/client/tasks/main.yml

@@ -0,0 +1,73 @@
+- name: Gather Facts
+  setup:
+
+- name: Include system based facts and tasks
+  include: systems/main.yml
+
+- name: Cheking the signature algorithm
+  local_action: >
+      shell openssl x509 -text -in certs/{{ IP_subject_alt_name }}.crt  | grep 'Signature Algorithm' | head -n1
+  become: no
+  register: sig_algo
+  args:
+    chdir: "configs/{{ IP_subject_alt_name }}/pki/"
+
+- name: Change the algorithm to RSA
+  set_fact:
+    Win10_Enabled: "Y"
+  when: '"ecdsa" not in sig_algo.stdout'
+
+- name: Install prerequisites
+  package: name="{{ item }}" state=present
+  with_items:
+    - "{{ prerequisites }}"
+
+- name: Install StrongSwan
+  package: name=strongswan state=present
+
+- name: Setup the ipsec config
+  template:
+    src: "roles/vpn/templates/client_ipsec.conf.j2"
+    dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.conf"
+    mode: '0644'
+  with_items:
+    - "{{ user }}"
+  notify:
+    - restart strongswan
+
+- name: Setup the ipsec secrets
+  template:
+    src: "roles/vpn/templates/client_ipsec.secrets.j2"
+    dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.secrets"
+    mode: '0600'
+  with_items:
+    - "{{ user }}"
+  notify:
+    - restart strongswan
+
+- name: Include additional ipsec config
+  lineinfile:
+    dest: "{{ item.dest }}"
+    line: "{{ item.line }}"
+    create: yes
+  with_items:
+    - dest: "{{ configs_prefix }}/ipsec.conf"
+      line: "include ipsec.*.conf"
+    - dest: "{{ configs_prefix }}/ipsec.secrets"
+      line: "include ipsec.*.secrets"
+  notify:
+    - restart strongswan
+
+- name: Setup the certificates and keys
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+  with_items:
+    - src: "configs/{{ IP_subject_alt_name }}/pki/certs/{{ user }}.crt"
+      dest: "{{ configs_prefix }}/ipsec.d/certs/{{ IP_subject_alt_name }}_{{ user }}.crt"
+    - src: "configs/{{ IP_subject_alt_name }}/pki/cacert.pem"
+      dest: "{{ configs_prefix }}/ipsec.d/cacerts/{{ IP_subject_alt_name }}.pem"
+    - src: "configs/{{ IP_subject_alt_name }}/pki/private/{{ user }}.key"
+      dest: "{{ configs_prefix }}/ipsec.d/private/{{ IP_subject_alt_name }}_{{ user }}.key"
+  notify:
+    - restart strongswan

roles/client/tasks/systems/CentOS.yml

@@ -0,0 +1,6 @@
+---
+
+- set_fact:
+    prerequisites:
+      - epel-release
+    configs_prefix: /etc/strongswan/

roles/client/tasks/systems/Debian.yml

@@ -0,0 +1,5 @@
+---
+
+- set_fact:
+    prerequisites: []
+    configs_prefix: /etc/

roles/client/tasks/systems/Ubuntu.yml

@@ -0,0 +1,5 @@
+---
+
+- set_fact:
+    prerequisites: []
+    configs_prefix: /etc/

roles/client/tasks/systems/main.yml

@@ -0,0 +1,10 @@
+---
+
+- include: Debian.yml
+  when: ansible_distribution == 'Debian'
+
+- include: Ubuntu.yml
+  when: ansible_distribution == 'Ubuntu'
+
+- include: CentOS.yml
+  when: ansible_distribution == 'CentOS'