Some fixes. Fedora client. Close #44

deploy.yml

@@ -13,7 +13,7 @@
       include: playbooks/local_ssh.yml
       become: false
       when: Deployed_By_Algo is defined and Deployed_By_Algo == "Y"
-      tags: [ 'local' ]      
+      tags: [ 'local' ]
 
   roles:
     - { role: cloud-digitalocean, tags: ['digitalocean'] }

deploy_client.yml

@@ -1,11 +1,16 @@
 - name: Configure the client
   hosts: localhost
+  vars_files:
+    - config.cfg
+
   tasks:
     - name: Add the droplet to an inventory group
       add_host:
         name: "{{ client_ip }}"
         groups: client-host
-        ansible_ssh_user: "{{ server_user }}"
+        ansible_ssh_user: "{{ server_ssh_user }}"
+        vpn_user: "{{ vpn_user }}"
+        server_ip: "{{ server_ip }}"
 
 - name: Configure the client and install required software
   hosts: client-host
@@ -19,7 +24,11 @@
       raw: uname -a
       register: distribution
 
-    - name: Ubuntu Xenial | Install prerequisites 
+    - name: Modify the server name fact
+      set_fact:
+        IP_subject_alt_name: "{{ server_ip }}"
+
+    - name: Ubuntu Xenial | Install prerequisites
       raw: >
         test -x /usr/bin/python2.7 ||
         sudo apt-get update -qq && sudo apt-get install -qq -y python2.7 &&
@@ -27,5 +36,14 @@
       changed_when: false
       when: "'ubuntu' in distribution.stdout"
 
+    - name: Fedora 25 | Install prerequisites
+      raw: >
+        test -x /usr/bin/python2.7 ||
+        sudo dnf install python2 -y &&
+        sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1 &&
+        rpm -ql python2-dnf || dnf install python2-dnf -y
+      changed_when: false
+      when: "'fedora' in distribution.stdout"
+
   roles:
     - { role: client, tags: ['client'] }

docs/CLIENT.md

@@ -0,0 +1,17 @@
+### Client installation
+
+It's possible to deploy an ipsec connection on Linux clients.
+Supported distributives are: Debian, Ubuntu, CentOS, Fedora
+
+The playbook is `deploy_client.yml`
+
+Required variables:
+
+* client_ip - the IP address of your client machine (You can use `localhost` in order to deploy locally)
+* vpn_user - the username. (Ensure that you have valid certificates and keys in the `configs/SERVER_ip/pki/` directory)
+* client_ssh_user - the username that we need to use in order to connect to the client machine via SSH (ignore if you are deploying locally)
+* server_ip - the vpn server ip address
+
+Example:
+
+`ansible-playbook deploy_client.yml -e 'client_ip=client.com vpn_user=jack server_ip=vpn-server.com server_ssh_user=root'`

roles/client/tasks/main.yml

@@ -31,7 +31,7 @@
     dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.conf"
     mode: '0644'
   with_items:
-    - "{{ user }}"
+    - "{{ vpn_user }}"
   notify:
     - restart strongswan
 
@@ -41,7 +41,7 @@
     dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.secrets"
     mode: '0600'
   with_items:
-    - "{{ user }}"
+    - "{{ vpn_user }}"
   notify:
     - restart strongswan
 
@@ -63,11 +63,11 @@
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
   with_items:
-    - src: "configs/{{ IP_subject_alt_name }}/pki/certs/{{ user }}.crt"
-      dest: "{{ configs_prefix }}/ipsec.d/certs/{{ IP_subject_alt_name }}_{{ user }}.crt"
+    - src: "configs/{{ IP_subject_alt_name }}/pki/certs/{{ vpn_user }}.crt"
+      dest: "{{ configs_prefix }}/ipsec.d/certs/{{ IP_subject_alt_name }}_{{ vpn_user }}.crt"
     - src: "configs/{{ IP_subject_alt_name }}/pki/cacert.pem"
       dest: "{{ configs_prefix }}/ipsec.d/cacerts/{{ IP_subject_alt_name }}.pem"
-    - src: "configs/{{ IP_subject_alt_name }}/pki/private/{{ user }}.key"
-      dest: "{{ configs_prefix }}/ipsec.d/private/{{ IP_subject_alt_name }}_{{ user }}.key"
+    - src: "configs/{{ IP_subject_alt_name }}/pki/private/{{ vpn_user }}.key"
+      dest: "{{ configs_prefix }}/ipsec.d/private/{{ IP_subject_alt_name }}_{{ vpn_user }}.key"
   notify:
     - restart strongswan

roles/client/tasks/systems/Fedora.yml

@@ -0,0 +1,6 @@
+---
+
+- set_fact:
+    prerequisites:
+      - libselinux-python
+    configs_prefix: /etc/strongswan/

roles/client/tasks/systems/main.yml

@@ -8,3 +8,6 @@
 
 - include: CentOS.yml
   when: ansible_distribution == 'CentOS'
+
+- include: Fedora.yml
+  when: ansible_distribution == 'Fedora'