From 2a4d1837b5f80e986400e4e5afa712b5b58c39c2 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Sat, 4 Mar 2017 23:05:02 +0300
Subject: [PATCH] Some fixes. Fedora client. Close #44

---
 deploy.yml                            |  2 +-
 deploy_client.yml                     | 22 ++++++++++++++++++++--
 docs/CLIENT.md                        | 17 +++++++++++++++++
 roles/client/tasks/main.yml           | 12 ++++++------
 roles/client/tasks/systems/Fedora.yml |  6 ++++++
 roles/client/tasks/systems/main.yml   |  3 +++
 6 files changed, 53 insertions(+), 9 deletions(-)
 create mode 100644 docs/CLIENT.md
 create mode 100644 roles/client/tasks/systems/Fedora.yml

diff --git a/deploy.yml b/deploy.yml
index 184e745..4f967b7 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -13,7 +13,7 @@
       include: playbooks/local_ssh.yml
       become: false
       when: Deployed_By_Algo is defined and Deployed_By_Algo == "Y"
-      tags: [ 'local' ]      
+      tags: [ 'local' ]
 
   roles:
     - { role: cloud-digitalocean, tags: ['digitalocean'] }
diff --git a/deploy_client.yml b/deploy_client.yml
index 67b8136..baf26c8 100644
--- a/deploy_client.yml
+++ b/deploy_client.yml
@@ -1,11 +1,16 @@
 - name: Configure the client
   hosts: localhost
+  vars_files:
+    - config.cfg
+
   tasks:
     - name: Add the droplet to an inventory group
       add_host:
         name: "{{ client_ip }}"
         groups: client-host
-        ansible_ssh_user: "{{ server_user }}"
+        ansible_ssh_user: "{{ server_ssh_user }}"
+        vpn_user: "{{ vpn_user }}"
+        server_ip: "{{ server_ip }}"
 
 - name: Configure the client and install required software
   hosts: client-host
@@ -19,7 +24,11 @@
       raw: uname -a
       register: distribution
 
-    - name: Ubuntu Xenial | Install prerequisites 
+    - name: Modify the server name fact
+      set_fact:
+        IP_subject_alt_name: "{{ server_ip }}"
+
+    - name: Ubuntu Xenial | Install prerequisites
       raw: >
         test -x /usr/bin/python2.7 ||
         sudo apt-get update -qq && sudo apt-get install -qq -y python2.7 &&
@@ -27,5 +36,14 @@
       changed_when: false
       when: "'ubuntu' in distribution.stdout"
 
+    - name: Fedora 25 | Install prerequisites
+      raw: >
+        test -x /usr/bin/python2.7 ||
+        sudo dnf install python2 -y &&
+        sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1 &&
+        rpm -ql python2-dnf || dnf install python2-dnf -y
+      changed_when: false
+      when: "'fedora' in distribution.stdout"
+
   roles:
     - { role: client, tags: ['client'] }
diff --git a/docs/CLIENT.md b/docs/CLIENT.md
new file mode 100644
index 0000000..af9dcbd
--- /dev/null
+++ b/docs/CLIENT.md
@@ -0,0 +1,17 @@
+### Client installation
+
+It's possible to deploy an ipsec connection on Linux clients.
+Supported distributives are: Debian, Ubuntu, CentOS, Fedora
+
+The playbook is `deploy_client.yml`
+
+Required variables:
+
+* client_ip - the IP address of your client machine (You can use `localhost` in order to deploy locally)
+* vpn_user - the username. (Ensure that you have valid certificates and keys in the `configs/SERVER_ip/pki/` directory)
+* client_ssh_user - the username that we need to use in order to connect to the client machine via SSH (ignore if you are deploying locally)
+* server_ip - the vpn server ip address
+
+Example:
+
+`ansible-playbook deploy_client.yml -e 'client_ip=client.com vpn_user=jack server_ip=vpn-server.com server_ssh_user=root'`
diff --git a/roles/client/tasks/main.yml b/roles/client/tasks/main.yml
index 8bd57e8..c5b6997 100644
--- a/roles/client/tasks/main.yml
+++ b/roles/client/tasks/main.yml
@@ -31,7 +31,7 @@
     dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.conf"
     mode: '0644'
   with_items:
-    - "{{ user }}"
+    - "{{ vpn_user }}"
   notify:
     - restart strongswan
 
@@ -41,7 +41,7 @@
     dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.secrets"
     mode: '0600'
   with_items:
-    - "{{ user }}"
+    - "{{ vpn_user }}"
   notify:
     - restart strongswan
 
@@ -63,11 +63,11 @@
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
   with_items:
-    - src: "configs/{{ IP_subject_alt_name }}/pki/certs/{{ user }}.crt"
-      dest: "{{ configs_prefix }}/ipsec.d/certs/{{ IP_subject_alt_name }}_{{ user }}.crt"
+    - src: "configs/{{ IP_subject_alt_name }}/pki/certs/{{ vpn_user }}.crt"
+      dest: "{{ configs_prefix }}/ipsec.d/certs/{{ IP_subject_alt_name }}_{{ vpn_user }}.crt"
     - src: "configs/{{ IP_subject_alt_name }}/pki/cacert.pem"
       dest: "{{ configs_prefix }}/ipsec.d/cacerts/{{ IP_subject_alt_name }}.pem"
-    - src: "configs/{{ IP_subject_alt_name }}/pki/private/{{ user }}.key"
-      dest: "{{ configs_prefix }}/ipsec.d/private/{{ IP_subject_alt_name }}_{{ user }}.key"
+    - src: "configs/{{ IP_subject_alt_name }}/pki/private/{{ vpn_user }}.key"
+      dest: "{{ configs_prefix }}/ipsec.d/private/{{ IP_subject_alt_name }}_{{ vpn_user }}.key"
   notify:
     - restart strongswan
diff --git a/roles/client/tasks/systems/Fedora.yml b/roles/client/tasks/systems/Fedora.yml
new file mode 100644
index 0000000..ec92092
--- /dev/null
+++ b/roles/client/tasks/systems/Fedora.yml
@@ -0,0 +1,6 @@
+---
+
+- set_fact:
+    prerequisites:
+      - libselinux-python
+    configs_prefix: /etc/strongswan/
diff --git a/roles/client/tasks/systems/main.yml b/roles/client/tasks/systems/main.yml
index 277b426..85da1eb 100644
--- a/roles/client/tasks/systems/main.yml
+++ b/roles/client/tasks/systems/main.yml
@@ -8,3 +8,6 @@
 
 - include: CentOS.yml
   when: ansible_distribution == 'CentOS'
+
+- include: Fedora.yml
+  when: ansible_distribution == 'Fedora'