From 30beadb9490342b1da9ca0fed187720adc71d0d1 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com>
Date: Fri, 15 Mar 2019 18:16:26 +0100
Subject: [PATCH] Modify naming in the cloud resources and client config files
(#1353)
* Modify naming in the cloud resources and client config files
* Azure template: Eliminate unneeded variables
---
roles/cloud-azure/files/deployment.json | 50 ++++++++-----------
roles/cloud-azure/tasks/main.yml | 9 ++--
roles/cloud-ec2/files/stack.yml | 26 +++-------
roles/cloud-gce/tasks/main.yml | 6 +--
.../templates/client_windows.ps1.j2 | 2 +-
roles/strongswan/templates/mobileconfig.j2 | 12 ++---
6 files changed, 42 insertions(+), 63 deletions(-)
diff --git a/roles/cloud-azure/files/deployment.json b/roles/cloud-azure/files/deployment.json
index 646ea8a..027e562 100644
--- a/roles/cloud-azure/files/deployment.json
+++ b/roles/cloud-azure/files/deployment.json
@@ -2,15 +2,9 @@
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
- "AlgoServerName": {
- "type": "string"
- },
"sshKeyData": {
"type": "string"
},
- "location": {
- "type": "string"
- },
"WireGuardPort": {
"type": "int"
},
@@ -22,15 +16,15 @@
}
},
"variables": {
- "vnetID": "[resourceId('Microsoft.Network/virtualNetworks', parameters('AlgoServerName'))]",
- "subnet1Ref": "[concat(variables('vnetID'),'/subnets/', parameters('AlgoServerName'))]"
+ "vnetID": "[resourceId('Microsoft.Network/virtualNetworks', resourceGroup().name)]",
+ "subnet1Ref": "[concat(variables('vnetID'),'/subnets/', resourceGroup().name)]"
},
"resources": [
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/networkSecurityGroups",
- "name": "[parameters('AlgoServerName')]",
- "location": "[parameters('location')]",
+ "name": "[resourceGroup().name]",
+ "location": "[resourceGroup().location]",
"properties": {
"securityRules": [
{
@@ -95,8 +89,8 @@
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/publicIPAddresses",
- "name": "[parameters('AlgoServerName')]",
- "location": "[parameters('location')]",
+ "name": "[resourceGroup().name]",
+ "location": "[resourceGroup().location]",
"properties": {
"publicIPAllocationMethod": "Static"
}
@@ -104,8 +98,8 @@
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/virtualNetworks",
- "name": "[parameters('AlgoServerName')]",
- "location": "[parameters('location')]",
+ "name": "[resourceGroup().name]",
+ "location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
@@ -114,7 +108,7 @@
},
"subnets": [
{
- "name": "[parameters('AlgoServerName')]",
+ "name": "[resourceGroup().name]",
"properties": {
"addressPrefix": "10.10.0.0/24"
}
@@ -125,16 +119,16 @@
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/networkInterfaces",
- "name": "[parameters('AlgoServerName')]",
- "location": "[parameters('location')]",
+ "name": "[resourceGroup().name]",
+ "location": "[resourceGroup().location]",
"dependsOn": [
- "[concat('Microsoft.Network/networkSecurityGroups/', parameters('AlgoServerName'))]",
- "[concat('Microsoft.Network/publicIPAddresses/', parameters('AlgoServerName'))]",
- "[concat('Microsoft.Network/virtualNetworks/', parameters('AlgoServerName'))]"
+ "[concat('Microsoft.Network/networkSecurityGroups/', resourceGroup().name)]",
+ "[concat('Microsoft.Network/publicIPAddresses/', resourceGroup().name)]",
+ "[concat('Microsoft.Network/virtualNetworks/', resourceGroup().name)]"
],
"properties": {
"networkSecurityGroup": {
- "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('AlgoServerName'))]"
+ "id": "[resourceId('Microsoft.Network/networkSecurityGroups', resourceGroup().name)]"
},
"ipConfigurations": [
{
@@ -142,7 +136,7 @@
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
- "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('AlgoServerName'))]"
+ "id": "[resourceId('Microsoft.Network/publicIPAddresses', resourceGroup().name)]"
},
"subnet": {
"id": "[variables('subnet1Ref')]"
@@ -155,17 +149,17 @@
{
"apiVersion": "2016-04-30-preview",
"type": "Microsoft.Compute/virtualMachines",
- "name": "[parameters('AlgoServerName')]",
- "location": "[parameters('location')]",
+ "name": "[resourceGroup().name]",
+ "location": "[resourceGroup().location]",
"dependsOn": [
- "[concat('Microsoft.Network/networkInterfaces/', parameters('AlgoServerName'))]"
+ "[concat('Microsoft.Network/networkInterfaces/', resourceGroup().name)]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
- "computerName": "[parameters('AlgoServerName')]",
+ "computerName": "[resourceGroup().name]",
"adminUsername": "ubuntu",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
@@ -193,7 +187,7 @@
"networkProfile": {
"networkInterfaces": [
{
- "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('AlgoServerName'))]"
+ "id": "[resourceId('Microsoft.Network/networkInterfaces', resourceGroup().name)]"
}
]
}
@@ -203,7 +197,7 @@
"outputs": {
"publicIPAddresses": {
"type": "string",
- "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',parameters('AlgoServerName')),providers('Microsoft.Network', 'publicIPAddresses').apiVersions[0]).ipAddress]",
+ "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',resourceGroup().name),providers('Microsoft.Network', 'publicIPAddresses').apiVersions[0]).ipAddress]",
}
}
}
diff --git a/roles/cloud-azure/tasks/main.yml b/roles/cloud-azure/tasks/main.yml
index 38adc74..113352c 100644
--- a/roles/cloud-azure/tasks/main.yml
+++ b/roles/cloud-azure/tasks/main.yml
@@ -16,20 +16,17 @@
- name: Create AlgoVPN Server
azure_rm_deployment:
state: present
- deployment_name: "AlgoVPN-{{ algo_server_name }}"
+ deployment_name: "{{ algo_server_name }}"
template: "{{ lookup('file', 'deployment.json') }}"
secret: "{{ secret }}"
tenant: "{{ tenant }}"
client_id: "{{ client_id }}"
subscription_id: "{{ subscription_id }}"
- resource_group_name: "AlgoVPN-{{ algo_server_name }}"
+ resource_group_name: "{{ algo_server_name }}"
+ location: "{{ algo_region }}"
parameters:
- AlgoServerName:
- value: "{{ algo_server_name }}"
sshKeyData:
value: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
- location:
- value: "{{ algo_region }}"
WireGuardPort:
value: "{{ wireguard_port }}"
vmSize:
diff --git a/roles/cloud-ec2/files/stack.yml b/roles/cloud-ec2/files/stack.yml
index 3660613..829a2cb 100644
--- a/roles/cloud-ec2/files/stack.yml
+++ b/roles/cloud-ec2/files/stack.yml
@@ -21,9 +21,7 @@ Resources:
InstanceTenancy: default
Tags:
- Key: Name
- Value: Algo
- - Key: Environment
- Value: Algo
+ Value: !Ref AWS::StackName
VPCIPv6:
Type: AWS::EC2::VPCCidrBlock
@@ -35,22 +33,18 @@ Resources:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- - Key: Environment
- Value: Algo
- Key: Name
- Value: Algo
+ Value: !Ref AWS::StackName
Subnet:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 172.16.254.0/23
MapPublicIpOnLaunch: false
+ VpcId: !Ref VPC
Tags:
- - Key: Environment
- Value: Algo
- Key: Name
- Value: Algo
- VpcId: !Ref VPC
+ Value: !Ref AWS::StackName
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
@@ -63,10 +57,8 @@ Resources:
Properties:
VpcId: !Ref VPC
Tags:
- - Key: Environment
- Value: Algo
- Key: Name
- Value: Algo
+ Value: !Ref AWS::StackName
Route:
Type: AWS::EC2::Route
@@ -140,9 +132,7 @@ Resources:
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
- Value: Algo
- - Key: Environment
- Value: Algo
+ Value: !Ref AWS::StackName
EC2Instance:
Type: AWS::EC2::Instance
@@ -181,9 +171,7 @@ Resources:
cfn-signal -e $? --stack ${AWS::StackName} --resource EC2Instance --region ${AWS::Region}
Tags:
- Key: Name
- Value: Algo
- - Key: Environment
- Value: Algo
+ Value: !Ref AWS::StackName
ElasticIP:
Type: AWS::EC2::EIP
diff --git a/roles/cloud-gce/tasks/main.yml b/roles/cloud-gce/tasks/main.yml
index e04b3d8..baa5f46 100644
--- a/roles/cloud-gce/tasks/main.yml
+++ b/roles/cloud-gce/tasks/main.yml
@@ -8,8 +8,8 @@
- name: Network configured
gce_net:
- name: "algo-net-{{ algo_server_name }}"
- fwname: "algo-net-{{ algo_server_name }}-fw"
+ name: "{{ algo_server_name }}"
+ fwname: "{{ algo_server_name }}-fw"
allowed: "udp:500,4500,{{ wireguard_port }};tcp:22"
state: "present"
mode: auto
@@ -45,7 +45,7 @@
credentials_file: "{{ credentials_file_path }}"
project_id: "{{ project_id }}"
metadata: '{"ssh-keys":"ubuntu:{{ ssh_public_key_lookup }}"}'
- network: "algo-net-{{ algo_server_name }}"
+ network: "{{ algo_server_name }}"
tags:
- "environment-algo"
register: google_vm
diff --git a/roles/strongswan/templates/client_windows.ps1.j2 b/roles/strongswan/templates/client_windows.ps1.j2
index e1021bb..da53383 100644
--- a/roles/strongswan/templates/client_windows.ps1.j2
+++ b/roles/strongswan/templates/client_windows.ps1.j2
@@ -85,7 +85,7 @@ Save the embedded CA cert and encrypted user PKCS12 file.
$ErrorActionPreference = "Stop"
$VpnServerAddress = "{{ IP_subject_alt_name }}"
-$VpnName = "Algo VPN {{ IP_subject_alt_name }} IKEv2"
+$VpnName = "AlgoVPN {{ algo_server_name }} IKEv2"
$VpnUser = "{{ item.0 }}"
$CaCertificateBase64 = "{{ PayloadContentCA }}"
$UserPkcs12Base64 = "{{ item.1.stdout }}"
diff --git a/roles/strongswan/templates/mobileconfig.j2 b/roles/strongswan/templates/mobileconfig.j2
index 686ed7e..e9d6670 100644
--- a/roles/strongswan/templates/mobileconfig.j2
+++ b/roles/strongswan/templates/mobileconfig.j2
@@ -116,7 +116,7 @@
PayloadDescription
Configures VPN settings
PayloadDisplayName
- VPN
+ {{ algo_server_name }}
PayloadIdentifier
com.apple.vpn.managed.{{ VPN_PayloadIdentifier }}
PayloadType
@@ -133,7 +133,7 @@
0
UserDefinedName
- Algo VPN {{ IP_subject_alt_name }} IKEv2
+ AlgoVPN {{ algo_server_name }} IKEv2
VPNType
IKEv2
@@ -149,7 +149,7 @@
PayloadDescription
Adds a PKCS#12-formatted certificate
PayloadDisplayName
- {{ item.0 }}.p12
+ {{ algo_server_name }}
PayloadIdentifier
com.apple.security.pkcs12.{{ pkcs12_PayloadCertificateUUID }}
PayloadType
@@ -169,7 +169,7 @@
PayloadDescription
Adds a CA root certificate
PayloadDisplayName
- {{ IP_subject_alt_name }}
+ {{ algo_server_name }}
PayloadIdentifier
com.apple.security.root.{{ CA_PayloadIdentifier }}
PayloadType
@@ -181,11 +181,11 @@
PayloadDisplayName
- {{ IP_subject_alt_name }} IKEv2
+ AlgoVPN {{ algo_server_name }} IKEv2
PayloadIdentifier
donut.local.{{ 500000 | random | to_uuid | upper }}
PayloadOrganization
- Algo VPN
+ AlgoVPN
PayloadRemovalDisallowed
PayloadType