split up functions

8 years ago · ac6bb33f5d
parent 1652a695b1
commit ac6bb33f5d
8 changed files with 98 additions and 82 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 *.retry
+inventory
--- a/README.md
+++ b/README.md
@ -1 +1,5 @@
-# vpn
+# vpn
+
+Requirements (on host that executes module)  
+python >= 2.6  
+dopy  
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,3 +1,4 @@
 [defaults]
 inventory = inventory
-pipelining = True
+pipelining = True
+retry_files_enabled = False
--- a/cloud.yml
+++ b/cloud.yml
@ -0,0 +1,78 @@
+- name: Configure the server and install required software
+  hosts: localhost
+
+  vars:
+    regions:
+      "1":  "ams2"
+      "2":  "ams3"
+      "3":  "fra1"
+      "4":  "lon1"
+      "5":  "nyc1"
+      "6":  "nyc2"
+      "7":  "nyc3"
+      "8":  "sfo1"
+      "9":  "sgp1"
+      "10": "tor1"
+
+  vars_prompt:
+  - name: "do_access_token"
+    prompt: "Enter your API Token (https://cloud.digitalocean.com/settings/api/tokens):\n"
+    private: yes
+
+  - name: "do_ssh_name"
+    prompt: "Enter a valid SSH key name (https://cloud.digitalocean.com/settings/security):\n"
+    private: no
+
+  - name: "do_region"
+    prompt: >
+      What region should the server be located in?
+        1.  Amsterdam        (Datacenter 2)
+        2.  Amsterdam        (Datacenter 3)
+        3.  Frankfurt
+        4.  London
+        5.  New York         (Datacenter 1)
+        6.  New York         (Datacenter 2)
+        7.  New York         (Datacenter 3)
+        8.  San Francisco
+        9.  Singapore
+        10. Toronto
+      Please choose the number of your region. Press enter for default (#7) region.
+    default: "7"
+    private: no
+    
+  - name: "do_server_name"
+    prompt: "Name the vpn server:\n"
+    default: "strongswan"
+    private: no
+
+  tasks:
+  - name: "Getting your SSH key ID on Digital Ocean..."
+    digital_ocean:
+      state: present
+      command: ssh
+      name: "{{ do_ssh_name }}"
+      api_token: "{{ do_access_token }}"
+    register: do_ssh_key
+
+  - name: "Creating a droplet..."
+    digital_ocean:
+      state: present
+      command: droplet
+      name: "{{ do_server_name }}"
+      region_id: "{{ regions[do_region] }}"
+      size_id: "512mb"
+      image_id: "ubuntu-16-04-x64"
+      ssh_key_ids: "{{ do_ssh_key.ssh_key.id }}"
+      unique_name: yes
+      api_token: "{{ do_access_token }}"
+    register: do
+
+  - name: Add the droplet to an inventory group
+    add_host:
+      name: "{{ do.droplet.ip_address }}"
+      groups: vpn-host
+      ansible_python_interpreter: "/usr/bin/python2.7"
+
+  - name: Pause to let DigitalOcean boot up the VM
+    pause: seconds=180
+
--- a/deploy.yml
+++ b/deploy.yml
@ -0,0 +1,4 @@
+---
+
+#- include: cloud.yml
+- include: vpn.yml
--- a/5
+++ b/5
@ -1,2 +1,5 @@
 [localhost]
-127.0.0.1 ansible_connection=local
+127.0.0.1 ansible_connection=local
+
+[vpn-host]
+45.55.244.205 ansible_python_interpreter=/usr/bin/python2.7
--- a/templates/ipsec.conf.j2
+++ b/templates/ipsec.conf.j2
@ -15,4 +15,5 @@ conn psk
 	right=%any
 	rightdns=8.8.8.8,8.8.4.4
 	rightsourceip=10.0.0.0/24
-	auto=add
+	auto=add
+	
--- a/vpn.yml
+++ b/vpn.yml
@ -1,80 +1,4 @@
- name: Configure the server and install required software
-  hosts: localhost
-
-  vars:
-    regions:
-      "1":  "ams2"
-      "2":  "ams3"
-      "3":  "fra1"
-      "4":  "lon1"
-      "5":  "nyc1"
-      "6":  "nyc2"
-      "7":  "nyc3"
-      "8":  "sfo1"
-      "9":  "sgp1"
-      "10": "tor1"
-
-  vars_prompt:
-  - name: "do_access_token"
-    prompt: "Enter your API Token (https://cloud.digitalocean.com/settings/api/tokens):\n"
-    private: yes
-
-  - name: "do_ssh_name"
-    prompt: "Enter a valid SSH key name (https://cloud.digitalocean.com/settings/security):\n"
-    private: no
-
-  - name: "do_region"
-    prompt: >
-      What region should the server be located in?
-        1.  Amsterdam        (Datacenter 2)
-        2.  Amsterdam        (Datacenter 3)
-        3.  Frankfurt
-        4.  London
-        5.  New York         (Datacenter 1)
-        6.  New York         (Datacenter 2)
-        7.  New York         (Datacenter 3)
-        8.  San Francisco
-        9.  Singapore
-        10. Toronto
-      Please choose the number of your region. Press enter for default (#7) region.
-    default: "7"
-    private: no
-    
-  - name: "do_server_name"
-    prompt: "Name the vpn server:\n"
-    default: "strongswan"
-    private: no
-
-  tasks:
-  - name: "Getting your SSH key ID on Digital Ocean..."
-    digital_ocean:
-      state: present
-      command: ssh
-      name: "{{ do_ssh_name }}"
-      api_token: "{{ do_access_token }}"
-    register: do_ssh_key
-
-  - name: "Creating a droplet..."
-    digital_ocean:
-      state: present
-      command: droplet
-      name: "{{ do_server_name }}"
-      region_id: "{{ regions[do_region] }}"
-      size_id: "512mb"
-      image_id: "ubuntu-16-04-x64"
-      ssh_key_ids: "{{ do_ssh_key.ssh_key.id }}"
-      unique_name: yes
-      api_token: "{{ do_access_token }}"
-    register: do
-
-  - name: Add the droplet to an inventory group
-    add_host:
-      name: "{{ do.droplet.ip_address }}"
-      groups: vpn-host
-      ansible_python_interpreter: "/usr/bin/python2.7"
-
-  - name: Pause to let DigitalOcean boot up the VM
-    pause: seconds=180
+---

 - name: Install StrongSwan
  hosts: vpn-host
@ -104,7 +28,7 @@
    sysctl: name=net.ipv4.conf.all.send_redirects value=0

  - name: Configure iptables so IPSec traffic can traverse the tunnel
-    iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 out_interface=eth0 jump=MASQUERADE
+    iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 jump=MASQUERADE

  - name: Setup the ipsec.conf file from our template
    template: src=ipsec.conf.j2 dest=/etc/ipsec.conf owner=root group=root mode=644