From c3fcfe5d0d22ce9027f8743aae870dcabfaab98b Mon Sep 17 00:00:00 2001 From: Jack Ivanov Date: Sat, 22 Apr 2017 23:06:10 +0200 Subject: [PATCH] Let users choose the distro version #449 (#466) Make dpdaction great again add 1704 to travis Make EC2 image name more convenient modify apparmor profile --- .travis.yml | 1 + config.cfg | 10 ++++++++++ roles/cloud-azure/tasks/main.yml | 6 +----- roles/cloud-digitalocean/tasks/main.yml | 2 +- roles/cloud-ec2/tasks/main.yml | 6 +++--- roles/cloud-gce/tasks/main.yml | 2 +- roles/dns_adblocking/tasks/main.yml | 4 ++-- roles/dns_adblocking/templates/usr.sbin.dnsmasq.j2 | 2 ++ roles/vpn/tasks/main.yml | 5 +++++ roles/vpn/templates/ipsec.conf.j2 | 4 ++++ 10 files changed, 30 insertions(+), 12 deletions(-) diff --git a/.travis.yml b/.travis.yml index ab4f62c..8b304f7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -31,6 +31,7 @@ before_cache: env: - LXC_NAME=ubuntu1604 LXC_DISTRO=ubuntu LXC_RELEASE=xenial + - LXC_NAME=ubuntu1704 LXC_DISTRO=ubuntu LXC_RELEASE=zesty install: - sudo tar xf $HOME/lxc/cache.tar -C / || echo "Didn't extract cache." diff --git a/config.cfg b/config.cfg index b0fdefe..c63a46c 100644 --- a/config.cfg +++ b/config.cfg @@ -61,10 +61,20 @@ SSH_keys: cloud_providers: azure: size: Basic_A0 + image: + offer: UbuntuServer + publisher: Canonical + sku: '16.04-LTS' # 16.04-LTS + version: latest digitalocean: size: 512mb + image: "ubuntu-16-04-x64" # ubuntu-16-04-x64 / ubuntu-17-04-x64 ec2: size: t2.micro + image: + name: "ubuntu-zesty-17.04" # ubuntu-xenial-16.04 / ubuntu-zesty-17.04 + owner: "099720109477" gce: size: f1-micro + image: ubuntu-1604 # ubuntu-1604 / ubuntu-1704 local: diff --git a/roles/cloud-azure/tasks/main.yml b/roles/cloud-azure/tasks/main.yml index 252894b..9048615 100644 --- a/roles/cloud-azure/tasks/main.yml +++ b/roles/cloud-azure/tasks/main.yml @@ -89,11 +89,7 @@ Environment: Algo ssh_public_keys: - { path: "/home/ubuntu/.ssh/authorized_keys", key_data: "{{ lookup('file', '{{ SSH_keys.public }}') }}" } - image: - offer: UbuntuServer - publisher: Canonical - sku: '16.04-LTS' - version: latest + image: "{{ cloud_providers.azure.image }}" register: azure_rm_virtualmachine # To-do: Add error handling - if vm_size requested is not available, can we fall back to another, ideally with a prompt? diff --git a/roles/cloud-digitalocean/tasks/main.yml b/roles/cloud-digitalocean/tasks/main.yml index 15fbbd9..897f52a 100644 --- a/roles/cloud-digitalocean/tasks/main.yml +++ b/roles/cloud-digitalocean/tasks/main.yml @@ -46,7 +46,7 @@ name: "{{ do_server_name }}" region_id: "{{ do_region }}" size_id: "{{ cloud_providers.digitalocean.size }}" - image_id: "ubuntu-16-04-x64" + image_id: "{{ cloud_providers.digitalocean.image }}" ssh_key_ids: "{{ do_ssh_key.ssh_key.id }}" unique_name: yes api_token: "{{ do_token }}" diff --git a/roles/cloud-ec2/tasks/main.yml b/roles/cloud-ec2/tasks/main.yml index 46d71bb..b99255c 100644 --- a/roles/cloud-ec2/tasks/main.yml +++ b/roles/cloud-ec2/tasks/main.yml @@ -3,12 +3,12 @@ secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}" stack_name: "{{ aws_server_name | replace('.', '-') }}" -- name: Locate official Ubuntu 16.04 AMI for region +- name: Locate official AMI for region ec2_ami_find: aws_access_key: "{{ access_key }}" aws_secret_key: "{{ secret_key }}" - name: "ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*" - owner: 099720109477 + name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*" + owner: "{{ cloud_providers.ec2.image.owner }}" sort: creationDate sort_order: descending sort_end: 1 diff --git a/roles/cloud-gce/tasks/main.yml b/roles/cloud-gce/tasks/main.yml index 08a380e..4fbb695 100644 --- a/roles/cloud-gce/tasks/main.yml +++ b/roles/cloud-gce/tasks/main.yml @@ -14,7 +14,7 @@ instance_names: "{{ server_name }}" zone: "{{ zone }}" machine_type: "{{ cloud_providers.gce.size }}" - image: ubuntu-1604 + image: "{{ cloud_providers.gce.image }}" service_account_email: "{{ service_account_email }}" credentials_file: "{{ credentials_file_path }}" project_id: "{{ project_id }}" diff --git a/roles/dns_adblocking/tasks/main.yml b/roles/dns_adblocking/tasks/main.yml index f2f0aeb..40148b4 100644 --- a/roles/dns_adblocking/tasks/main.yml +++ b/roles/dns_adblocking/tasks/main.yml @@ -15,8 +15,6 @@ - include: freebsd.yml when: ansible_distribution == 'FreeBSD' -- meta: flush_handlers - - name: Dnsmasq configured template: src=dnsmasq.conf.j2 dest="{{ config_prefix|default('/') }}etc/dnsmasq.conf" notify: @@ -37,5 +35,7 @@ shell: > sudo -u dnsmasq "/usr/local/sbin/adblock.sh" +- meta: flush_handlers + - name: Dnsmasq enabled and started service: name=dnsmasq state=started enabled=yes diff --git a/roles/dns_adblocking/templates/usr.sbin.dnsmasq.j2 b/roles/dns_adblocking/templates/usr.sbin.dnsmasq.j2 index cf4a1e4..25a5637 100644 --- a/roles/dns_adblocking/templates/usr.sbin.dnsmasq.j2 +++ b/roles/dns_adblocking/templates/usr.sbin.dnsmasq.j2 @@ -15,6 +15,8 @@ /etc/dnsmasq.d/* r, /var/lib/dnsmasq/ r, /var/lib/dnsmasq/block.hosts r, + /etc/dnsmasq.d-available/ r, + /etc/dnsmasq.d-available/* r, /usr/sbin/dnsmasq mr, diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml index 8785635..b64cc1b 100644 --- a/roles/vpn/tasks/main.yml +++ b/roles/vpn/tasks/main.yml @@ -15,6 +15,11 @@ - name: Install strongSwan package: name=strongswan state=present +- name: Get StrongSwan versions + shell: > + ipsec --versioncode | grep -oE "^U([0-9]*|\.)*" | sed "s/^U\|\.//g" + register: strongswan_version + - include: ipec_configuration.yml - include: openssl.yml - include: distribute_keys.yml diff --git a/roles/vpn/templates/ipsec.conf.j2 b/roles/vpn/templates/ipsec.conf.j2 index 9a32552..36dc317 100644 --- a/roles/vpn/templates/ipsec.conf.j2 +++ b/roles/vpn/templates/ipsec.conf.j2 @@ -5,7 +5,11 @@ config setup conn %default fragmentation=yes rekey=no +{% if strongswan_version.stdout is defined and strongswan_version.stdout > '550' %} + dpdaction=clear +{% else %} dpdaction=none +{% endif %} keyexchange=ikev2 compress=yes dpddelay=35s