mirror of https://github.com/trailofbits/algo
Refactoring to support roles inclusion (#1365)
parent
8af0efa623
commit
c4ea88000b
@ -0,0 +1,5 @@
|
||||
---
|
||||
- debug:
|
||||
var: fail_hint
|
||||
|
||||
- fail:
|
@ -1,47 +1,41 @@
|
||||
---
|
||||
- block:
|
||||
- name: Build python virtual environment
|
||||
import_tasks: venv.yml
|
||||
- name: Build python virtual environment
|
||||
import_tasks: venv.yml
|
||||
|
||||
- block:
|
||||
- name: Include prompts
|
||||
import_tasks: prompts.yml
|
||||
- block:
|
||||
- name: Include prompts
|
||||
import_tasks: prompts.yml
|
||||
|
||||
- set_fact:
|
||||
algo_region: >-
|
||||
{% if region is defined %}{{ region }}
|
||||
{%- elif _algo_region.user_input is defined and _algo_region.user_input != "" %}{{ azure_regions[_algo_region.user_input | int -1 ]['name'] }}
|
||||
{%- else %}{{ azure_regions[default_region | int - 1]['name'] }}{% endif %}
|
||||
- set_fact:
|
||||
algo_region: >-
|
||||
{% if region is defined %}{{ region }}
|
||||
{%- elif _algo_region.user_input is defined and _algo_region.user_input != "" %}{{ azure_regions[_algo_region.user_input | int -1 ]['name'] }}
|
||||
{%- else %}{{ azure_regions[default_region | int - 1]['name'] }}{% endif %}
|
||||
|
||||
- name: Create AlgoVPN Server
|
||||
azure_rm_deployment:
|
||||
state: present
|
||||
deployment_name: "{{ algo_server_name }}"
|
||||
template: "{{ lookup('file', 'deployment.json') }}"
|
||||
secret: "{{ secret }}"
|
||||
tenant: "{{ tenant }}"
|
||||
client_id: "{{ client_id }}"
|
||||
subscription_id: "{{ subscription_id }}"
|
||||
resource_group_name: "{{ algo_server_name }}"
|
||||
location: "{{ algo_region }}"
|
||||
parameters:
|
||||
sshKeyData:
|
||||
value: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
|
||||
WireGuardPort:
|
||||
value: "{{ wireguard_port }}"
|
||||
vmSize:
|
||||
value: "{{ cloud_providers.azure.size }}"
|
||||
imageReferenceSku:
|
||||
value: "{{ cloud_providers.azure.image }}"
|
||||
register: azure_rm_deployment
|
||||
- name: Create AlgoVPN Server
|
||||
azure_rm_deployment:
|
||||
state: present
|
||||
deployment_name: "{{ algo_server_name }}"
|
||||
template: "{{ lookup('file', 'deployment.json') }}"
|
||||
secret: "{{ secret }}"
|
||||
tenant: "{{ tenant }}"
|
||||
client_id: "{{ client_id }}"
|
||||
subscription_id: "{{ subscription_id }}"
|
||||
resource_group_name: "{{ algo_server_name }}"
|
||||
location: "{{ algo_region }}"
|
||||
parameters:
|
||||
sshKeyData:
|
||||
value: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
|
||||
WireGuardPort:
|
||||
value: "{{ wireguard_port }}"
|
||||
vmSize:
|
||||
value: "{{ cloud_providers.azure.size }}"
|
||||
imageReferenceSku:
|
||||
value: "{{ cloud_providers.azure.image }}"
|
||||
register: azure_rm_deployment
|
||||
|
||||
- set_fact:
|
||||
cloud_instance_ip: "{{ azure_rm_deployment.deployment.outputs.publicIPAddresses.value }}"
|
||||
ansible_ssh_user: ubuntu
|
||||
environment:
|
||||
PYTHONPATH: "{{ azure_venv }}/lib/python2.7/site-packages/"
|
||||
rescue:
|
||||
- debug: var=fail_hint
|
||||
tags: always
|
||||
- fail:
|
||||
tags: always
|
||||
- set_fact:
|
||||
cloud_instance_ip: "{{ azure_rm_deployment.deployment.outputs.publicIPAddresses.value }}"
|
||||
ansible_ssh_user: ubuntu
|
||||
environment:
|
||||
PYTHONPATH: "{{ azure_venv }}/lib/python2.7/site-packages/"
|
||||
|
@ -1,110 +1,105 @@
|
||||
---
|
||||
- name: Build python virtual environment
|
||||
import_tasks: venv.yml
|
||||
|
||||
- block:
|
||||
- name: Build python virtual environment
|
||||
import_tasks: venv.yml
|
||||
- name: Include prompts
|
||||
import_tasks: prompts.yml
|
||||
|
||||
- name: Set additional facts
|
||||
set_fact:
|
||||
algo_do_region: >-
|
||||
{% if region is defined %}{{ region }}
|
||||
{%- elif _algo_region.user_input is defined and _algo_region.user_input != "" %}{{ do_regions[_algo_region.user_input | int -1 ]['slug'] }}
|
||||
{%- else %}{{ do_regions[default_region | int - 1]['slug'] }}{% endif %}
|
||||
public_key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
|
||||
|
||||
- block:
|
||||
- name: Include prompts
|
||||
import_tasks: prompts.yml
|
||||
- block:
|
||||
- name: "Delete the existing Algo SSH keys"
|
||||
digital_ocean:
|
||||
state: absent
|
||||
command: ssh
|
||||
api_token: "{{ algo_do_token }}"
|
||||
name: "{{ SSH_keys.comment }}"
|
||||
register: ssh_keys
|
||||
until: ssh_keys.changed != true
|
||||
retries: 10
|
||||
delay: 1
|
||||
|
||||
- name: Set additional facts
|
||||
set_fact:
|
||||
algo_do_region: >-
|
||||
{% if region is defined %}{{ region }}
|
||||
{%- elif _algo_region.user_input is defined and _algo_region.user_input != "" %}{{ do_regions[_algo_region.user_input | int -1 ]['slug'] }}
|
||||
{%- else %}{{ do_regions[default_region | int - 1]['slug'] }}{% endif %}
|
||||
public_key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
|
||||
rescue:
|
||||
- name: Collect the fail error
|
||||
digital_ocean:
|
||||
state: absent
|
||||
command: ssh
|
||||
api_token: "{{ algo_do_token }}"
|
||||
name: "{{ SSH_keys.comment }}"
|
||||
register: ssh_keys
|
||||
ignore_errors: yes
|
||||
|
||||
- block:
|
||||
- name: "Delete the existing Algo SSH keys"
|
||||
digital_ocean:
|
||||
state: absent
|
||||
command: ssh
|
||||
api_token: "{{ algo_do_token }}"
|
||||
name: "{{ SSH_keys.comment }}"
|
||||
register: ssh_keys
|
||||
until: ssh_keys.changed != true
|
||||
retries: 10
|
||||
delay: 1
|
||||
- debug: var=ssh_keys
|
||||
|
||||
rescue:
|
||||
- name: Collect the fail error
|
||||
digital_ocean:
|
||||
state: absent
|
||||
command: ssh
|
||||
api_token: "{{ algo_do_token }}"
|
||||
name: "{{ SSH_keys.comment }}"
|
||||
register: ssh_keys
|
||||
ignore_errors: yes
|
||||
- fail:
|
||||
msg: "Please, ensure that your API token is not read-only."
|
||||
|
||||
- debug: var=ssh_keys
|
||||
- name: "Upload the SSH key"
|
||||
digital_ocean:
|
||||
state: present
|
||||
command: ssh
|
||||
ssh_pub_key: "{{ public_key }}"
|
||||
api_token: "{{ algo_do_token }}"
|
||||
name: "{{ SSH_keys.comment }}"
|
||||
register: do_ssh_key
|
||||
|
||||
- fail:
|
||||
msg: "Please, ensure that your API token is not read-only."
|
||||
- name: "Creating a droplet..."
|
||||
digital_ocean:
|
||||
state: present
|
||||
command: droplet
|
||||
name: "{{ algo_server_name }}"
|
||||
region_id: "{{ algo_do_region }}"
|
||||
size_id: "{{ cloud_providers.digitalocean.size }}"
|
||||
image_id: "{{ cloud_providers.digitalocean.image }}"
|
||||
ssh_key_ids: "{{ do_ssh_key.ssh_key.id }}"
|
||||
unique_name: yes
|
||||
api_token: "{{ algo_do_token }}"
|
||||
ipv6: yes
|
||||
register: do
|
||||
|
||||
- name: "Upload the SSH key"
|
||||
- set_fact:
|
||||
cloud_instance_ip: "{{ do.droplet.ip_address }}"
|
||||
ansible_ssh_user: root
|
||||
|
||||
- name: Tag the droplet
|
||||
digital_ocean_tag:
|
||||
name: "Environment:Algo"
|
||||
resource_id: "{{ do.droplet.id }}"
|
||||
api_token: "{{ algo_do_token }}"
|
||||
state: present
|
||||
|
||||
- block:
|
||||
- name: "Delete the new Algo SSH key"
|
||||
digital_ocean:
|
||||
state: present
|
||||
state: absent
|
||||
command: ssh
|
||||
ssh_pub_key: "{{ public_key }}"
|
||||
api_token: "{{ algo_do_token }}"
|
||||
name: "{{ SSH_keys.comment }}"
|
||||
register: do_ssh_key
|
||||
register: ssh_keys
|
||||
until: ssh_keys.changed != true
|
||||
retries: 10
|
||||
delay: 1
|
||||
|
||||
- name: "Creating a droplet..."
|
||||
rescue:
|
||||
- name: Collect the fail error
|
||||
digital_ocean:
|
||||
state: present
|
||||
command: droplet
|
||||
name: "{{ algo_server_name }}"
|
||||
region_id: "{{ algo_do_region }}"
|
||||
size_id: "{{ cloud_providers.digitalocean.size }}"
|
||||
image_id: "{{ cloud_providers.digitalocean.image }}"
|
||||
ssh_key_ids: "{{ do_ssh_key.ssh_key.id }}"
|
||||
unique_name: yes
|
||||
api_token: "{{ algo_do_token }}"
|
||||
ipv6: yes
|
||||
register: do
|
||||
|
||||
- set_fact:
|
||||
cloud_instance_ip: "{{ do.droplet.ip_address }}"
|
||||
ansible_ssh_user: root
|
||||
|
||||
- name: Tag the droplet
|
||||
digital_ocean_tag:
|
||||
name: "Environment:Algo"
|
||||
resource_id: "{{ do.droplet.id }}"
|
||||
state: absent
|
||||
command: ssh
|
||||
api_token: "{{ algo_do_token }}"
|
||||
state: present
|
||||
|
||||
- block:
|
||||
- name: "Delete the new Algo SSH key"
|
||||
digital_ocean:
|
||||
state: absent
|
||||
command: ssh
|
||||
api_token: "{{ algo_do_token }}"
|
||||
name: "{{ SSH_keys.comment }}"
|
||||
register: ssh_keys
|
||||
until: ssh_keys.changed != true
|
||||
retries: 10
|
||||
delay: 1
|
||||
|
||||
rescue:
|
||||
- name: Collect the fail error
|
||||
digital_ocean:
|
||||
state: absent
|
||||
command: ssh
|
||||
api_token: "{{ algo_do_token }}"
|
||||
name: "{{ SSH_keys.comment }}"
|
||||
register: ssh_keys
|
||||
ignore_errors: yes
|
||||
name: "{{ SSH_keys.comment }}"
|
||||
register: ssh_keys
|
||||
ignore_errors: yes
|
||||
|
||||
- debug: var=ssh_keys
|
||||
- debug: var=ssh_keys
|
||||
|
||||
- fail:
|
||||
msg: "Please, ensure that your API token is not read-only."
|
||||
environment:
|
||||
PYTHONPATH: "{{ digitalocean_venv }}/lib/python2.7/site-packages/"
|
||||
rescue:
|
||||
- debug: var=fail_hint
|
||||
tags: always
|
||||
- fail:
|
||||
tags: always
|
||||
- fail:
|
||||
msg: "Please, ensure that your API token is not read-only."
|
||||
environment:
|
||||
PYTHONPATH: "{{ digitalocean_venv }}/lib/python2.7/site-packages/"
|
||||
|
@ -1,48 +1,43 @@
|
||||
- block:
|
||||
- name: Build python virtual environment
|
||||
import_tasks: venv.yml
|
||||
---
|
||||
- name: Build python virtual environment
|
||||
import_tasks: venv.yml
|
||||
|
||||
- block:
|
||||
- name: Include prompts
|
||||
import_tasks: prompts.yml
|
||||
- block:
|
||||
- name: Include prompts
|
||||
import_tasks: prompts.yml
|
||||
|
||||
- set_fact:
|
||||
algo_region: >-
|
||||
{% if region is defined %}{{ region }}
|
||||
{%- elif _algo_region.user_input is defined and _algo_region.user_input != "" %}{{ aws_regions[_algo_region.user_input | int -1 ]['region_name'] }}
|
||||
{%- else %}{{ aws_regions[default_region | int - 1]['region_name'] }}{% endif %}
|
||||
stack_name: "{{ algo_server_name | replace('.', '-') }}"
|
||||
- set_fact:
|
||||
algo_region: >-
|
||||
{% if region is defined %}{{ region }}
|
||||
{%- elif _algo_region.user_input is defined and _algo_region.user_input != "" %}{{ aws_regions[_algo_region.user_input | int -1 ]['region_name'] }}
|
||||
{%- else %}{{ aws_regions[default_region | int - 1]['region_name'] }}{% endif %}
|
||||
stack_name: "{{ algo_server_name | replace('.', '-') }}"
|
||||
|
||||
- name: Locate official AMI for region
|
||||
ec2_ami_facts:
|
||||
aws_access_key: "{{ access_key }}"
|
||||
aws_secret_key: "{{ secret_key }}"
|
||||
owners: "{{ cloud_providers.ec2.image.owner }}"
|
||||
region: "{{ algo_region }}"
|
||||
filters:
|
||||
name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*"
|
||||
register: ami_search
|
||||
- name: Locate official AMI for region
|
||||
ec2_ami_facts:
|
||||
aws_access_key: "{{ access_key }}"
|
||||
aws_secret_key: "{{ secret_key }}"
|
||||
owners: "{{ cloud_providers.ec2.image.owner }}"
|
||||
region: "{{ algo_region }}"
|
||||
filters:
|
||||
name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*"
|
||||
register: ami_search
|
||||
|
||||
- import_tasks: encrypt_image.yml
|
||||
when: encrypted
|
||||
- import_tasks: encrypt_image.yml
|
||||
when: encrypted
|
||||
|
||||
- name: Set the ami id as a fact
|
||||
set_fact:
|
||||
ami_image: >-
|
||||
{% if ami_search_encrypted.image_id is defined %}{{ ami_search_encrypted.image_id }}
|
||||
{%- elif search_crypt.images is defined and search_crypt.images|length >= 1 %}{{ (search_crypt.images | sort(attribute='creation_date') | last)['image_id'] }}
|
||||
{%- else %}{{ (ami_search.images | sort(attribute='creation_date') | last)['image_id'] }}{% endif %}
|
||||
- name: Set the ami id as a fact
|
||||
set_fact:
|
||||
ami_image: >-
|
||||
{% if ami_search_encrypted.image_id is defined %}{{ ami_search_encrypted.image_id }}
|
||||
{%- elif search_crypt.images is defined and search_crypt.images|length >= 1 %}{{ (search_crypt.images | sort(attribute='creation_date') | last)['image_id'] }}
|
||||
{%- else %}{{ (ami_search.images | sort(attribute='creation_date') | last)['image_id'] }}{% endif %}
|
||||
|
||||
- name: Deploy the stack
|
||||
import_tasks: cloudformation.yml
|
||||
- name: Deploy the stack
|
||||
import_tasks: cloudformation.yml
|
||||
|
||||
- set_fact:
|
||||
cloud_instance_ip: "{{ stack.stack_outputs.ElasticIP }}"
|
||||
ansible_ssh_user: ubuntu
|
||||
environment:
|
||||
PYTHONPATH: "{{ ec2_venv }}/lib/python2.7/site-packages/"
|
||||
rescue:
|
||||
- debug: var=fail_hint
|
||||
tags: always
|
||||
- fail:
|
||||
tags: always
|
||||
- set_fact:
|
||||
cloud_instance_ip: "{{ stack.stack_outputs.ElasticIP }}"
|
||||
ansible_ssh_user: ubuntu
|
||||
environment:
|
||||
PYTHONPATH: "{{ ec2_venv }}/lib/python2.7/site-packages/"
|
||||
|
@ -1,62 +1,57 @@
|
||||
- block:
|
||||
- name: Build python virtual environment
|
||||
import_tasks: venv.yml
|
||||
---
|
||||
- name: Build python virtual environment
|
||||
import_tasks: venv.yml
|
||||
|
||||
- block:
|
||||
- name: Include prompts
|
||||
import_tasks: prompts.yml
|
||||
- block:
|
||||
- name: Include prompts
|
||||
import_tasks: prompts.yml
|
||||
|
||||
- name: Network configured
|
||||
gce_net:
|
||||
name: "{{ algo_server_name }}"
|
||||
fwname: "{{ algo_server_name }}-fw"
|
||||
allowed: "udp:500,4500,{{ wireguard_port }};tcp:22"
|
||||
state: "present"
|
||||
mode: auto
|
||||
src_range: 0.0.0.0/0
|
||||
service_account_email: "{{ service_account_email }}"
|
||||
credentials_file: "{{ credentials_file_path }}"
|
||||
project_id: "{{ project_id }}"
|
||||
- name: Network configured
|
||||
gce_net:
|
||||
name: "{{ algo_server_name }}"
|
||||
fwname: "{{ algo_server_name }}-fw"
|
||||
allowed: "udp:500,4500,{{ wireguard_port }};tcp:22"
|
||||
state: "present"
|
||||
mode: auto
|
||||
src_range: 0.0.0.0/0
|
||||
service_account_email: "{{ service_account_email }}"
|
||||
credentials_file: "{{ credentials_file_path }}"
|
||||
project_id: "{{ project_id }}"
|
||||
|
||||
- block:
|
||||
- name: External IP allocated
|
||||
gce_eip:
|
||||
service_account_email: "{{ service_account_email }}"
|
||||
credentials_file: "{{ credentials_file_path }}"
|
||||
project_id: "{{ project_id }}"
|
||||
name: "{{ algo_server_name }}"
|
||||
region: "{{ algo_region.split('-')[0:2] | join('-') }}"
|
||||
state: present
|
||||
register: gce_eip
|
||||
- block:
|
||||
- name: External IP allocated
|
||||
gce_eip:
|
||||
service_account_email: "{{ service_account_email }}"
|
||||
credentials_file: "{{ credentials_file_path }}"
|
||||
project_id: "{{ project_id }}"
|
||||
name: "{{ algo_server_name }}"
|
||||
region: "{{ algo_region.split('-')[0:2] | join('-') }}"
|
||||
state: present
|
||||
register: gce_eip
|
||||
|
||||
- name: Set External IP as a fact
|
||||
set_fact:
|
||||
external_ip: "{{ gce_eip.address }}"
|
||||
when: cloud_providers.gce.external_static_ip
|
||||
- name: Set External IP as a fact
|
||||
set_fact:
|
||||
external_ip: "{{ gce_eip.address }}"
|
||||
when: cloud_providers.gce.external_static_ip
|
||||
|
||||
- name: "Creating a new instance..."
|
||||
gce:
|
||||
instance_names: "{{ algo_server_name }}"
|
||||
zone: "{{ algo_region }}"
|
||||
external_ip: "{{ external_ip | default('ephemeral') }}"
|
||||
machine_type: "{{ cloud_providers.gce.size }}"
|
||||
image: "{{ cloud_providers.gce.image }}"
|
||||
service_account_email: "{{ service_account_email }}"
|
||||
credentials_file: "{{ credentials_file_path }}"
|
||||
project_id: "{{ project_id }}"
|
||||
metadata: '{"ssh-keys":"ubuntu:{{ ssh_public_key_lookup }}"}'
|
||||
network: "{{ algo_server_name }}"
|
||||
tags:
|
||||
- "environment-algo"
|
||||
register: google_vm
|
||||
- name: "Creating a new instance..."
|
||||
gce:
|
||||
instance_names: "{{ algo_server_name }}"
|
||||
zone: "{{ algo_region }}"
|
||||
external_ip: "{{ external_ip | default('ephemeral') }}"
|
||||
machine_type: "{{ cloud_providers.gce.size }}"
|
||||
image: "{{ cloud_providers.gce.image }}"
|
||||
service_account_email: "{{ service_account_email }}"
|
||||
credentials_file: "{{ credentials_file_path }}"
|
||||
project_id: "{{ project_id }}"
|
||||
metadata: '{"ssh-keys":"ubuntu:{{ ssh_public_key_lookup }}"}'
|
||||
network: "{{ algo_server_name }}"
|
||||
tags:
|
||||
- "environment-algo"
|
||||
register: google_vm
|
||||
|
||||
- set_fact:
|
||||
cloud_instance_ip: "{{ google_vm.instance_data[0].public_ip }}"
|
||||
ansible_ssh_user: ubuntu
|
||||
environment:
|
||||
PYTHONPATH: "{{ gce_venv }}/lib/python2.7/site-packages/"
|
||||
rescue:
|
||||
- debug: var=fail_hint
|
||||
tags: always
|
||||
- fail:
|
||||
tags: always
|
||||
- set_fact:
|
||||
cloud_instance_ip: "{{ google_vm.instance_data[0].public_ip }}"
|
||||
ansible_ssh_user: ubuntu
|
||||
environment:
|
||||
PYTHONPATH: "{{ gce_venv }}/lib/python2.7/site-packages/"
|
||||
|
@ -1,50 +1,44 @@
|
||||
- block:
|
||||
- name: Build python virtual environment
|
||||
import_tasks: venv.yml
|
||||
|
||||
- block:
|
||||
- name: Include prompts
|
||||
import_tasks: prompts.yml
|
||||
---
|
||||
- name: Build python virtual environment
|
||||
import_tasks: venv.yml
|
||||
|
||||
- name: Create an instance
|
||||
lightsail:
|
||||
aws_access_key: "{{ access_key }}"
|
||||
aws_secret_key: "{{ secret_key }}"
|
||||
name: "{{ algo_server_name }}"
|
||||
state: present
|
||||
region: "{{ algo_region }}"
|
||||
zone: "{{ algo_region }}a"
|
||||
blueprint_id: "{{ cloud_providers.lightsail.image }}"
|
||||
bundle_id: "{{ cloud_providers.lightsail.size }}"
|
||||
wait_timeout: 300
|
||||
open_ports:
|
||||
- from_port: 4500
|
||||
to_port: 4500
|
||||
protocol: udp
|
||||
- from_port: 500
|
||||
to_port: 500
|
||||
protocol: udp
|
||||
- from_port: "{{ wireguard_port }}"
|
||||
to_port: "{{ wireguard_port }}"
|
||||
protocol: udp
|
||||
user_data: |
|
||||
#!/bin/bash
|
||||
mkdir -p /home/ubuntu/.ssh/
|
||||
echo "{{ lookup('file', '{{ SSH_keys.public }}') }}" >> /home/ubuntu/.ssh/authorized_keys
|
||||
chown -R ubuntu: /home/ubuntu/.ssh/
|
||||
chmod 0700 /home/ubuntu/.ssh/
|
||||
chmod 0600 /home/ubuntu/.ssh/*
|
||||
test
|
||||
register: algo_instance
|
||||
- block:
|
||||
- name: Include prompts
|
||||
import_tasks: prompts.yml
|
||||
|
||||
- set_fact:
|
||||
cloud_instance_ip: "{{ algo_instance['instance']['public_ip_address'] }}"
|
||||
ansible_ssh_user: ubuntu
|
||||
environment:
|
||||
PYTHONPATH: "{{ lightsail_venv }}/lib/python2.7/site-packages/"
|
||||
- name: Create an instance
|
||||
lightsail:
|
||||
aws_access_key: "{{ access_key }}"
|
||||
aws_secret_key: "{{ secret_key }}"
|
||||
name: "{{ algo_server_name }}"
|
||||
state: present
|
||||
region: "{{ algo_region }}"
|
||||
zone: "{{ algo_region }}a"
|
||||
blueprint_id: "{{ cloud_providers.lightsail.image }}"
|
||||
bundle_id: "{{ cloud_providers.lightsail.size }}"
|
||||
wait_timeout: 300
|
||||
open_ports:
|
||||
- from_port: 4500
|
||||
to_port: 4500
|
||||
protocol: udp
|
||||
- from_port: 500
|
||||
to_port: 500
|
||||
protocol: udp
|
||||
- from_port: "{{ wireguard_port }}"
|
||||
to_port: "{{ wireguard_port }}"
|
||||
protocol: udp
|
||||
user_data: |
|
||||
#!/bin/bash
|
||||
mkdir -p /home/ubuntu/.ssh/
|
||||
echo "{{ lookup('file', '{{ SSH_keys.public }}') }}" >> /home/ubuntu/.ssh/authorized_keys
|
||||
chown -R ubuntu: /home/ubuntu/.ssh/
|
||||
chmod 0700 /home/ubuntu/.ssh/
|
||||
chmod 0600 /home/ubuntu/.ssh/*
|
||||
test
|
||||
register: algo_instance
|
||||
|
||||
rescue:
|
||||
- debug: var=fail_hint
|
||||
tags: always
|
||||
- fail:
|
||||
tags: always
|
||||
- set_fact:
|
||||
cloud_instance_ip: "{{ algo_instance['instance']['public_ip_address'] }}"
|
||||
ansible_ssh_user: ubuntu
|
||||
environment:
|
||||
PYTHONPATH: "{{ lightsail_venv }}/lib/python2.7/site-packages/"
|
||||
|
@ -1,140 +1,133 @@
|
||||
- block:
|
||||
- name: Include prompts
|
||||
import_tasks: prompts.yml
|
||||
- name: Include prompts
|
||||
import_tasks: prompts.yml
|
||||
|
||||
- name: Set disk size
|
||||
set_fact:
|
||||
server_disk_size: 50000000000
|
||||
- name: Set disk size
|
||||
set_fact:
|
||||
server_disk_size: 50000000000
|
||||
|
||||
- name: Check server size
|
||||
set_fact:
|
||||
server_disk_size: 25000000000
|
||||
when: cloud_providers.scaleway.size == "START1-XS"
|
||||
- name: Check server size
|
||||
set_fact:
|
||||
server_disk_size: 25000000000
|
||||
when: cloud_providers.scaleway.size == "START1-XS"
|
||||
|
||||
- name: Check if server exists
|
||||
uri:
|
||||
url: "https://cp-{{ algo_region }}.scaleway.com/servers"
|
||||
method: GET
|
||||
headers:
|
||||
Content-Type: 'application/json'
|
||||
X-Auth-Token: "{{ algo_scaleway_token }}"
|
||||
status_code: 200
|
||||
register: scaleway_servers
|
||||
|
||||
- name: Set server id as a fact
|
||||
set_fact:
|
||||
server_id: "{{ item.id }}"
|
||||
no_log: true
|
||||
when: algo_server_name == item.name
|
||||
with_items: "{{ scaleway_servers.json.servers }}"
|
||||
|
||||
- name: Check if server exists
|
||||
- name: Create a server if it doesn't exist
|
||||
block:
|
||||
- name: Get the organization id
|
||||
uri:
|
||||
url: "https://cp-{{ algo_region }}.scaleway.com/servers"
|
||||
url: https://account.cloud.online.net/organizations
|
||||
method: GET
|
||||
headers:
|
||||
Content-Type: 'application/json'
|
||||
X-Auth-Token: "{{ algo_scaleway_token }}"
|
||||
status_code: 200
|
||||
register: scaleway_servers
|
||||
register: scaleway_organizations
|
||||
|
||||
- name: Set server id as a fact
|
||||
- name: Set organization id as a fact
|
||||
set_fact:
|
||||
server_id: "{{ item.id }}"
|
||||
organization_id: "{{ item.id }}"
|
||||
no_log: true
|
||||
when: algo_server_name == item.name
|
||||
with_items: "{{ scaleway_servers.json.servers }}"
|
||||
|
||||
- name: Create a server if it doesn't exist
|
||||
block:
|
||||
- name: Get the organization id
|
||||
uri:
|
||||
url: https://account.cloud.online.net/organizations
|
||||
method: GET
|
||||
headers:
|
||||
Content-Type: 'application/json'
|
||||
X-Auth-Token: "{{ algo_scaleway_token }}"
|
||||
status_code: 200
|
||||
register: scaleway_organizations
|
||||
|
||||
- name: Set organization id as a fact
|
||||
set_fact:
|
||||
organization_id: "{{ item.id }}"
|
||||
no_log: true
|
||||
when: algo_scaleway_org == item.name
|
||||
with_items: "{{ scaleway_organizations.json.organizations }}"
|
||||
|
||||
- name: Get total count of images
|
||||
uri:
|
||||
url: "https://cp-{{ algo_region }}.scaleway.com/images"
|
||||
method: GET
|
||||
headers:
|
||||
Content-Type: 'application/json'
|
||||
X-Auth-Token: "{{ algo_scaleway_token }}"
|
||||
status_code: 200
|
||||
register: scaleway_pages
|
||||
when: algo_scaleway_org == item.name
|
||||
with_items: "{{ scaleway_organizations.json.organizations }}"
|
||||
|
||||
- name: Get images
|
||||
uri:
|
||||
url: "https://cp-{{ algo_region }}.scaleway.com/images?per_page=100&page={{ item }}"
|
||||
method: GET
|
||||
headers:
|
||||
Content-Type: 'application/json'
|
||||
X-Auth-Token: "{{ algo_scaleway_token }}"
|
||||
status_code: 200
|
||||
register: scaleway_images
|
||||
with_sequence: start=1 end={{ ((scaleway_pages.x_total_count|int / 100)| round )|int }}
|
||||
|
||||
- name: Set image id as a fact
|
||||
include_tasks: image_facts.yml
|
||||
with_items: "{{ scaleway_images['results'] }}"
|
||||
loop_control:
|
||||
loop_var: outer_item
|
||||
|
||||
- name: Create a server
|
||||
uri:
|
||||
url: "https://cp-{{ algo_region }}.scaleway.com/servers/"
|
||||
method: POST
|
||||
headers:
|
||||
Content-Type: 'application/json'
|
||||
X-Auth-Token: "{{ algo_scaleway_token }}"
|
||||
body:
|
||||
organization: "{{ organization_id }}"
|
||||
name: "{{ algo_server_name }}"
|
||||
image: "{{ image_id }}"
|
||||
commercial_type: "{{cloud_providers.scaleway.size }}"
|
||||
enable_ipv6: true
|
||||
boot_type: local
|
||||
tags:
|
||||
- Environment:Algo
|
||||
- AUTHORIZED_KEY={{ lookup('file', SSH_keys.public)|regex_replace(' ', '_') }}
|
||||
status_code: 201
|
||||
body_format: json
|
||||
register: algo_instance
|
||||
|
||||
- name: Set server id as a fact
|
||||
set_fact:
|
||||
server_id: "{{ algo_instance.json.server.id }}"
|
||||
when: server_id is not defined
|
||||
|
||||
- name: Power on the server
|
||||
- name: Get total count of images
|
||||
uri:
|
||||
url: https://cp-{{ algo_region }}.scaleway.com/servers/{{ server_id }}/action
|
||||
method: POST
|
||||
url: "https://cp-{{ algo_region }}.scaleway.com/images"
|
||||
method: GET
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
Content-Type: 'application/json'
|
||||
X-Auth-Token: "{{ algo_scaleway_token }}"
|
||||
body:
|
||||
action: poweron
|
||||
status_code: 202
|
||||
body_format: json
|
||||
ignore_errors: true
|
||||
no_log: true
|
||||
status_code: 200
|
||||
register: scaleway_pages
|
||||
|
||||
- name: Wait for the server to become running
|
||||
- name: Get images
|
||||
uri:
|
||||
url: "https://cp-{{ algo_region }}.scaleway.com/servers/{{ server_id }}"
|
||||
url: "https://cp-{{ algo_region }}.scaleway.com/images?per_page=100&page={{ item }}"
|
||||
method: GET
|
||||
headers:
|
||||
Content-Type: 'application/json'
|
||||
X-Auth-Token: "{{ algo_scaleway_token }}"
|
||||
status_code: 200
|
||||
until:
|
||||
- algo_instance.json.server.state is defined
|
||||
- algo_instance.json.server.state == "running"
|
||||
retries: 20
|
||||
delay: 30
|
||||
register: scaleway_images
|
||||
with_sequence: start=1 end={{ ((scaleway_pages.x_total_count|int / 100)| round )|int }}
|
||||
|
||||
- name: Set image id as a fact
|
||||
include_tasks: image_facts.yml
|
||||
with_items: "{{ scaleway_images['results'] }}"
|
||||
loop_control:
|
||||
loop_var: outer_item
|
||||
|
||||
- name: Create a server
|
||||
uri:
|
||||
url: "https://cp-{{ algo_region }}.scaleway.com/servers/"
|
||||
method: POST
|
||||
headers:
|
||||
Content-Type: 'application/json'
|
||||
X-Auth-Token: "{{ algo_scaleway_token }}"
|
||||
body:
|
||||
organization: "{{ organization_id }}"
|
||||
name: "{{ algo_server_name }}"
|
||||
image: "{{ image_id }}"
|
||||
commercial_type: "{{cloud_providers.scaleway.size }}"
|
||||
enable_ipv6: true
|
||||
boot_type: local
|
||||
tags:
|
||||
- Environment:Algo
|
||||
- AUTHORIZED_KEY={{ lookup('file', SSH_keys.public)|regex_replace(' ', '_') }}
|
||||
status_code: 201
|
||||
body_format: json
|
||||
register: algo_instance
|
||||
|
||||
- set_fact:
|
||||
cloud_instance_ip: "{{ algo_instance['json']['server']['public_ip']['address'] }}"
|
||||
ansible_ssh_user: root
|
||||
- name: Set server id as a fact
|
||||
set_fact:
|
||||
server_id: "{{ algo_instance.json.server.id }}"
|
||||
when: server_id is not defined
|
||||
|
||||
- name: Power on the server
|
||||
uri:
|
||||
url: https://cp-{{ algo_region }}.scaleway.com/servers/{{ server_id }}/action
|
||||
method: POST
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
X-Auth-Token: "{{ algo_scaleway_token }}"
|
||||
body:
|
||||
action: poweron
|
||||
status_code: 202
|
||||
body_format: json
|
||||
ignore_errors: true
|
||||
no_log: true
|
||||
|
||||
- name: Wait for the server to become running
|
||||
uri:
|
||||
url: "https://cp-{{ algo_region }}.scaleway.com/servers/{{ server_id }}"
|
||||
method: GET
|
||||
headers:
|
||||
Content-Type: 'application/json'
|
||||
X-Auth-Token: "{{ algo_scaleway_token }}"
|
||||
status_code: 200
|
||||
until:
|
||||
- algo_instance.json.server.state is defined
|
||||
- algo_instance.json.server.state == "running"
|
||||
retries: 20
|
||||
delay: 30
|
||||
register: algo_instance
|
||||
|
||||
rescue:
|
||||
- debug: var=fail_hint
|
||||
tags: always
|
||||
- fail:
|
||||
tags: always
|
||||
- set_fact:
|
||||
cloud_instance_ip: "{{ algo_instance['json']['server']['public_ip']['address'] }}"
|
||||
ansible_ssh_user: root
|
||||
|
@ -1,32 +1,26 @@
|
||||
---
|
||||
- block:
|
||||
- name: Check the system
|
||||
raw: uname -a
|
||||
register: OS
|
||||
tags:
|
||||
- update-users
|
||||
- name: Check the system
|
||||
raw: uname -a
|
||||
register: OS
|
||||
tags:
|
||||
- update-users
|
||||
|
||||
- include_tasks: ubuntu.yml
|
||||
when: '"Ubuntu" in OS.stdout or "Linux" in OS.stdout'
|
||||
tags:
|
||||
- update-users
|
||||
- include_tasks: ubuntu.yml
|
||||
when: '"Ubuntu" in OS.stdout or "Linux" in OS.stdout'
|
||||
tags:
|
||||
- update-users
|
||||
|
||||
- include_tasks: freebsd.yml
|
||||
when: '"FreeBSD" in OS.stdout'
|
||||
tags:
|
||||
- update-users
|
||||
- include_tasks: freebsd.yml
|
||||
when: '"FreeBSD" in OS.stdout'
|
||||
tags:
|
||||
- update-users
|
||||
|
||||
- name: Sysctl tuning
|
||||
sysctl: name="{{ item.item }}" value="{{ item.value }}"
|
||||
when: item.item != ""
|
||||
with_items:
|
||||
- "{{ sysctl|default([]) }}"
|
||||
tags:
|
||||
- always
|
||||
- name: Sysctl tuning
|
||||
sysctl: name="{{ item.item }}" value="{{ item.value }}"
|
||||
when: item.item != ""
|
||||
with_items:
|
||||
- "{{ sysctl|default([]) }}"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- meta: flush_handlers
|
||||
rescue:
|
||||
- debug: var=fail_hint
|
||||
tags: always
|
||||
- fail:
|
||||
tags: always
|
||||
- meta: flush_handlers
|
||||
|
@ -1,52 +1,46 @@
|
||||
---
|
||||
- block:
|
||||
- name: Dnsmasq installed
|
||||
package: name=dnsmasq
|
||||
|
||||
- name: The dnsmasq directory created
|
||||
file: dest=/var/lib/dnsmasq state=directory mode=0755 owner=dnsmasq group=nogroup
|
||||
|
||||
- include_tasks: ubuntu.yml
|
||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||
|
||||
- include_tasks: freebsd.yml
|
||||
when: ansible_distribution == 'FreeBSD'
|
||||
|
||||
- name: Dnsmasq configured
|
||||
template:
|
||||
src: dnsmasq.conf.j2
|
||||
dest: "{{ config_prefix|default('/') }}etc/dnsmasq.conf"
|
||||
notify:
|
||||
- restart dnsmasq
|
||||
|
||||
- name: Adblock script created
|
||||
template:
|
||||
src: adblock.sh.j2
|
||||
dest: /usr/local/sbin/adblock.sh
|
||||
owner: root
|
||||
group: "{{ root_group|default('root') }}"
|
||||
mode: 0755
|
||||
|
||||
- name: Adblock script added to cron
|
||||
cron:
|
||||
name: Adblock hosts update
|
||||
minute: "{{ range(0, 60) | random }}"
|
||||
hour: "{{ range(0, 24) | random }}"
|
||||
job: /usr/local/sbin/adblock.sh
|
||||
user: root
|
||||
|
||||
- name: Update adblock hosts
|
||||
command: /usr/local/sbin/adblock.sh
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
- name: Dnsmasq enabled and started
|
||||
service:
|
||||
name: dnsmasq
|
||||
state: started
|
||||
enabled: yes
|
||||
rescue:
|
||||
- debug: var=fail_hint
|
||||
tags: always
|
||||
- fail:
|
||||
tags: always
|
||||
- name: Dnsmasq installed
|
||||
package: name=dnsmasq
|
||||
|
||||
- name: The dnsmasq directory created
|
||||
file: dest=/var/lib/dnsmasq state=directory mode=0755 owner=dnsmasq group=nogroup
|
||||
|
||||
- include_tasks: ubuntu.yml
|
||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||
|
||||
- include_tasks: freebsd.yml
|
||||
when: ansible_distribution == 'FreeBSD'
|
||||
|
||||
- name: Dnsmasq configured
|
||||
template:
|
||||
src: dnsmasq.conf.j2
|
||||
dest: "{{ config_prefix|default('/') }}etc/dnsmasq.conf"
|
||||
notify:
|
||||
- restart dnsmasq
|
||||
|
||||
- name: Adblock script created
|
||||
template:
|
||||
src: adblock.sh.j2
|
||||
dest: /usr/local/sbin/adblock.sh
|
||||
owner: root
|
||||
group: "{{ root_group|default('root') }}"
|
||||
mode: 0755
|
||||
|
||||
- name: Adblock script added to cron
|
||||
cron:
|
||||
name: Adblock hosts update
|
||||
minute: "{{ range(0, 60) | random }}"
|
||||
hour: "{{ range(0, 24) | random }}"
|
||||
job: /usr/local/sbin/adblock.sh
|
||||
user: root
|
||||
|
||||
- name: Update adblock hosts
|
||||
command: /usr/local/sbin/adblock.sh
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
- name: Dnsmasq enabled and started
|
||||
service:
|
||||
name: dnsmasq
|
||||
state: started
|
||||
enabled: yes
|
||||
|
@ -1,10 +1,3 @@
|
||||
---
|
||||
- block:
|
||||
- name: Include prompts
|
||||
import_tasks: prompts.yml
|
||||
|
||||
rescue:
|
||||
- debug: var=fail_hint
|
||||
tags: always
|
||||
- fail:
|
||||
tags: always
|
||||
- name: Include prompts
|
||||
import_tasks: prompts.yml
|
||||
|
@ -1,120 +1,114 @@
|
||||
---
|
||||
- block:
|
||||
- name: Ensure that the sshd_config file has desired options
|
||||
blockinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
marker: '# {mark} ANSIBLE MANAGED BLOCK ssh_tunneling_role'
|
||||
block: |
|
||||
Match Group algo
|
||||
AllowTcpForwarding local
|
||||
AllowAgentForwarding no
|
||||
AllowStreamLocalForwarding no
|
||||
PermitTunnel no
|
||||
X11Forwarding no
|
||||
notify:
|
||||
- restart ssh
|
||||
- name: Ensure that the sshd_config file has desired options
|
||||
blockinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
marker: '# {mark} ANSIBLE MANAGED BLOCK ssh_tunneling_role'
|
||||
block: |
|
||||
Match Group algo
|
||||
AllowTcpForwarding local
|
||||
AllowAgentForwarding no
|
||||
AllowStreamLocalForwarding no
|
||||
PermitTunnel no
|
||||
X11Forwarding no
|
||||
notify:
|
||||
- restart ssh
|
||||
|
||||
- name: Ensure that the algo group exist
|
||||
group: name=algo state=present
|
||||
- name: Ensure that the algo group exist
|
||||
group: name=algo state=present
|
||||
|
||||
- name: Ensure that the jail directory exist
|
||||
file:
|
||||
path: /var/jail/
|
||||
state: directory
|
||||
mode: 0755
|
||||
owner: root
|
||||
group: "{{ root_group|default('root') }}"
|
||||
- name: Ensure that the jail directory exist
|
||||
file:
|
||||
path: /var/jail/
|
||||
state: directory
|
||||
mode: 0755
|
||||
owner: root
|
||||
group: "{{ root_group|default('root') }}"
|
||||
|
||||
- block:
|
||||
- name: Ensure that the SSH users exist
|
||||
user:
|
||||
name: "{{ item }}"
|
||||
groups: algo
|
||||
home: '/var/jail/{{ item }}'
|
||||
createhome: yes
|
||||
generate_ssh_key: false
|
||||
shell: /bin/false
|
||||
state: present
|
||||
append: yes
|
||||
with_items: "{{ users }}"
|
||||
- block:
|
||||
- name: Ensure that the SSH users exist
|
||||
user:
|
||||
name: "{{ item }}"
|
||||
groups: algo
|
||||
home: '/var/jail/{{ item }}'
|
||||
createhome: yes
|
||||
generate_ssh_key: false
|
||||
shell: /bin/false
|
||||
state: present
|
||||
append: yes
|
||||
with_items: "{{ users }}"
|
||||
|
||||
- block:
|
||||
- name: Clean up the ssh-tunnel directory
|
||||
file:
|
||||
dest: "{{ ssh_tunnels_config_path }}"
|
||||
state: absent
|
||||
when: keys_clean_all|bool == True
|
||||
- block:
|
||||
- name: Clean up the ssh-tunnel directory
|
||||
file:
|
||||
dest: "{{ ssh_tunnels_config_path }}"
|
||||
state: absent
|
||||
when: keys_clean_all|bool == True
|
||||
|
||||
- name: Ensure the config directories exist
|
||||
file:
|
||||
dest: "{{ ssh_tunnels_config_path }}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
mode: '0700'
|
||||
- name: Ensure the config directories exist
|
||||
file:
|
||||
dest: "{{ ssh_tunnels_config_path }}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
mode: '0700'
|
||||
|
||||
- name: Check if the private keys exist
|
||||
stat:
|
||||
path: "{{ ssh_tunnels_config_path }}/{{ item }}.pem"
|
||||
register: privatekey
|
||||
with_items: "{{ users }}"
|
||||
- name: Check if the private keys exist
|
||||
stat:
|
||||
path: "{{ ssh_tunnels_config_path }}/{{ item }}.pem"
|
||||
register: privatekey
|
||||
with_items: "{{ users }}"
|
||||
|
||||
- name: Build ssh private keys
|
||||
openssl_privatekey:
|
||||
path: "{{ ssh_tunnels_config_path }}/{{ item.item }}.pem"
|
||||
passphrase: "{{ p12_export_password }}"
|
||||
cipher: aes256
|
||||
force: false
|
||||
no_log: true
|
||||
when: not item.stat.exists
|
||||
with_items: "{{ privatekey.results }}"
|
||||
register: openssl_privatekey
|
||||
- name: Build ssh private keys
|
||||
openssl_privatekey:
|
||||
path: "{{ ssh_tunnels_config_path }}/{{ item.item }}.pem"
|
||||
passphrase: "{{ p12_export_password }}"
|
||||
cipher: aes256
|
||||
force: false
|
||||
no_log: true
|
||||
when: not item.stat.exists
|
||||
with_items: "{{ privatekey.results }}"
|
||||
register: openssl_privatekey
|
||||
|
||||
- name: Build ssh public keys
|
||||
openssl_publickey:
|
||||
path: "{{ ssh_tunnels_config_path }}/{{ item.item.item }}.pub"
|
||||
privatekey_path: "{{ ssh_tunnels_config_path }}/{{ item.item.item }}.pem"
|
||||
privatekey_passphrase: "{{ p12_export_password }}"
|
||||
format: OpenSSH
|
||||
force: true
|
||||
no_log: true
|
||||
when: item.changed
|
||||
with_items: "{{ openssl_privatekey.results }}"
|
||||
- name: Build ssh public keys
|
||||
openssl_publickey:
|
||||
path: "{{ ssh_tunnels_config_path }}/{{ item.item.item }}.pub"
|
||||
privatekey_path: "{{ ssh_tunnels_config_path }}/{{ item.item.item }}.pem"
|
||||
privatekey_passphrase: "{{ p12_export_password }}"
|
||||
format: OpenSSH
|
||||
force: true
|
||||
no_log: true
|
||||
when: item.changed
|
||||
with_items: "{{ openssl_privatekey.results }}"
|
||||
|
||||
- name: Build the client ssh config
|
||||
template:
|
||||
src: ssh_config.j2
|
||||
dest: "{{ ssh_tunnels_config_path }}/{{ item }}.ssh_config"
|
||||
mode: 0700
|
||||
with_items: "{{ users }}"
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
- name: Build the client ssh config
|
||||
template:
|
||||
src: ssh_config.j2
|
||||
dest: "{{ ssh_tunnels_config_path }}/{{ item }}.ssh_config"
|
||||
mode: 0700
|
||||
with_items: "{{ users }}"
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
|
||||
- name: The authorized keys file created
|
||||
authorized_key:
|
||||
user: "{{ item }}"
|
||||
key: "{{ lookup('file', ssh_tunnels_config_path + '/' + item + '.pub') }}"
|
||||
state: present
|
||||
manage_dir: true
|
||||
exclusive: true
|
||||
with_items: "{{ users }}"
|
||||
- name: The authorized keys file created
|
||||
authorized_key:
|
||||
user: "{{ item }}"
|
||||
key: "{{ lookup('file', ssh_tunnels_config_path + '/' + item + '.pub') }}"
|
||||
state: present
|
||||
manage_dir: true
|
||||
exclusive: true
|
||||
with_items: "{{ users }}"
|
||||
|
||||
- name: Get active users
|
||||
getent:
|
||||
database: group
|
||||
key: algo
|
||||
split: ':'
|
||||
- name: Get active users
|
||||
getent:
|
||||
database: group
|
||||
key: algo
|
||||
split: ':'
|
||||
|
||||
- name: Delete non-existing users
|
||||
user:
|
||||
name: "{{ item }}"
|
||||
state: absent
|
||||
remove: yes
|
||||
force: yes
|
||||
when: item not in users
|
||||
with_items: "{{ getent_group['algo'][2].split(',') }}"
|
||||
tags: update-users
|
||||
rescue:
|
||||
- debug: var=fail_hint
|
||||
tags: always
|
||||
- fail:
|
||||
tags: always
|
||||
- name: Delete non-existing users
|
||||
user:
|
||||
name: "{{ item }}"
|
||||
state: absent
|
||||
remove: yes
|
||||
force: yes
|
||||
when: item not in users
|
||||
with_items: "{{ getent_group['algo'][2].split(',') }}"
|
||||
tags: update-users
|
||||
|
@ -1,37 +1,31 @@
|
||||
---
|
||||
- block:
|
||||
- include_tasks: ubuntu.yml
|
||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||
- include_tasks: ubuntu.yml
|
||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||
|
||||
- name: Ensure that the strongswan user exist
|
||||
user:
|
||||
name: strongswan
|
||||
group: nogroup
|
||||
shell: "{{ strongswan_shell }}"
|
||||
home: "{{ strongswan_home }}"
|
||||
state: present
|
||||
- name: Ensure that the strongswan user exist
|
||||
user:
|
||||
name: strongswan
|
||||
group: nogroup
|
||||
shell: "{{ strongswan_shell }}"
|
||||
home: "{{ strongswan_home }}"
|
||||
state: present
|
||||
|
||||
- name: Install strongSwan
|
||||
package: name=strongswan state=present
|
||||
- name: Install strongSwan
|
||||
package: name=strongswan state=present
|
||||
|
||||
- import_tasks: ipsec_configuration.yml
|
||||
- import_tasks: openssl.yml
|
||||
tags: update-users
|
||||
- import_tasks: distribute_keys.yml
|
||||
- import_tasks: client_configs.yml
|
||||
delegate_to: localhost
|
||||
become: no
|
||||
tags: update-users
|
||||
- import_tasks: ipsec_configuration.yml
|
||||
- import_tasks: openssl.yml
|
||||
tags: update-users
|
||||
- import_tasks: distribute_keys.yml
|
||||
- import_tasks: client_configs.yml
|
||||
delegate_to: localhost
|
||||
become: no
|
||||
tags: update-users
|
||||
|
||||
- name: strongSwan started
|
||||
service:
|
||||
name: strongswan
|
||||
state: started
|
||||
enabled: true
|
||||
- name: strongSwan started
|
||||
service:
|
||||
name: strongswan
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- meta: flush_handlers
|
||||
rescue:
|
||||
- debug: var=fail_hint
|
||||
tags: always
|
||||
- fail:
|
||||
tags: always
|
||||
- meta: flush_handlers
|
||||
|
Loading…
Reference in New Issue