From 09bbc4058c287db52b65935c27bf8dfecc129b57 Mon Sep 17 00:00:00 2001 From: Kevin Cernekee Date: Sun, 6 Nov 2016 09:40:07 -0800 Subject: [PATCH 1/3] Add missing tags in common playbook If the common playbook is invoked with the "cloud" tag, non-cloud tasks will be skipped. On GCE this causes "Install tools" to be skipped, apparmor-utils is not installed, and then the "Enforcing ipsec with apparmor" step fails. --- roles/common/tasks/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 4b6e2ee..9cdb88d 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -2,9 +2,13 @@ - name: Gather Facts setup: + tags: + - always - name: Install software updates apt: update_cache=yes upgrade=dist + tags: + - cloud - name: Check if reboot is required shell: > @@ -43,6 +47,8 @@ with_items: - { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/login' } - { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/sshd' } + tags: + - cloud - name: Install tools apt: name="{{ item }}" state=latest @@ -55,24 +61,36 @@ - sendmail - iptables-persistent - cgroup-tools + tags: + - always - name: Loopback for services configured template: src=10-loopback-services.cfg.j2 dest=/etc/network/interfaces.d/10-loopback-services.cfg notify: - restart loopback + tags: + - always - name: Loopback included into the network config lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/10-loopback-services.cfg' state=present notify: - restart loopback + tags: + - always - meta: flush_handlers + tags: + - always - name: Enable packet forwarding for IPv4 sysctl: name="{{ item }}" value=1 with_items: - net.ipv4.ip_forward - net.ipv4.conf.all.forwarding + tags: + - always - name: Enable packet forwarding for IPv6 sysctl: name=net.ipv6.conf.all.forwarding value=1 + tags: + - always From 433389c0aba2dde05470e589e84c90bd8d59ae87 Mon Sep 17 00:00:00 2001 From: Kevin Cernekee Date: Sun, 6 Nov 2016 09:42:58 -0800 Subject: [PATCH 2/3] Use /var/run/reboot-required to determine if a restart is needed The current check only looks to see if a new kernel was installed. --- roles/common/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 9cdb88d..a5730ac 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -12,7 +12,7 @@ - name: Check if reboot is required shell: > - if [[ $(readlink -f /vmlinuz) != /boot/vmlinuz-$(uname -r) ]]; then echo "required"; else echo "no"; fi + if [[ -e /var/run/reboot-required ]]; then echo "required"; else echo "no"; fi args: executable: /bin/bash register: reboot_required From 27ea98e7a88d665e4f4b13c8f1cee2c37cfcd557 Mon Sep 17 00:00:00 2001 From: fkt Date: Sat, 26 Nov 2016 18:05:06 +0000 Subject: [PATCH 3/3] Show congrats message at the end - #115 --- deploy.yml | 15 +++++++++++++++ roles/vpn/handlers/main.yml | 12 ------------ roles/vpn/tasks/main.yml | 2 -- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/deploy.yml b/deploy.yml index 9fbf792..7fecd16 100644 --- a/deploy.yml +++ b/deploy.yml @@ -38,3 +38,18 @@ handlers: - name: reload eth0 shell: sh -c 'ifdown eth0; ip addr flush dev eth0; ifup eth0' + + post_tasks: + - shell: | + echo "#----------------------------------------------------------------------#" + echo "# Congratulations! #" + echo "# Your Algo server is running. #" + echo "# Config files and certificates are in the ./configs/ directory. #" + echo "# Go to https://whoer.net/ after connecting #" + echo "# and ensure that all your traffic passes through the VPN. #" + echo "# Local DNS resolver and Proxy IP address: {{ local_service_ip }}" + echo "#----------------------------------------------------------------------#" + tags: always + register: congrats + - debug: msg="{{ congrats.stdout_lines }}" + tags: always diff --git a/roles/vpn/handlers/main.yml b/roles/vpn/handlers/main.yml index 26ba6ff..32885b5 100644 --- a/roles/vpn/handlers/main.yml +++ b/roles/vpn/handlers/main.yml @@ -12,15 +12,3 @@ - name: restart iptables service: name=netfilter-persistent state=restarted - -- name: congrats - debug: - msg: - - "#----------------------------------------------------------------------#" - - "# Congratulations! #" - - "# Your Algo server is running. #" - - "# Config files and certificates are in the ./configs/ directory. #" - - "# Go to https://whoer.net/ after connecting #" - - "# and ensure that all your traffic passes through the VPN. #" - - "# Local DNS resolver and Proxy IP address: {{ local_service_ip }}" - - "#----------------------------------------------------------------------#" diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml index 6fff583..53734b7 100644 --- a/roles/vpn/tasks/main.yml +++ b/roles/vpn/tasks/main.yml @@ -222,8 +222,6 @@ - name: Fetch server CA certificate fetch: src=/{{ easyrsa_dir }}/easyrsa3/pki/ca.crt dest=configs/{{ IP_subject_alt_name }}_ca.crt flat=yes - notify: - - congrats - include: iptables.yml tags: iptables