Change template structure for grouping single source

924e6dff · Jupiter Hu · ab54a351 · 924e6dff · 924e6dff · 924e6dff
Commit 924e6dff authored 10 years ago by Jupiter Hu
--- a/README.md
+++ b/README.md
@@ -25,4 +25,5 @@ Here is an example task (taken from setting up karaage):
 We aim to make these roles run on all common linux platforms (both RedHat and Debian derived) but at the very least they should work on a CentOS 6 install.
-Inventory is not included.
+Yaml syntax can be checked at http://www.yamllint.com/
--- a/roles/easy-rsa-CA/templates/vars.j2
+++ b/roles/easy-rsa-CA/templates/vars.j2
@@ -61,12 +61,12 @@ export KEY_EXPIRE=3650
 # These are the default values for fields
 # which will be placed in the certificate.
 # Don't leave any of these fields blank.
-export KEY_COUNTRY={{ countryName }}
+export KEY_COUNTRY="AU"
-export KEY_PROVINCE={{ reginalName }} 
+export KEY_PROVINCE="Victoria"
-export KEY_CITY={{ cityName }} 
+export KEY_CITY="Melbourne"
-export KEY_ORG={{ organizationName }} 
+export KEY_ORG="Monash University"
-export KEY_EMAIL={{ emailAddress }} 
+export KEY_EMAIL="shahaan.ayyub@monash.edu"
-export KEY_OU={{ organizationUnit }}
+export KEY_OU="MCC-R@CMON"
 # X509 Subject Field
 export KEY_NAME="EasyRSA"

--- a/roles/easy-rsa-CA-client/tasks/copyConfigurationFile.yml
+++ b/roles/easy-rsa-CA-client/tasks/copyConfigurationFile.yml
@@ -7,6 +7,6 @@
        - userConfig
        - defaultConfig
      paths:
-        - ../../easy-rsa-CA/templates/
+        - ../../../templates/easy-rsa/
-        - /mnt/nectar-nfs/root/ansible-config-root/ansible_cluster_in_a_box/roles/easy-rsa-CA/files/
+        - ../files/
--- a/roles/easy-rsa-CA-server/files/defaultConfig
+++ b/roles/easy-rsa-CA-server/files/defaultConfig
+# easy-rsa parameter settings
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="/etc/easy-rsa/2.0"
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=512
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="AU"
+export KEY_PROVINCE="Victoria"
+export KEY_CITY="Melbourne"
+export KEY_ORG="Monash University"
+export KEY_EMAIL="shahaan.ayyub@monash.edu"
+export KEY_OU="MCC-R@CMON"
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
--- a/roles/easy-rsa-CA-server/tasks/copyConfigurationFile.yml
+++ b/roles/easy-rsa-CA-server/tasks/copyConfigurationFile.yml
@@ -7,6 +7,6 @@
        - userConfig
        - defaultConfig
      paths:
-        - ../../easy-rsa-CA/templates
+        - ../../../templates/easy-rsa/
-        - /mnt/nectar-nfs/root/ansible-config-root/ansible_cluster_in_a_box/roles/easy-rsa-CA/files
+        - ../files/
--- a/roles/easy-rsa-CA/files/defaultConfig
+++ b/roles/easy-rsa-CA/files/defaultConfig
+# easy-rsa parameter settings
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="/etc/easy-rsa/2.0"
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=512
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="AU"
+export KEY_PROVINCE="Victoria"
+export KEY_CITY="Melbourne"
+export KEY_ORG="Monash University"
+export KEY_EMAIL="shahaan.ayyub@monash.edu"
+export KEY_OU="MCC-R@CMON"
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
--- a/roles/easy-rsa-CA/tasks/copyConfigurationFile.yml
+++ b/roles/easy-rsa-CA/tasks/copyConfigurationFile.yml
@@ -7,6 +7,6 @@
        - userConfig
        - defaultConfig
      paths:
-        - ../templates
+        - ../../../templates/easy-rsa/
-        - /mnt/nectar-nfs/root/ansible-config-root/ansible_cluster_in_a_box/roles/easy-rsa-CA/files
+        - ../files/