From fd96f6866cb32c6f2fed24e3328447a1ac8c8bee Mon Sep 17 00:00:00 2001
From: shahaan <shahaan@gmail.com>
Date: Tue, 21 Oct 2014 15:47:26 +1100
Subject: [PATCH] Allowing remote delegation through rsync, neat...
---
roles/OpenVPN-Client/tasks/copyCerts.yml | 15 +++++++++------
roles/OpenVPN-Client/vars/main.yml | 2 --
roles/OpenVPN-Server/vars/main.yml | 4 ----
.../easy-rsa-CA-client/tasks/buildClientCert.yml | 4 ++--
roles/easy-rsa-CA-client/vars/main.yml | 3 ---
roles/easy-rsa-CA-server/vars/main.yml | 3 ---
roles/easy-rsa-CA/vars/main.yml | 3 ---
7 files changed, 11 insertions(+), 23 deletions(-)
diff --git a/roles/OpenVPN-Client/tasks/copyCerts.yml b/roles/OpenVPN-Client/tasks/copyCerts.yml
index 1f7416f..24a47f9 100644
--- a/roles/OpenVPN-Client/tasks/copyCerts.yml
+++ b/roles/OpenVPN-Client/tasks/copyCerts.yml
@@ -4,31 +4,34 @@
name: "Check if CA certificate exist"
register: CAcert
stat: path=/etc/easy-rsa/2.0/keys/ca.crt
- delegate_to: 127.0.0.1
+ delegate_to: "{{ server }}"
-
- copy: "src=/etc/easy-rsa/2.0/keys/ca.crt dest=/etc/openvpn/ca.crt owner=root group=root mode=644 force=yes"
+ synchronize: "src=/etc/easy-rsa/2.0/keys/ca.crt dest=/etc/openvpn/ca.crt mode=push rsync_path='sudo rsync'"
name: "Copying CA certificate"
when: "CAcert.stat.exists == true"
+ delegate_to: "{{ server }}"
-
failed_when: "ClientCert.stat.exists == false"
name: "Check if Client certificate exist"
register: ClientCert
stat: "path=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.crt"
- delegate_to: 127.0.0.1
+ delegate_to: "{{ server }}"
-
- copy: "src=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.crt dest=/etc/openvpn/{{ inventory_hostname }}.crt owner=root group=root mode=644 force=yes"
+ synchronize: "src=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.crt dest=/etc/openvpn/{{ inventory_hostname }}.crt rsync_path='sudo rsync' mode=push"
name: "Copying Client certificate"
when: "ClientCert.stat.exists == true"
+ delegate_to: "{{ server }}"
-
failed_when: "ClientKey.stat.exists == false"
name: "Check if Server key exist"
register: ClientKey
stat: "path=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.key"
- delegate_to: 127.0.0.1
+ delegate_to: "{{ server }}"
-
- copy: "src=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.key dest=/etc/openvpn/{{ inventory_hostname }}.key owner=root group=root mode=600 force=yes"
+ synchronize: "src=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.key dest=/etc/openvpn/{{ inventory_hostname }}.key mode=push rsync_path='sudo rsync'"
name: "Copying Client key"
when: "ClientKey.stat.exists == true"
+ delegate_to: "{{ server }}"
-
copy: "src=client.conf dest=/etc/openvpn/client.conf owner=root group=root mode=644"
name: "Copying client.conf to the OpenVPN client"
diff --git a/roles/OpenVPN-Client/vars/main.yml b/roles/OpenVPN-Client/vars/main.yml
index fcfcae3..e69de29 100644
--- a/roles/OpenVPN-Client/vars/main.yml
+++ b/roles/OpenVPN-Client/vars/main.yml
@@ -1,2 +0,0 @@
----
-server: "{{ ansible_nodename }}"
diff --git a/roles/OpenVPN-Server/vars/main.yml b/roles/OpenVPN-Server/vars/main.yml
index 9e36a34..e69de29 100644
--- a/roles/OpenVPN-Server/vars/main.yml
+++ b/roles/OpenVPN-Server/vars/main.yml
@@ -1,4 +0,0 @@
----
-ansible_ssh_user: "ec2-user"
-ansible_ssh_private_key_file: "/home/sgeadmin/.ssh/shahaan.pem"
-
diff --git a/roles/easy-rsa-CA-client/tasks/buildClientCert.yml b/roles/easy-rsa-CA-client/tasks/buildClientCert.yml
index 3536ba4..1b586ff 100644
--- a/roles/easy-rsa-CA-client/tasks/buildClientCert.yml
+++ b/roles/easy-rsa-CA-client/tasks/buildClientCert.yml
@@ -1,11 +1,11 @@
---
-
- delegate_to: "127.0.0.1"
+ delegate_to: "vm-118-138-240-224.erc.monash.edu.au"
name: "Check if certificate exist"
register: cert
stat: "path=/etc/easy-rsa/2.0/keys/{{ client }}.crt"
-
- delegate_to: "127.0.0.1"
+ delegate_to: "vm-118-138-240-224.erc.monash.edu.au"
name: "Creating Client certificate"
shell: ' cd /etc/easy-rsa/2.0; source ./vars; export EASY_RSA="${EASY_RSA:-.}"; "$EASY_RSA"/pkitool --csr {{ client }} ;"$EASY_RSA"/pkitool --sign {{ client }}'
diff --git a/roles/easy-rsa-CA-client/vars/main.yml b/roles/easy-rsa-CA-client/vars/main.yml
index 53a7406..77a2fd2 100644
--- a/roles/easy-rsa-CA-client/vars/main.yml
+++ b/roles/easy-rsa-CA-client/vars/main.yml
@@ -1,5 +1,2 @@
---
-ansible_ssh_private_key_file: /home/sgeadmin/.ssh/shahaan.pem
-ansible_ssh_user: ec2-user
client: "{{ inventory_hostname }}"
-server: "{{ ansible_nodename }}"
diff --git a/roles/easy-rsa-CA-server/vars/main.yml b/roles/easy-rsa-CA-server/vars/main.yml
index e7f31bc..4de6c09 100644
--- a/roles/easy-rsa-CA-server/vars/main.yml
+++ b/roles/easy-rsa-CA-server/vars/main.yml
@@ -1,5 +1,2 @@
---
-ansible_ssh_user: "ec2-user"
-ansible_ssh_private_key_file: "/home/sgeadmin/.ssh/shahaan.pem"
-server: "{{ inventory_hostname }}"
client: "{{ inventory_hostname }}"
diff --git a/roles/easy-rsa-CA/vars/main.yml b/roles/easy-rsa-CA/vars/main.yml
index e7f31bc..4de6c09 100644
--- a/roles/easy-rsa-CA/vars/main.yml
+++ b/roles/easy-rsa-CA/vars/main.yml
@@ -1,5 +1,2 @@
---
-ansible_ssh_user: "ec2-user"
-ansible_ssh_private_key_file: "/home/sgeadmin/.ssh/shahaan.pem"
-server: "{{ inventory_hostname }}"
client: "{{ inventory_hostname }}"
--
GitLab