Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • hpc-team/HPCasCode
  • chines/ansible_cluster_in_a_box
2 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 88 additions and 67 deletions
roles/OpenVPN-Client/meta/main.yml
View file @ cae6bd7b
---
dependencies:
- { role: easy-rsa-certificate, x509_csr_args="" }
# - { role: easy-rsa-CA }
- { role: easy-rsa-certificate, x509_csr_args: "" }
roles/OpenVPN-Client/tasks/copyCerts.yml
View file @ cae6bd7b
---
-
---
-
copy: "src=/tmp/{{ inventory_hostname }}/ca.crt dest=/etc/openvpn/ca.crt mode=644 owner=root group=root"
name: "Copying CA certificate"
when: "client_ca_cert.stat.exists == false"
-
-
copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.crt dest=/etc/openvpn/{{ inventory_hostname }}.crt mode=644 owner=root group=root"
name: "Copying Client certificate"
when: "client_sign_cert.stat.exists == false"
-
-
copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.key dest=/etc/openvpn/{{ inventory_hostname }}.key mode=600 owner=root group=root"
name: "Copying Client key"
when: "client_key.stat.exists == false"
......
roles/OpenVPN-Client/tasks/installOpenVPN.yml
View file @ cae6bd7b
---
---
- name: "Install OpenVPN"
yum: "name=openvpn state=present"
sudo: true
become: true
notify: restart openvpn
- name: "Copying client.conf to the OpenVPN client"
template: "src=client.conf.j2 dest=/etc/openvpn/client.conf"
sudo: true
become: true
notify: restart openvpn
roles/OpenVPN-Client/tasks/main.yml
View file @ cae6bd7b
......@@ -3,6 +3,6 @@
include: installOpenVPN.yml
- name: "Start OpenVPN"
service: name=openvpn state=started
sudo: true
service: name=openvpn state=started enabled=yes
become: true
roles/OpenVPN-Client/vars/main.yml deleted 100644 → 0
View file @ 8e9cc626
---
x509_csr_args: ""
x509_cacert_file: "/etc/ssl/certs/cacert.crt"
x509_key_file: "/etc/ssl/private/client.key"
x509_cert_file: "/etc/ssl/certs/client.crt"
x509_common_name: "{{ ansible_fqdn }}_OpenVPN_Client"
roles/OpenVPN-Client/vars/main.yml 0 → 120000
View file @ cae6bd7b
readme.txt
\ No newline at end of file
roles/OpenVPN-Client/vars/readme.txt 0 → 100644
View file @ cae6bd7b
---
x509_csr_args: ""
x509_cacert_file: "/etc/ssl/certs/cacert.crt"
x509_key_file: "/etc/ssl/private/client.key"
x509_cert_file: "/etc/ssl/certs/client.crt"
x509_common_name: "{{ ansible_fqdn }}_OpenVPN_Client"
roles/OpenVPN-Server/handlers/main.yml
View file @ cae6bd7b
---
- name: restart openvpn
service: name=openvpn state=restarted
sudo: true
become: true
roles/OpenVPN-Server/meta/main.yml
View file @ cae6bd7b
---
dependencies:
- { role: easy-rsa-certificate, x509_csr_args="--server" }
- { role: easy-rsa-certificate, x509_csr_args: "--server" }
roles/OpenVPN-Server/tasks/copyCerts.yml deleted 100644 → 0
View file @ 8e9cc626
---
- name: "Copying CA and server certificate"
shell: "cp -pvf /etc/easy-rsa/2.0/keys/ca.crt /etc/openvpn/; cp -pvf /etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.crt /etc/openvpn/; cp -pvf /etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.key /etc/openvpn/"
args:
creates: /etc/openvpn/ca.crt
- name: "Create symlink for Diffie Hellman"
file: "src=/etc/easy-rsa/2.0/keys/dh512.pem dest=/etc/openvpn/dh512.pem state=link"
- name: "Copying server.conf to the OpenVPN server"
template: src={{ item }} dest=/etc/openvpn/server.conf
with_first_found:
- files:
- server.conf.j2
- userConfig
- defaultConfig
paths:
- ../templates/
- ../files/
notify: restart openvpn
- name: "Start OpenVPN"
service: name=openvpn state=started
sudo: true
roles/OpenVPN-Server/tasks/installOpenVPN.yml
View file @ cae6bd7b
---
---
- name: "Install OpenVPN"
yum: "name=openvpn state=present"
notify: "restart openvpn"
sudo: true
become: true
- name: Create path
shell: mkdir -p {{ dhparms_file | dirname }}
args:
creates: "{{ dhparms_file | dirname }}"
become: true
- name: "Generate DH parameters"
shell: openssl dhparam -out {{ dhparms_file }} 512
args:
creates: "{{ dhparms_file }}"
sudo: true
become: true
- name: "Configure OpenVPN Server"
template: "src=server.conf.j2 dest=/etc/openvpn/server.conf"
notify: "restart openvpn"
sudo: true
become: true
roles/OpenVPN-Server/tasks/main.yml
View file @ cae6bd7b
......@@ -3,5 +3,5 @@
include: installOpenVPN.yml
- name: "Start OpenVPN"
service: name=openvpn state=started
sudo: true
service: name=openvpn state=started enabled=yes
become: true
roles/OpenVPN-Server/templates/server.conf.j2
View file @ cae6bd7b
......@@ -93,7 +93,7 @@ dh {{ dhparms_file }}
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0
server {{ server_network }} {{ server_netmask }}
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
......
roles/OpenVPN-Server/vars/main.yml deleted 100644 → 0
View file @ 8e9cc626
---
x509_csr_args: "--server"
x509_cacert_file: "/etc/ssl/certs/cacert.pem"
x509_key_file: "/etc/ssl/private/server.key"
x509_cert_file: "/etc/ssl/certs/server.pem"
x509_common_name: "{{ ansible_fqdn }}_OpenVPN_Server"
dhparms_file: "/etc/ssl/private/dh.pem"
roles/OpenVPN-Server/vars/main.yml 0 → 120000
View file @ cae6bd7b
readme.txt
\ No newline at end of file
roles/OpenVPN-Server/vars/readme.txt 0 → 100644
View file @ cae6bd7b
---
x509_csr_args: "--server"
x509_cacert_file: "/etc/ssl/certs/ca.crt"
x509_key_file: "/etc/openvpn/private/server.key"
x509_cert_file: "/etc/openvpn/certs/server.crt"
x509_common_name: "{{ ansible_fqdn }}_OpenVPN_Server"
dhparms_file: "/etc/openvpn/private/dh.pem"
server_network: "10.8.0.0"
server_netmask: "255.255.255.0"
roles/SSHKnownHosts/tasks/main.yml 0 → 100644
View file @ cae6bd7b
- name: install known hosts file
copy: src=files/ssh_known_hosts dest=/etc/ssh/ssh_known_hosts owner=root mode=644
become: true
become_user: root
roles/additional_paths/tasks/main.yml 0 → 100644
View file @ cae6bd7b
- name: setup additiona PATHs in /etc/profile.d
template:
src: additional_paths.sh.j2
dest: /etc/profile.d/additional_paths.sh
become: true
when: additional_paths is defined
roles/additional_paths/templates/additional_paths.sh.j2 0 → 100644
View file @ cae6bd7b
export PATH=$PATH:{{ additional_paths|join(":") }}
roles/allow_stale_nfs/tasks/main.yml 0 → 100644
View file @ cae6bd7b
---
- name: place /usr/local/ last in the PATH in /etc/profile
lineinfile:
args:
dest: "/etc/profile"
insertbefore: BOF
line: "PATH=/bin:/usr/bin:/usr/local/bin"
become: true
become_user: root
- name: remove old line
lineinfile:
args:
dest: "/etc/profile"
regexp: "^PATH=/usr/local/bin:/bin:/usr/bin$"
state: absent
become: true
become_user: root
- name: remove /usr/local/ from the PATH in /etc/profile
lineinfile:
args:
dest: "/etc/profile"
regexp: ".*pathmunge /usr/local.*"
state: absent
become: true
become_user: root
- name: dont execute abrt-cli on login
file: path=/etc/profile.d/abrt-console-notification.sh state=absent
become: true
become_user: root