Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • hpc-team/HPCasCode
  • chines/ansible_cluster_in_a_box
2 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 88 additions and 67 deletions
roles/OpenVPN-Client/meta/main.yml
View file @ cae6bd7b
--- ---
dependencies: dependencies:
- { role: easy-rsa-certificate, x509_csr_args="" } # - { role: easy-rsa-CA }
- { role: easy-rsa-certificate, x509_csr_args: "" }
roles/OpenVPN-Client/tasks/copyCerts.yml
View file @ cae6bd7b
--- ---
- -
copy: "src=/tmp/{{ inventory_hostname }}/ca.crt dest=/etc/openvpn/ca.crt mode=644 owner=root group=root" copy: "src=/tmp/{{ inventory_hostname }}/ca.crt dest=/etc/openvpn/ca.crt mode=644 owner=root group=root"
name: "Copying CA certificate" name: "Copying CA certificate"
when: "client_ca_cert.stat.exists == false" when: "client_ca_cert.stat.exists == false"
- -
copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.crt dest=/etc/openvpn/{{ inventory_hostname }}.crt mode=644 owner=root group=root" copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.crt dest=/etc/openvpn/{{ inventory_hostname }}.crt mode=644 owner=root group=root"
name: "Copying Client certificate" name: "Copying Client certificate"
when: "client_sign_cert.stat.exists == false" when: "client_sign_cert.stat.exists == false"
- -
copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.key dest=/etc/openvpn/{{ inventory_hostname }}.key mode=600 owner=root group=root" copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.key dest=/etc/openvpn/{{ inventory_hostname }}.key mode=600 owner=root group=root"
name: "Copying Client key" name: "Copying Client key"
when: "client_key.stat.exists == false" when: "client_key.stat.exists == false"
......
roles/OpenVPN-Client/tasks/installOpenVPN.yml
View file @ cae6bd7b
--- ---
- name: "Install OpenVPN" - name: "Install OpenVPN"
yum: "name=openvpn state=present" yum: "name=openvpn state=present"
sudo: true become: true
notify: restart openvpn notify: restart openvpn
- name: "Copying client.conf to the OpenVPN client" - name: "Copying client.conf to the OpenVPN client"
template: "src=client.conf.j2 dest=/etc/openvpn/client.conf" template: "src=client.conf.j2 dest=/etc/openvpn/client.conf"
sudo: true become: true
notify: restart openvpn notify: restart openvpn
roles/OpenVPN-Client/tasks/main.yml
View file @ cae6bd7b
...@@ -3,6 +3,6 @@ ...@@ -3,6 +3,6 @@
include: installOpenVPN.yml include: installOpenVPN.yml
- name: "Start OpenVPN" - name: "Start OpenVPN"
service: name=openvpn state=started service: name=openvpn state=started enabled=yes
sudo: true become: true
roles/OpenVPN-Client/vars/main.yml deleted 100644 → 0
View file @ 8e9cc626
---
x509_csr_args: ""
x509_cacert_file: "/etc/ssl/certs/cacert.crt"
x509_key_file: "/etc/ssl/private/client.key"
x509_cert_file: "/etc/ssl/certs/client.crt"
x509_common_name: "{{ ansible_fqdn }}_OpenVPN_Client"
roles/OpenVPN-Client/vars/main.yml 0 → 120000
View file @ cae6bd7b
readme.txt
\ No newline at end of file
roles/OpenVPN-Client/vars/readme.txt 0 → 100644
View file @ cae6bd7b
---
x509_csr_args: ""
x509_cacert_file: "/etc/ssl/certs/cacert.crt"
x509_key_file: "/etc/ssl/private/client.key"
x509_cert_file: "/etc/ssl/certs/client.crt"
x509_common_name: "{{ ansible_fqdn }}_OpenVPN_Client"
roles/OpenVPN-Server/handlers/main.yml
View file @ cae6bd7b
--- ---
- name: restart openvpn - name: restart openvpn
service: name=openvpn state=restarted service: name=openvpn state=restarted
sudo: true become: true
roles/OpenVPN-Server/meta/main.yml
View file @ cae6bd7b
--- ---
dependencies: dependencies:
- { role: easy-rsa-certificate, x509_csr_args="--server" } - { role: easy-rsa-certificate, x509_csr_args: "--server" }
roles/OpenVPN-Server/tasks/copyCerts.yml deleted 100644 → 0
View file @ 8e9cc626
---
- name: "Copying CA and server certificate"
shell: "cp -pvf /etc/easy-rsa/2.0/keys/ca.crt /etc/openvpn/; cp -pvf /etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.crt /etc/openvpn/; cp -pvf /etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.key /etc/openvpn/"
args:
creates: /etc/openvpn/ca.crt
- name: "Create symlink for Diffie Hellman"
file: "src=/etc/easy-rsa/2.0/keys/dh512.pem dest=/etc/openvpn/dh512.pem state=link"
- name: "Copying server.conf to the OpenVPN server"
template: src={{ item }} dest=/etc/openvpn/server.conf
with_first_found:
- files:
- server.conf.j2
- userConfig
- defaultConfig
paths:
- ../templates/
- ../files/
notify: restart openvpn
- name: "Start OpenVPN"
service: name=openvpn state=started
sudo: true
roles/OpenVPN-Server/tasks/installOpenVPN.yml
View file @ cae6bd7b
--- ---
- name: "Install OpenVPN" - name: "Install OpenVPN"
yum: "name=openvpn state=present" yum: "name=openvpn state=present"
notify: "restart openvpn" notify: "restart openvpn"
sudo: true become: true
- name: Create path
shell: mkdir -p {{ dhparms_file | dirname }}
args:
creates: "{{ dhparms_file | dirname }}"
become: true
- name: "Generate DH parameters" - name: "Generate DH parameters"
shell: openssl dhparam -out {{ dhparms_file }} 512 shell: openssl dhparam -out {{ dhparms_file }} 512
args: args:
creates: "{{ dhparms_file }}" creates: "{{ dhparms_file }}"
sudo: true become: true
- name: "Configure OpenVPN Server" - name: "Configure OpenVPN Server"
template: "src=server.conf.j2 dest=/etc/openvpn/server.conf" template: "src=server.conf.j2 dest=/etc/openvpn/server.conf"
notify: "restart openvpn" notify: "restart openvpn"
sudo: true become: true
roles/OpenVPN-Server/tasks/main.yml
View file @ cae6bd7b
...@@ -3,5 +3,5 @@ ...@@ -3,5 +3,5 @@
include: installOpenVPN.yml include: installOpenVPN.yml
- name: "Start OpenVPN" - name: "Start OpenVPN"
service: name=openvpn state=started service: name=openvpn state=started enabled=yes
sudo: true become: true
roles/OpenVPN-Server/templates/server.conf.j2
View file @ cae6bd7b
...@@ -93,7 +93,7 @@ dh {{ dhparms_file }} ...@@ -93,7 +93,7 @@ dh {{ dhparms_file }}
# Each client will be able to reach the server # Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are # on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info. # ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0 server {{ server_network }} {{ server_netmask }}
# Maintain a record of client <-> virtual IP address # Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or # associations in this file. If OpenVPN goes down or
......
roles/OpenVPN-Server/vars/main.yml deleted 100644 → 0
View file @ 8e9cc626
---
x509_csr_args: "--server"
x509_cacert_file: "/etc/ssl/certs/cacert.pem"
x509_key_file: "/etc/ssl/private/server.key"
x509_cert_file: "/etc/ssl/certs/server.pem"
x509_common_name: "{{ ansible_fqdn }}_OpenVPN_Server"
dhparms_file: "/etc/ssl/private/dh.pem"
roles/OpenVPN-Server/vars/main.yml 0 → 120000
View file @ cae6bd7b
readme.txt
\ No newline at end of file
roles/OpenVPN-Server/vars/readme.txt 0 → 100644
View file @ cae6bd7b
---
x509_csr_args: "--server"
x509_cacert_file: "/etc/ssl/certs/ca.crt"
x509_key_file: "/etc/openvpn/private/server.key"
x509_cert_file: "/etc/openvpn/certs/server.crt"
x509_common_name: "{{ ansible_fqdn }}_OpenVPN_Server"
dhparms_file: "/etc/openvpn/private/dh.pem"
server_network: "10.8.0.0"
server_netmask: "255.255.255.0"
roles/SSHKnownHosts/tasks/main.yml 0 → 100644
View file @ cae6bd7b
- name: install known hosts file
copy: src=files/ssh_known_hosts dest=/etc/ssh/ssh_known_hosts owner=root mode=644
become: true
become_user: root
roles/additional_paths/tasks/main.yml 0 → 100644
View file @ cae6bd7b
- name: setup additiona PATHs in /etc/profile.d
template:
src: additional_paths.sh.j2
dest: /etc/profile.d/additional_paths.sh
become: true
when: additional_paths is defined
roles/additional_paths/templates/additional_paths.sh.j2 0 → 100644
View file @ cae6bd7b
export PATH=$PATH:{{ additional_paths|join(":") }}
roles/allow_stale_nfs/tasks/main.yml 0 → 100644
View file @ cae6bd7b
---
- name: place /usr/local/ last in the PATH in /etc/profile
lineinfile:
args:
dest: "/etc/profile"
insertbefore: BOF
line: "PATH=/bin:/usr/bin:/usr/local/bin"
become: true
become_user: root
- name: remove old line
lineinfile:
args:
dest: "/etc/profile"
regexp: "^PATH=/usr/local/bin:/bin:/usr/bin$"
state: absent
become: true
become_user: root
- name: remove /usr/local/ from the PATH in /etc/profile
lineinfile:
args:
dest: "/etc/profile"
regexp: ".*pathmunge /usr/local.*"
state: absent
become: true
become_user: root
- name: dont execute abrt-cli on login
file: path=/etc/profile.d/abrt-console-notification.sh state=absent
become: true
become_user: root