From f411a72c17ac6d14d49dda8736ba412318026e62 Mon Sep 17 00:00:00 2001 From: Victor da Costa Date: Sat, 27 Apr 2019 01:48:37 +0200 Subject: [PATCH 1/6] post configure hooks for role - hook role as post configure activities --- tasks/post_configure_initiator_hooks.yaml | 5 +++++ tasks/post_configure_responder_hooks.yaml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/tasks/post_configure_initiator_hooks.yaml b/tasks/post_configure_initiator_hooks.yaml index c550135..c729c51 100644 --- a/tasks/post_configure_initiator_hooks.yaml +++ b/tasks/post_configure_initiator_hooks.yaml @@ -3,3 +3,8 @@ - name: Include post configure initiator hooks tasks include_tasks: "{{ cloud_vpn_initiator_post_configure_hooks }}" when: cloud_vpn_initiator_post_configure_hooks is defined + +- name: Include post configure initiator hooks role + include_role: + name: "{{ cloud_vpn_initiator_post_configure_hooks_role }}" + when: cloud_vpn_initiator_post_configure_hooks_role is defined diff --git a/tasks/post_configure_responder_hooks.yaml b/tasks/post_configure_responder_hooks.yaml index a5f9210..f1c02f8 100644 --- a/tasks/post_configure_responder_hooks.yaml +++ b/tasks/post_configure_responder_hooks.yaml @@ -3,3 +3,8 @@ - name: Include post configure responder hooks tasks include_tasks: "{{ cloud_vpn_responder_post_configure_hooks }}" when: cloud_vpn_responder_post_configure_hooks is defined + +- name: Include post configure responder hooks role + include_role: + name: "{{ cloud_vpn_responder_post_configure_hooks_role }}" + when: cloud_vpn_responder_post_configure_hooks_role is defined From 835ee7b14f4c630e127cee896b5254e155c7c00c Mon Sep 17 00:00:00 2001 From: Victor da Costa Date: Sat, 27 Apr 2019 01:49:51 +0200 Subject: [PATCH 2/6] add pre configure hooks - hook pre configure tasks - hook pre configure role --- tasks/create_vpn.yaml | 6 ++++++ tasks/pre_configure_initiator_hooks.yaml | 10 ++++++++++ tasks/pre_configure_responder_hooks.yaml | 10 ++++++++++ 3 files changed, 26 insertions(+) create mode 100644 tasks/pre_configure_initiator_hooks.yaml create mode 100644 tasks/pre_configure_responder_hooks.yaml diff --git a/tasks/create_vpn.yaml b/tasks/create_vpn.yaml index 66354da..4a60fe7 100644 --- a/tasks/create_vpn.yaml +++ b/tasks/create_vpn.yaml @@ -20,6 +20,12 @@ - name: Include add host initiator tasks include_tasks: add_host_initiator.yaml +- name: Include pre configure initiator hooks tasks + include_tasks: pre_configure_initiator_hooks.yaml + +- name: Include pre configure responder hooks tasks + include_tasks: pre_configure_responder_hooks.yaml + - name: Include configure vpn responder tasks include_tasks: configure_vpn_responder.yaml diff --git a/tasks/pre_configure_initiator_hooks.yaml b/tasks/pre_configure_initiator_hooks.yaml new file mode 100644 index 0000000..e619260 --- /dev/null +++ b/tasks/pre_configure_initiator_hooks.yaml @@ -0,0 +1,10 @@ +--- + +- name: Include pre configure initiator hooks tasks + include_tasks: "{{ cloud_vpn_initiator_pre_configure_hooks }}" + when: cloud_vpn_initiator_pre_configure_hooks is defined + +- name: Include pre configure initiator hooks role + include_role: + name: "{{ cloud_vpn_initiator_pre_configure_hooks_role }}" + when: cloud_vpn_initiator_pre_configure_hooks_role is defined diff --git a/tasks/pre_configure_responder_hooks.yaml b/tasks/pre_configure_responder_hooks.yaml new file mode 100644 index 0000000..aca73f0 --- /dev/null +++ b/tasks/pre_configure_responder_hooks.yaml @@ -0,0 +1,10 @@ +--- + +- name: Include pre configure responder hooks tasks + include_tasks: "{{ cloud_vpn_responder_pre_configure_hooks }}" + when: cloud_vpn_responder_pre_configure_hooks is defined + +- name: Include pre configure responder hooks role + include_role: + name: "{{ cloud_vpn_responder_pre_configure_hooks_role }}" + when: cloud_vpn_responder_pre_configure_hooks_role is defined From f207973a4f733dc1c79316d1db323ada0bb8edf4 Mon Sep 17 00:00:00 2001 From: Victor da Costa Date: Fri, 3 May 2019 12:43:55 +0200 Subject: [PATCH 3/6] add support for functions --- tasks/main.yaml | 52 ++++++++++++++++++++++++++++++++++++------------- tasks/run.yaml | 19 ++++++++++++++++++ 2 files changed, 57 insertions(+), 14 deletions(-) create mode 100644 tasks/run.yaml diff --git a/tasks/main.yaml b/tasks/main.yaml index aeec526..57f8dc2 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -1,19 +1,43 @@ --- -- name: Install required pip packages - include_tasks: install_pip_requirements.yaml - when: cloud_vpn_install_pip_requirements +- name: set role supported functions + set_fact: + cloud_vpn_functions: + - add_host_initiator + - add_host_responder + - configure_routing_initiator + - configure_routing_responder + - configure_vpn_initiator + - configure_vpn_responder + - create_vpn + - delete_vpn + - deprovision_initiator + - deprovision_responder + - get_provisioner_facts_initiator + - get_provisioner_facts_responder + - get_vpn_facts + - install_pip_requirements + - load_initiator_defaults + - load_responder_defaults + - loop_tunnels + - post_configure_initiator_hooks + - post_configure_responder_hooks + - pre_configure_initiator_hooks + - pre_configure_responder_hooks + - process_tunnel + - provision_initiator + - provision_responder + - run + - show_login_info_initiator + - show_login_info_responder + - unconfigure_initiator + - unconfigure_responder -- name: Include loop tunnels tasks - include_tasks: loop_tunnels.yaml - when: cloud_vpn_tunnels is defined +- name: validate the requested function is supported + fail: + msg: "invalid function specified, expected one of {{ cloud_vpn_functions }}, got {{ function }}" + when: function | default('run') not in cloud_vpn_functions -- block: - - name: Include create VPN tasks - include_tasks: create_vpn.yaml - when: cloud_vpn_state == 'present' +- name: include function specific tasks and run + include_tasks: "{{ function | default('run') }}.yaml" - - name: Include delete VPN tasks - include_tasks: delete_vpn.yaml - when: cloud_vpn_state == 'absent' - when: cloud_vpn_tunnels is not defined diff --git a/tasks/run.yaml b/tasks/run.yaml new file mode 100644 index 0000000..aeec526 --- /dev/null +++ b/tasks/run.yaml @@ -0,0 +1,19 @@ +--- + +- name: Install required pip packages + include_tasks: install_pip_requirements.yaml + when: cloud_vpn_install_pip_requirements + +- name: Include loop tunnels tasks + include_tasks: loop_tunnels.yaml + when: cloud_vpn_tunnels is defined + +- block: + - name: Include create VPN tasks + include_tasks: create_vpn.yaml + when: cloud_vpn_state == 'present' + + - name: Include delete VPN tasks + include_tasks: delete_vpn.yaml + when: cloud_vpn_state == 'absent' + when: cloud_vpn_tunnels is not defined From 3e10e387254c0c72a688048d62221f00a3c6c020 Mon Sep 17 00:00:00 2001 From: Victor da Costa Date: Fri, 3 May 2019 13:03:17 +0200 Subject: [PATCH 4/6] add variables for cloud resources - Allow name customization of cloud resources --- defaults/main.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/defaults/main.yaml b/defaults/main.yaml index bb0fb69..5bef662 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -9,8 +9,15 @@ cloud_vpn_name: cvpn cloud_vpn_state: present cloud_vpn_pause_before_config_seconds: 30 +cloud_vpn_initiator_securitygroup_name: "{{ cloud_vpn_name }}-initiator-securitygroup" +cloud_vpn_responder_securitygroup_name: "{{ cloud_vpn_name }}-responder-securitygroup" + +cloud_vpn_initiator_instance_name: "{{ cloud_vpn_name }}-initiator-instance" +cloud_vpn_responder_instance_name: "{{ cloud_vpn_name }}-responder-instance" + cloud_vpn_initiator_key_name: "{{ cloud_vpn_name }}-initiator-keypair" cloud_vpn_responder_key_name: "{{ cloud_vpn_name }}-responder-keypair" + cloud_vpn_tunnel_cidr: 169.254.56.24/30 cloud_vpn_tunnel_failover_cidr: 169.254.56.28/30 @@ -28,3 +35,14 @@ cloud_vpn_responder_cidr: 192.168.0.0/24 cloud_vpn_responder_private_ip: 192.168.0.10 cloud_vpn_responder_tunnel_ip: 169.254.56.26 cloud_vpn_responder_bgp_asn: 65001 + + +cloud_vpn_responder_vpc_name: "{{ cloud_vpn_name }}-responder-vpc" +cloud_vpn_responder_subnet_name: "{{ cloud_vpn_name }}-responder-subnet" +cloud_vpn_responder_routetable_name: "{{ cloud_vpn_name }}-responder-routetable" +cloud_vpn_responder_internetgateway_name: "{{ cloud_vpn_name }}-responder-internetgw" + +cloud_vpn_initiator_vpc_name: "{{ cloud_vpn_name }}-initiator-vpc" +cloud_vpn_initiator_subnet_name: "{{ cloud_vpn_name }}-initiator-subnet" +cloud_vpn_initiator_routetable_name: "{{ cloud_vpn_name }}-initiator-routetable" +cloud_vpn_initiator_internetgateway_name: "{{ cloud_vpn_name }}-initiator-internetgw" \ No newline at end of file From e8d69bbda170c6ddd5ca2826840e28ddffadbee4 Mon Sep 17 00:00:00 2001 From: Victor da Costa Date: Mon, 20 May 2019 15:54:48 +0200 Subject: [PATCH 5/6] solve yamllint errors --- defaults/main.yaml | 2 +- tasks/main.yaml | 5 ++--- tasks/pre_configure_initiator_hooks.yaml | 7 +++---- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/defaults/main.yaml b/defaults/main.yaml index 5bef662..0b381cc 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -45,4 +45,4 @@ cloud_vpn_responder_internetgateway_name: "{{ cloud_vpn_name }}-responder-intern cloud_vpn_initiator_vpc_name: "{{ cloud_vpn_name }}-initiator-vpc" cloud_vpn_initiator_subnet_name: "{{ cloud_vpn_name }}-initiator-subnet" cloud_vpn_initiator_routetable_name: "{{ cloud_vpn_name }}-initiator-routetable" -cloud_vpn_initiator_internetgateway_name: "{{ cloud_vpn_name }}-initiator-internetgw" \ No newline at end of file +cloud_vpn_initiator_internetgateway_name: "{{ cloud_vpn_name }}-initiator-internetgw" diff --git a/tasks/main.yaml b/tasks/main.yaml index 57f8dc2..c9d8f01 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -1,6 +1,5 @@ --- - -- name: set role supported functions +- name: "set role supported functions" set_fact: cloud_vpn_functions: - add_host_initiator @@ -33,7 +32,7 @@ - unconfigure_initiator - unconfigure_responder -- name: validate the requested function is supported +- name: "validate the requested function is supported" fail: msg: "invalid function specified, expected one of {{ cloud_vpn_functions }}, got {{ function }}" when: function | default('run') not in cloud_vpn_functions diff --git a/tasks/pre_configure_initiator_hooks.yaml b/tasks/pre_configure_initiator_hooks.yaml index e619260..1217a16 100644 --- a/tasks/pre_configure_initiator_hooks.yaml +++ b/tasks/pre_configure_initiator_hooks.yaml @@ -1,10 +1,9 @@ --- - -- name: Include pre configure initiator hooks tasks +- name: "Include pre configure initiator hooks tasks" include_tasks: "{{ cloud_vpn_initiator_pre_configure_hooks }}" when: cloud_vpn_initiator_pre_configure_hooks is defined -- name: Include pre configure initiator hooks role - include_role: +- name: "Include pre configure initiator hooks role" + include_role: name: "{{ cloud_vpn_initiator_pre_configure_hooks_role }}" when: cloud_vpn_initiator_pre_configure_hooks_role is defined From 6f555a20351b118e1f5213efaa747c8bb7f3a3a6 Mon Sep 17 00:00:00 2001 From: Victor da Costa Date: Mon, 20 May 2019 16:06:15 +0200 Subject: [PATCH 6/6] solve yamllint errors --- tasks/main.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tasks/main.yaml b/tasks/main.yaml index c9d8f01..eab65f2 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -34,9 +34,8 @@ - name: "validate the requested function is supported" fail: - msg: "invalid function specified, expected one of {{ cloud_vpn_functions }}, got {{ function }}" + msg: "expected one of {{ cloud_vpn_functions }}, got {{ function }}" when: function | default('run') not in cloud_vpn_functions - name: include function specific tasks and run include_tasks: "{{ function | default('run') }}.yaml" -