-# Creating OpenVPN files for users
+# Manually Creating & Removing OpenVPN access for users
## Prerequisites
-In order to follow the steps documented here, few things must be prepared
-in advance.
+In order to manually create/remove OpenVPN access for users, there are pre-requisites
+steps which should be fulfilled.
-* Access to required below Nordix OpenVPN/Jump servers with sudo access to infra user,
+* Access to below Nordix OpenVPN/Jump and CA servers with sudo access to infra user
+ from your local machine,
+----------------+---------------+--------------------------------------+
- | Nordix OpenVPN | IP ADDRESS | SSH ACCESS |
+ | Nordix OpenVPN | IP ADDRESS | SSH ACCESS |
+================+===============+======================================+
| ONAP-CityCloud | 77.81.6.42 | ssh <USER_ID>@77.81.6.42 -p 52413 |
+----------------+---------------+--------------------------------------+
+----------------+---------------+--------------------------------------+
| CCD | 188.212.109.53| ssh <USER_ID>@188.212.109.53 -p 52413|
+----------------+---------------+--------------------------------------+
-
-* Ensure SSH key based authentication enabled between Openvpn server and CA
-
-* Login to required Nordix OpenVPN/Jump server from your machine
+ | CA Server | 77.81.6.250 | ssh <USER_ID>@77.81.6.250 -p 52413 |
+ +----------------+---------------+--------------------------------------+
* Install virtualenv, python3-minimal, python3-dev, and python3-pip
-```bash
+```
sudo apt update
sudo apt install -y virtualenv python3-minimal python3-dev python3-pip
```
* Create and set virtualenv
-```bash
+```
virtualenv -p python3 .venv
-source .venv/bin/activate
+source ~/.venv/bin/activate
```
* Install Ansible 2.9.6
```
## Generate User ovpn file
-* Login to OpenVPN/Jump server with your credentials
-
* Clone infra/tools repository from Nordix Gerrit
-```bash
+```
git clone "https://gerrit.nordix.org/infra/tools"
```
You are now ready to create ovpn files for users in project specific OpenVPN server,
-* Switch to infra user in OpenVPN/Jump server
-
-* Change directory to you home directory from where repo cloned
-```bash
-cd <YOUR_HOME_DIR>/tools/infra/openvpn_automation
-source <YOUR_HOME_DIR>/.venv/bin/activate
-ansible-playbook -i inventory/inventory.ini openvpn_user_setup.yaml -e "client_name=<USERNAME_TO_CREATE_OVPN_CERT>"
+* Change directory in your computer where the repo cloned,
+```
+cd tools/infra/openvpn_automation
```
+* Export the `user_name` and `vpn_server_public_ip` as environment variable
+```
+export user_name=<Client_name>
+export vpn_server_public_ip=<PUBLIC_IP_OF_REQUIRED_OPENVPNSERVER>
+```
NOTE:
+* OpenVPN server public IP's can be taken from the table in the top of this file
* Client user ID should be user's username (first character of user firstname + lastname)
* {{ client_name }} should be given as per specific OpenvVPN servers listed below,
+----------------+---------------+---------------------------+
| CCD | 10.4.0.0/24 | client_userid.ccd |
+----------------+---------------+---------------------------+
+* Update the invetory file to proceed,
+```
+cat >> inventory/inventory.ini <<EOF
+[jumphost]
+# Nordix OpenVPN server
+jumphost ansible_connection=ssh ansible_host=$vpn_server_public_ip ansible_user=infra ansible_port=52413 ansible_python_interpreter=/usr/bin/python3
+EOF
+```
+
+* Created user OpenVPN file by running the script,
+```
+./generate_openvpn_client.sh
+```
+
* Once user specific ovpn file is generated, this file should be shared with user's email with below instructions,
* Please install the openvpn on your laptop. Assuming you using Ubuntu:
## Revoke User ovpn file
-* Login to required Nordix OpenVPN/Jump server from your machine
-
* Clone infra/tools repository from Nordix Gerrit
-```bash
+```
git clone "ssh://<USERNAME>@gerrit.nordix.org:29418/infra/tools && scp -p -P 29418 <USERNAME>@gerrit.nordix.org:hooks/commit-msg "tools/.git/hooks/"
```
You are now ready to revoke Openvpn access for users in project specific OpenVPN server,
-* Switch to infra user in OpenVPN/Jump server
+* Change directory in your computer where the repo cloned,
+```
+cd tools/infra/openvpn_automation
+```
-* Change directory to you home directory from where repo cloned
-```bash
-cd <YOUR_HOME_DIR>/tools/infra/openvpn_automation
-source <YOUR_HOME_DIR>/.venv/bin/activate
-ansible-playbook -i inventory/inventory.ini openvpn_user_revoke.yaml -e "client_name=<USERNAME_TO_REVOKE_ACCESS>"
+* Export the `user_name` and `vpn_server_public_ip` as environment variable
+```
+export user_name=<Client_name>
+export vpn_server_public_ip=<PUBLIC_IP_OF_REQUIRED_OPENVPNSERVER>
```
NOTE:
+* OpenVPN server public IP's can be taken from the table in the top of this file
* Client user ID should be user's username (first character of user firstname + lastname)
* {{ client_name }} should be given as per specific OpenvVPN servers listed below,
+----------------+---------------+---------------------------+
| CCD | 10.4.0.0/24 | client_userid.ccd |
+----------------+---------------+---------------------------+
+* Update the invetory file to proceed,
+```
+cat >> inventory/inventory.ini <<EOF
+[jumphost]
+# Nordix OpenVPN server
+jumphost ansible_connection=ssh ansible_host=$vpn_server_public_ip ansible_user=infra ansible_port=52413 ansible_python_interpreter=/usr/bin/python3
+EOF
+```
+
+* Delete user entries from OpenVPN server & Nordix CA servers by running the script,
+```
+./delete_openvpn_client.sh
+```
+
You are done!