Update ansible roles to automate nordix openvpn user management

[infra/tools.git] / infra / openvpn_automation / playbooks / roles / generate-user-ovpn / tasks / main.yaml

diff --git a/infra/openvpn_automation/generate-user-ovpn/tasks/main.yaml b/infra/openvpn_automation/playbooks/roles/generate-user-ovpn/tasks/main.yaml
similarity index 50%
rename from infra/openvpn_automation/generate-user-ovpn/tasks/main.yaml
rename to infra/openvpn_automation/playbooks/roles/generate-user-ovpn/tasks/main.yaml
index fcf8bdf2bea2ea52ac107c20392fca0725a76db4..6fbcaa661eb683e1de9bb132ffe74db3fc78e3a7 100644 (file)
--- a/infra/openvpn_automation/generate-user-ovpn/tasks/main.yaml
+++ b/infra/openvpn_automation/playbooks/roles/generate-user-ovpn/tasks/main.yaml
@@ -1,49 +1,32 @@
 ---
-- name: Check {{ client_name }} key existence
-  stat:
-    path: "{{ nordix_openvpn_easyrsa_path }}/pki/private/{{ client_name }}.key"
-  register: client_privatekey
-  delegate_to: localhost
-
-- name: Create client cert and csr
-  command: ./easyrsa --batch --req-cn={{ client_name }} gen-req {{ client_name }} nopass
-  args:
-    chdir: "{{ nordix_openvpn_easyrsa_path }}"
-  when: client_privatekey.stat.exists == false
-  delegate_to: localhost
-
-- name: Copy client key to client_config directory
-  copy:
-    src: "{{ nordix_openvpn_easyrsa_path }}/pki/private/{{ client_name }}.key"
-    dest: "{{ nordix_openvpn_clientconfig }}/keys/"
-  changed_when: true
-  delegate_to: localhost
-
 - name: Copy client csr to nordix CA
   copy:
-    src: "{{ nordix_openvpn_easyrsa_path }}/pki/reqs/{{ client_name }}.req"
+    src: "{{ hostvars['localhost']['vpn_user_files_location'] }}/{{ user_name }}.req"
     dest: /tmp
+    owner: "infra"
+    group: "infra"
   changed_when: true
+  become: true
 
-- name: Check {{ client_name }} csr existence in CA
+- name: Check {{ user_name }} csr existence in CA
   stat:
-    path: "{{ nordix_ca_easyrsa_path }}/pki/reqs/{{ client_name }}.req"
+    path: "{{ nordix_ca_easyrsa_path }}/pki/reqs/{{ user_name }}.req"
   register: client_csr
 
 - name: Import client csr
-  command: ./easyrsa --batch import-req /tmp/{{ client_name }}.req {{ client_name }}
+  command: ./easyrsa --batch import-req /tmp/{{ user_name }}.req {{ user_name }}
   args:
     chdir: "{{ nordix_ca_easyrsa_path }}"
   when: client_csr.stat.exists == false
   changed_when: true
 
-- name: Check {{ client_name }} crt existence in CA
+- name: Check {{ user_name }} crt existence in CA
   stat:
-    path: "{{ nordix_ca_easyrsa_path }}/pki/issued/{{ client_name }}.crt"
+    path: "{{ nordix_ca_easyrsa_path }}/pki/issued/{{ user_name }}.crt"
   register: client_crt
 
 - name: Sign client csr
-  command: ./easyrsa --batch sign-req client {{ client_name }}
+  command: ./easyrsa --batch sign-req client {{ user_name }}
   args:
     chdir: "{{ nordix_ca_easyrsa_path }}"
   when: client_crt.stat.exists == false
@@ -51,28 +34,46 @@
 
 - name: Fetch client cert to client-configs/keys/ dir
   fetch:
-    src: "{{ nordix_ca_easyrsa_path }}/pki/issued/{{ client_name }}.crt"
-    dest: "{{ nordix_openvpn_clientconfig }}/keys/"
+    src: "{{ nordix_ca_easyrsa_path }}/pki/issued/{{ user_name }}.crt"
+    dest: "{{ hostvars['localhost']['vpn_user_files_location'] }}/"
     flat: true
   changed_when: true
 
+- name: Copy client cert file to OpenVPN server
+  copy:
+    src: "{{ hostvars['localhost']['vpn_user_files_location'] }}/{{ user_name }}.crt"
+    dest: "{{ nordix_openvpn_clientconfig }}/keys/"
+  changed_when: true
+  delegate_to: jumphost
+
 - name: Generate Client .ovpn file
-  script: make_config.sh "{{ client_name }}"
+  script: make_config.sh "{{ user_name }}"
   args:
     chdir: "{{ nordix_openvpn_clientconfig }}/"
     executable: /bin/bash
-  delegate_to: localhost
+  delegate_to: jumphost
+  become: false
+
+- name: Fetch Client .ovpn file
+  fetch:
+    src: "{{ nordix_openvpn_clientconfig }}/files/{{ item|basename }}"
+    dest: "{{ hostvars['localhost']['vpn_user_files_location'] }}/"
+    flat: true
+  with_items:
+    - "{{ user_name }}.ovpn"
+  delegate_to: jumphost
+  become: false
 
 - name: Log user specific ovpn files location on the console
   debug:
     msg:
       - ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-      - "The ovpn file {{ client_name }}.ovpn is located in {{ nordix_openvpn_clientconfig }}/files/{{ client_name }}.ovpn"
-      - "Please share the newly generated {{ client_name }}.ovpn file with user over email with below instructions,"
+      - "The ovpn file {{ user_name }}.ovpn is located in {{ nordix_openvpn_clientconfig }}/files/{{ user_name }}.ovpn"
+      - "Please share the newly generated {{ user_name }}.ovpn file with user over email with below instructions,"
       - "1. Please install the openvpn on your laptop. Assuming you using Ubuntu:"
       -     "#sudo apt install openvpn"
       - "2. Then you need to open the VPN connection using the .ovpn file which contain all the required certificates:"
-      -     "#sudo openvpn --config {{ client_name }}.ovpn &"
+      -     "#sudo openvpn --config {{ user_name }}.ovpn &"
       - "3. Now, user should have access to all the VMs directly from your laptop"
       - "4. In case you use Windows 10 OS, please use the community version of OpenVPN client:"
       -     "https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.8-I602-Win10.exe"