From: sankar palanivel Date: Tue, 12 Oct 2021 15:25:29 +0000 (+0100) Subject: Delete openvpn client files X-Git-Url: https://gerrit.nordix.org/gitweb?a=commitdiff_plain;h=c7f4044c91d1b20327391cac793cb49652a2da27;p=infra%2Ftools.git Delete openvpn client files In this change, - Delete user .ovpn file for a specific booking ID Change-Id: Ic7ec0d20352bd7ca841bc011ca7350495af6f19f --- diff --git a/infra/delete_openvpn_client/deploy.sh b/infra/delete_openvpn_client/deploy.sh new file mode 100755 index 0000000..615b3da --- /dev/null +++ b/infra/delete_openvpn_client/deploy.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +set -o errexit +set -o nounset +set -o pipefail + +#------------------------------------------------------------------------------- +# Delete Openvpn User Access +#------------------------------------------------------------------------------- +echo "Info: Delete Openvpn user access" +echo "-------------------------------------------------------------------------" + +export INVENTORY_FILE="${INVENTORY_FILE:-/tmp/inventory.ini}" + +ansible-playbook -i "$INVENTORY_FILE" playbooks/delete_openvpn_client.yaml + + +# vim: set ts=2 sw=2 expandtab: \ No newline at end of file diff --git a/infra/delete_openvpn_client/playbooks/delete_openvpn_client.yaml b/infra/delete_openvpn_client/playbooks/delete_openvpn_client.yaml new file mode 100644 index 0000000..eeb97f0 --- /dev/null +++ b/infra/delete_openvpn_client/playbooks/delete_openvpn_client.yaml @@ -0,0 +1,16 @@ +--- +- name: Revoke user Openvpn config files + hosts: jumphost + become: true + gather_facts: false + + roles: + - delete-openvpn-client + +- name: Revoke user Openvpn cert files + hosts: ca_server + become: true + gather_facts: false + + roles: + - delete-openvpn-client-certs diff --git a/infra/delete_openvpn_client/playbooks/roles/delete-openvpn-client-certs/tasks/main.yaml b/infra/delete_openvpn_client/playbooks/roles/delete-openvpn-client-certs/tasks/main.yaml new file mode 100644 index 0000000..9fcc0aa --- /dev/null +++ b/infra/delete_openvpn_client/playbooks/roles/delete-openvpn-client-certs/tasks/main.yaml @@ -0,0 +1,26 @@ +--- +- name: Delete certificate for user {{ user_name }} + openssl_certificate: + path: "/root/CA/newcerts/{{ user_name }}.crt" + force: true + state: absent + +- name: Delete CSR for user {{ user_name }} + openssl_csr: + path: "/root/CA/requests/{{ user_name }}.csr" + force: true + state: absent + +- name: Delete User Private Key + openssl_privatekey: + path: "/root/CA/private/{{ user_name }}.key" + force: true + state: absent + +- name: Log user specific ovpn files location on the console + debug: + msg: + - ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + - "The OpenVPN access has been revoked for the user {{ user_name }}" + - ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + - '' \ No newline at end of file diff --git a/infra/delete_openvpn_client/playbooks/roles/delete-openvpn-client-certs/vars/main.yaml b/infra/delete_openvpn_client/playbooks/roles/delete-openvpn-client-certs/vars/main.yaml new file mode 100644 index 0000000..2d0f308 --- /dev/null +++ b/infra/delete_openvpn_client/playbooks/roles/delete-openvpn-client-certs/vars/main.yaml @@ -0,0 +1,3 @@ +--- +# user specific vars +user_name: "{{ lookup('env','user_name') }}" \ No newline at end of file diff --git a/infra/delete_openvpn_client/playbooks/roles/delete-openvpn-client/tasks/main.yaml b/infra/delete_openvpn_client/playbooks/roles/delete-openvpn-client/tasks/main.yaml new file mode 100644 index 0000000..9ccff92 --- /dev/null +++ b/infra/delete_openvpn_client/playbooks/roles/delete-openvpn-client/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Remove "{{ user_name }}" files from OpenVPN server + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ openvpn_clientconfig_path }}/keys/{{ user_name }}.crt" + - "{{ openvpn_clientconfig_path }}/keys/{{ user_name }}.key" + - "{{ openvpn_clientconfig_path }}/files/{{ user_name }}.ovpn" diff --git a/infra/delete_openvpn_client/playbooks/roles/delete-openvpn-client/vars/main.yaml b/infra/delete_openvpn_client/playbooks/roles/delete-openvpn-client/vars/main.yaml new file mode 100644 index 0000000..6aebec5 --- /dev/null +++ b/infra/delete_openvpn_client/playbooks/roles/delete-openvpn-client/vars/main.yaml @@ -0,0 +1,5 @@ +--- +openvpn_clientconfig_path: "/root/openvpn-ca/client_configs" + +# user specific vars +user_name: "{{ lookup('env','user_name') }}" \ No newline at end of file