--- /dev/null
+gateway
+=======
+
+This role can be used to set up a new OpenVPN gateway for a Ceph test lab
+as well as maintain user access provided a secrets repo is configured.
+
+This role supports CentOS 7.2 only at this time. It's current intended use
+is to maintain the existing OpenVPN gateway in our Sepia_ lab.
+
+It does the following:
+- Installs and updates necessary packages
+- Maintains user list
+
+Prerequisites
++++++++++++++
+
+- CentOS 7.2
+
+Variables
++++++++++
+
+A list of packages to install that is specific to the role. These lists are defined in the var files in ``vars/``::
+
+ packages: []
+
+Tags
+++++
+
+packages
+ Install *and update* packages
+
+users
+ Update OpenVPN users list
+
+To Do
++++++
+
+- Support installation of new OpenVPN gateway from scratch
+- Upload and maintain CA, keys, and certificates
+- Configure networking
+- Configure firewall
+- Configure fail2ban
+
+.. _Sepia: https://ceph.github.io/sepia/
--- /dev/null
+---
+# These defaults are present to allow certain tasks to no-op if a secrets repo
+# hasn't been defined. If you want to override these, do so in the secrets repo
+# itself. We override these in $repo/ansible/inventory/group_vars/gateway.yml
+secrets_repo:
+ name: UNDEFINED
+ url: null
--- /dev/null
+---
+- name: Include secrets
+ include_vars: "{{ secrets_path | mandatory }}/gateway.yml"
+ no_log: true
+ tags:
+ - vars
+
+# Install and update system packages
+- include: packages.yml
+ tags:
+ - packages
+
+# Manage OpenVPN users list using secrets repo
+- include: users.yml
+ tags:
+ - users
projects / ceph-cm-ansible.git / commitdiff