From 17c5b36363679ca833351411359bac8821683513 Mon Sep 17 00:00:00 2001
From: David Galloway <dgallowa@redhat.com>
Date: Fri, 18 Mar 2016 15:42:48 -0400
Subject: [PATCH] Create initial files for new 'gateway' role

Signed-off-by: David Galloway <dgallowa@redhat.com>
---
 gateway.yml                     |  4 +++
 roles/gateway/README.rst        | 44 +++++++++++++++++++++++++++++++++
 roles/gateway/defaults/main.yml |  7 ++++++
 roles/gateway/meta/main.yml     |  3 +++
 roles/gateway/tasks/main.yml    | 16 ++++++++++++
 5 files changed, 74 insertions(+)
 create mode 100644 gateway.yml
 create mode 100644 roles/gateway/README.rst
 create mode 100644 roles/gateway/defaults/main.yml
 create mode 100644 roles/gateway/meta/main.yml
 create mode 100644 roles/gateway/tasks/main.yml

diff --git a/gateway.yml b/gateway.yml
new file mode 100644
index 0000000..97fe0cb
--- /dev/null
+++ b/gateway.yml
@@ -0,0 +1,4 @@
+---
+- hosts: gateway
+  roles:
+    - gateway
diff --git a/roles/gateway/README.rst b/roles/gateway/README.rst
new file mode 100644
index 0000000..039046b
--- /dev/null
+++ b/roles/gateway/README.rst
@@ -0,0 +1,44 @@
+gateway
+=======
+
+This role can be used to set up a new OpenVPN gateway for a Ceph test lab 
+as well as maintain user access provided a secrets repo is configured.
+
+This role supports CentOS 7.2 only at this time.  It's current intended use
+is to maintain the existing OpenVPN gateway in our Sepia_ lab.
+
+It does the following:
+- Installs and updates necessary packages
+- Maintains user list
+
+Prerequisites
++++++++++++++
+
+- CentOS 7.2
+
+Variables
++++++++++
+
+A list of packages to install that is specific to the role.  These lists are defined in the var files in ``vars/``::
+
+    packages: []
+
+Tags
+++++
+
+packages
+    Install *and update* packages
+
+users
+    Update OpenVPN users list
+
+To Do
++++++
+
+- Support installation of new OpenVPN gateway from scratch
+- Upload and maintain CA, keys, and certificates
+- Configure networking
+- Configure firewall
+- Configure fail2ban
+
+.. _Sepia: https://ceph.github.io/sepia/
diff --git a/roles/gateway/defaults/main.yml b/roles/gateway/defaults/main.yml
new file mode 100644
index 0000000..4739f3b
--- /dev/null
+++ b/roles/gateway/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+# These defaults are present to allow certain tasks to no-op if a secrets repo
+# hasn't been defined. If you want to override these, do so in the secrets repo
+# itself. We override these in  $repo/ansible/inventory/group_vars/gateway.yml
+secrets_repo:
+  name: UNDEFINED
+  url: null
diff --git a/roles/gateway/meta/main.yml b/roles/gateway/meta/main.yml
new file mode 100644
index 0000000..313fd69
--- /dev/null
+++ b/roles/gateway/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: secrets
diff --git a/roles/gateway/tasks/main.yml b/roles/gateway/tasks/main.yml
new file mode 100644
index 0000000..6b85133
--- /dev/null
+++ b/roles/gateway/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: Include secrets
+  include_vars: "{{ secrets_path | mandatory }}/gateway.yml"
+  no_log: true
+  tags:
+    - vars
+
+# Install and update system packages
+- include: packages.yml
+  tags:
+    - packages
+
+# Manage OpenVPN users list using secrets repo
+- include: users.yml
+  tags:
+    - users
-- 
2.39.5