13rac1
commented
7 years ago Open rgarrigue opened 7 years ago
13rac1
commented
7 years ago 
dave-burke
commented
6 years ago I ended up writing an ansible role for this, but I should say up front that it's almost certainly easier to do what @kylemanna suggests in #77 and #181 and either use nopass or just generate the PKI files up front and automating the process of copying them into the data volume (or mounting them in the container).
You can take a look at my ansible config here. If ansible isn't an option for you, then you could probably still reverse engineer it down to shell scripts. Something like this:
if docker run ... ls /etc/openvpn/openvpn.conf
docker run ... ovpn_genconfig
if docker run ... ls /etc/openvpn/pki
docker run ... ovpn_initpki
docker run ... (default entrypoint)
if docker run ... ovpn_listclients | grep -q my_client_name
docker run ... easyrsa build-client-full my_client_name nopass
docker run ... ovpn_getclient my_client_name > $HOME/my_client_name.ovpnThe hardest part is, obviously, dealing with the prompts from ovpn_initpki. Those prompts are:
Enter PEM pass phrase
Verifying - Enter PEM pass phrase
Common Name (eg: your user, host, or server name) [Easy-RSA CA]
Enter pass phrase for /etc/openvpn/pki/private/ca.keySo it's really just the pass phrase and the Common Name. My playbook uses the ansible expect module, which in turn uses the pexpect python module. There is also a terminal program named expect and you can see how to use it here.
rgarrigue
commented
6 years ago @dave-burke Thanks a lot for this piece of ansible, that'll do perfectly for me I think
Hello
I'm giving a shot at this docker, nice so far. I'm wondering, is there a inbuilt way to automate the whole setup ? I mean, provide the prompt answers as env, or fill a config file, or some parameters so I can just run config, initpki etc scripts silently ?
Best regards,