search

m4rcu5nl / ansible-role-zerotier

Ansible role to install Zerotier-One and join a Zerotier network
GNU General Public License v3.0
78 stars 50 forks source link

Make authentication delegation configurable #23

Closed G10h4ck closed 6 years ago

G10h4ck commented 6 years ago

Before this commit the authentication task was runned as a local_action so if the zerotier controller was on a different machine that the ansible controller, the zerotier controller API had to bind to 0.0.0.0 instead of 127.0.0.1 with the security implication this burden this imply (setup HTTPS, setup firewall and so on). With this commit this behaviour is now configurable with zerotier_api_delegate variable, by default that variable is set to localhost so it behave exactly as before this commit, but if set the action is run on the preferred machine, in my case the zerotier network controller is part of the same playbook so I set zerotier_api_delegate: zerotierNetworkControllerMachineName zerotier_api_url: http://127.0.0.1:9993/ So I can benefit from this ansible role without the burden of setting up global listening + HTTPS etc...

m4rcu5nl commented 6 years ago

That's a nice improvement. Thanks! Expect a new release soon.