search

robertdebock / ansible-role-openvpn

Install and configure openvpn server or client on your system.
https://robertdebock.nl/
Apache License 2.0
46 stars 16 forks source link

new certificates, client config files #3

Closed grzs closed 4 years ago

grzs commented 4 years ago

name: Pull request by grzs about: certificates, client config files

Describe the change The role now uses the new features of ca role. The certificates are signed by the CA, and build the proper extensions. I added a new feature: if a local path set, the role fetches the client config file, key and certificate in a tarball.

Testing Tested on a DigitalOcean droplet with the following playbook:

---
- name: install openvpn server
  hosts: vpn
  become: yes
  gather_facts: yes
  vars:
    - ca_openssl_path: "/etc/ssl/myCA"

  roles:
    - role: robertdebock.openvpn
      vars:
        openvpn_server: yes
        openvpn_client_server: "{{ ansible_host }}"
        openvpn_fetch_client_config_to: ~/tmp
        openvpn_clients:
          - name: vpn-client
robertdebock commented 4 years ago

On step further, CI fails:

    TASK [ansible-role-openvpn : copy server key to config directory] **************
fatal: [openvpn-ubuntu-latestpy38-ansible-previous]: FAILED! => 
  msg: |-
    The task includes an option with an undefined variable. The error was: 'ca_openssl_path' is undefined
    The error appears to be in '/github/workspace/robertdebock/ansible-role-openvpn/tasks/main.yml': line 55, column 7, but may
    be elsewhere in the file depending on the exact syntax problem.
    The offending line appears to be:
    - block:
        - name: copy server key to config directory
          ^ here

So, the ca_openssl_path is not set. I guess that logic is removed.

Do you know how to fix this? (I'm on holiday with limited amount of bandwidth/time...)

Regards,

Robert de Bock.

grzs commented 4 years ago

Hi Robert,

no problem, I changed many things since then. Have a good rest and take a look to the PR-s when you arrived to the busy life :)

Now it's working for me so it's not urgent to me.

If you want I write you briefly what I've done.

All the best, Janos

Robert de Bock notifications@github.com ezt írta (időpont: 2020. júl. 27., H, 21:10):

On step further, CI fails:

TASK [ansible-role-openvpn : copy server key to config directory] **************

fatal: [openvpn-ubuntu-latestpy38-ansible-previous]: FAILED! => msg: |- The task includes an option with an undefined variable. The error was: 'ca_openssl_path' is undefined The error appears to be in '/github/workspace/robertdebock/ansible-role-openvpn/tasks/main.yml': line 55, column 7, but may be elsewhere in the file depending on the exact syntax problem. The offending line appears to be:

  • block:
    • name: copy server key to config directory ^ here

So, the ca_openssl_path is not set. I guess that logic is removed.

Do you know how to fix this? (I'm on holiday with limited amount of bandwidth/time...)

Regards,

Robert de Bock.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/robertdebock/ansible-role-openvpn/pull/3#issuecomment-664584270, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGHM235CL4PHQP66BWKVOFTR5XGJHANCNFSM4PIZEQCQ .

robertdebock commented 4 years ago

CI is failing.

These tests run automatically on pushes and pull requests.

Can you see if you can fix this yourself? I think a variable is used that's not set.

grzs commented 4 years ago

Hi,

I checked the error, and I replaced that logic already. The openvpn role includes the ca role, and I used this variable from ca role. It would be the best to forget this pull request and make a try with the new version. I introduced a new var containing the publication directory for openvpn. So it doesn'1 use any of the ca variables anymore.

Robert de Bock notifications@github.com ezt írta (időpont: 2020. júl. 30., Cs, 7:35):

CI is failing https://github.com/robertdebock/ansible-role-openvpn/pull/3/checks?check_run_id=914850307#step:6:455 .

These tests run automatically on pushes and pull requests.

Can you see if you can fix this yourself? I think a variable is used that's not set.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/robertdebock/ansible-role-openvpn/pull/3#issuecomment-666127885, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGHM23YRDNFGD6CREGRP4L3R6EBBRANCNFSM4PIZEQCQ .

grzs commented 4 years ago

ok, I see! My openvpn role is not compatible with the original ca role. We should fix that one first.

János Gerzson gerzsonj@gmail.com ezt írta (időpont: 2020. júl. 30., Cs, 20:48):

Hi,

I checked the error, and I replaced that logic already. The openvpn role includes the ca role, and I used this variable from ca role. It would be the best to forget this pull request and make a try with the new version. I introduced a new var containing the publication directory for openvpn. So it doesn'1 use any of the ca variables anymore.

Robert de Bock notifications@github.com ezt írta (időpont: 2020. júl. 30., Cs, 7:35):

CI is failing https://github.com/robertdebock/ansible-role-openvpn/pull/3/checks?check_run_id=914850307#step:6:455 .

These tests run automatically on pushes and pull requests.

Can you see if you can fix this yourself? I think a variable is used that's not set.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/robertdebock/ansible-role-openvpn/pull/3#issuecomment-666127885, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGHM23YRDNFGD6CREGRP4L3R6EBBRANCNFSM4PIZEQCQ .