users.yml 1.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172
  1. ---
  2. - hosts: localhost
  3. gather_facts: False
  4. tags: always
  5. vars_files:
  6. - config.cfg
  7. tasks:
  8. - block:
  9. - name: Add the server to the vpn-host group
  10. add_host:
  11. hostname: "{{ server_ip }}"
  12. groupname: vpn-host
  13. ansible_ssh_user: "{{ server_user }}"
  14. ansible_python_interpreter: "/usr/bin/python2.7"
  15. ssh_tunneling_enabled: "{{ ssh_tunneling_enabled }}"
  16. easyrsa_CA_password: "{{ easyrsa_CA_password }}"
  17. IP_subject: "{{ IP_subject_alt_name }}"
  18. ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
  19. - name: Wait until SSH becomes ready...
  20. local_action:
  21. module: wait_for
  22. port: 22
  23. host: "{{ server_ip }}"
  24. search_regex: "OpenSSH"
  25. delay: 10
  26. timeout: 320
  27. state: present
  28. become: false
  29. rescue:
  30. - debug: var=fail_hint
  31. tags: always
  32. - fail:
  33. tags: always
  34. - name: User management
  35. hosts: vpn-host
  36. gather_facts: true
  37. become: true
  38. vars_files:
  39. - config.cfg
  40. pre_tasks:
  41. - block:
  42. - name: Common pre-tasks
  43. include: playbooks/common.yml
  44. tags: always
  45. rescue:
  46. - debug: var=fail_hint
  47. tags: always
  48. - fail:
  49. tags: always
  50. roles:
  51. - { role: ssh_tunneling, tags: always, when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y" }
  52. - { role: vpn }
  53. post_tasks:
  54. - block:
  55. - debug:
  56. msg:
  57. - "{{ congrats.common.split('\n') }}"
  58. - " {% if p12.changed %}{{ congrats.p12_pass }}{% endif %}"
  59. tags: always
  60. rescue:
  61. - debug: var=fail_hint
  62. tags: always
  63. - fail:
  64. tags: always