Merge branch 'bhupender-singh' into 'master'

added restricted entries in tasks/firewall.yaml tasks, added variables...

See merge request oosm/osm_openvpn!20

Author: oo4abhishek

.circleci/config.yml

@@ -1,22 +1,22 @@
 ---
+version: 2.1
+jobs:
+  yaml_lint:
+    docker:
+      - image: opstree/docker:ansible-lint
+    steps:
+      - checkout
+      - run: yamllint ./*/*.yml
+  ansible_lint:
+    docker:
+      - image: opstree/docker:ansible-lint
+    steps:
+      - checkout
+      - run: ansible-lint .
+workflows:
   version: 2.1
-  jobs:
-    yaml_lint:
-      docker:
-        - image: opstree/docker:ansible-lint
-      steps:
-        - checkout
-        - run: yamllint ./*/*.yml
-    ansible_lint:
-      docker:
-        - image: opstree/docker:ansible-lint
-      steps:
-        - checkout
-        - run: ansible-lint .
-  workflows:
-    version: 2.1
-    lint_tests:
-      jobs:
-        - yaml_lint
-        - ansible_lint
+  lint_tests:
+    jobs:
+      - yaml_lint
+      - ansible_lint
 ...

.gitlab-ci.yml

@@ -9,7 +9,7 @@ yaml_lint:
   stage: yaml-lint
   image: opstree/docker:ansible-lint
   script:
-   - yamllint ./*/*.yml
+    - yamllint ./*/*.yml
   allow_failure: true
 
 ansible_lint:

.yamllint

@@ -1,3 +1,4 @@
+---
 extends: default
 
 rules:

Jenkinsfile.publisher

@@ -1,4 +1,4 @@
-@Library('opstree-library@github-promoter-v1.0')_
+@Library('opstree-library@feature')_
 
 node{
     githubpromoterworkflow.call(

README.md

@@ -113,6 +113,9 @@ Role Variables
 | openvpn_server_network | 10.8.0.0 | CIDR range given to vpn network | Optional |
 | base_directory | /etc/openvpn | Configuration path of openvpn server | Optional |
 | easy_rsa_url | url | URL to download Easy RSA | Optional |
+| block_all_connection | false | Block all communication for openvpn client | Optional |
+| port_list | [80,443] | Allow specific ports for openvpn client & only applicable if block_all_connection == true | Optional |
+
 
 Example Playbook
 ----------------

defaults/main.yml

@@ -16,4 +16,6 @@ apache_dir_ubuntu: "/etc/apache2/conf-available/openvpn-monitor.conf"
 apache_dir_centos: "/etc/httpd/conf.d/openvpn-monitor.conf"
 client_list: clientlist
 revoke_list: revokelist
+block_all_connection: false
+port_list: [80, 443]
 ...

meta/main.yaml

@@ -14,9 +14,9 @@ galaxy_info:
         - xenial
         - bionic
   galaxy_tags:
-        - vpn
-        - tunnel
-        - system
-        - networking
+    - vpn
+    - tunnel
+    - system
+    - networking
   dependencies: []
 ...

tasks/client_keys.yaml

@@ -21,21 +21,21 @@
     dest: /{{ base_directory }}
     owner: nobody
     group: nogroup
-    remote_src: yes
+    remote_src: true
 
 - name: Copying client keys to openvpn directory
   copy:
     src: "/{{ base_directory }}/easy-rsa/pki/private/{{ item }}.key"
     dest: /{{ base_directory }}
-    remote_src: yes
+    remote_src: true
   with_items: "{{ lookup('file', '{{ client_list }}').splitlines() | trim }}"
   ignore_errors: true
 
 - name: Copying client certificate to openvpn directory
   copy:
     src: "/{{ base_directory }}/easy-rsa/pki/issued/{{ item }}.crt"
     dest: /{{ base_directory }}
-    remote_src: yes
+    remote_src: true
   with_items: "{{ lookup('file', '{{ client_list }}').splitlines() }}"
   ignore_errors: true
 
@@ -58,7 +58,7 @@
   fetch:
     src: "/{{ base_directory }}/{{ item }}.ovpn"
     dest: /tmp/
-    flat: yes
+    flat: true
   with_items: "{{ lookup('file', '{{ client_list }}').splitlines() }}"
   ignore_errors: true
 ...

tasks/config.yaml

@@ -18,8 +18,8 @@
     line: "{{ item.line }}"
     state: present
   with_items:
-  - { regexp: 'port 1194', line: 'port {{ PORT }}' }
-  - { regexp: 'proto udp', line: 'proto {{ PROTOCOL }}' }
+    - { regexp: 'port 1194', line: 'port {{ PORT }}' }
+    - { regexp: 'proto udp', line: 'proto {{ PROTOCOL }}' }
 
 - name: Getting public IP for client.conf
   ipify_facts:
@@ -31,8 +31,8 @@
     line: "{{ item.line }}"
     state: present
   with_items:
-  - { regexp: 'proto udp', line: 'proto {{ PROTOCOL }}' }
-  - { regexp: 'remote my-server-1 1194', line: 'remote {{ ipify_public_ip }} {{ PORT }}' }
+    - { regexp: 'proto udp', line: 'proto {{ PROTOCOL }}' }
+    - { regexp: 'remote my-server-1 1194', line: 'remote {{ ipify_public_ip }} {{ PORT }}' }
   notify:
     - daemon_reload
     - starting_openvpn

tasks/easy-rsa.yaml

@@ -3,7 +3,7 @@
   get_url:
     url: "{{ easy_rsa_url }}"
     dest: /tmp/
-    validate_certs: False
+    validate_certs: false
 
 - name: Unarchiving easy-rsa
   unarchive: