This is a set of ansible playbooks and roles to set up and maintain a set of EduVPN/letsconnect hosts. This is meant to be run from a bastion-host and will connect remotely to your VPN nodes to deploy and configure them.
(NOTE: Don't install this on your target hosts. Ansible is agentless.)
- ansible
- python-yaml (might be included with ansible, not sure)
- Up to date target hosts (make sure to apt update/upgrade)
- DNS entries for target hosts (if you want Let's Encrypt to work)
See wiki. I plan to document some stuff there.
- put your hosts in
inventory/hosts - make sure you can connect to them without a password through ssh (by using
ssh-keysand anssh-agent, preferably) - make sure you can
sudoon the host. You could do passwordlesssudo, but you can let ansible ask for asudopassword (RTFM for that). Thesudopassword needs to be the same on all the hosts. If you use a dedicated user for ansible, specify it in the inventory (again, RTFM) - make sure Python works on the target host. It can be either version 2 or 3, but you should be getting rid of Python 2 (it's EOL)
- make sure your target hosts are up to date when you deploy with this.
- Generating a self-signed cert is default. Make sure you don't enable both letsencrypt and customcert in system vars or host vars at the same time. The playbook will refuse to work.
- When you use letsencrypt:
- Is the host FQDN known in DNS?
- Are the http ports firewalled (80/443)? (they shouldn't be)