Ansible role that installs an openvpn server
- Install and setup OpenVPN server
- Setup authentication
Previous versions of the role supported generating certificates and keys for the OpenVPN server to use. Since version 3.0.0, such support has been removed and the users of the role are expected to use some other way of generating certificates/keys (eg using another Ansible role). See the example playbook for an example.
An EasyRSA role that was created specifically to compliment this role can be found here.
- Ubuntu 14.04
- Ubuntu 16.04
- Ubuntu 18.04
- Debian 8
- Debian 9
- Centos 7
See defaults/main.yml for a full list of variables together with documentation on how to use them to configure this role.
The role comes bundled with a meta/monitors.yml template that can be used by Heartbeat to check if the OpenVPN server is up and running. The template can be configured via variables (they should be self-explanatory). To use it, you can use some Ansible tasks to upload it to your Heartbeat instance. For example:
- name: Add earth-kibana host
add_host:
name: heartbeat_instance
hostname: "{{ heartbeat.hostname }}"
ansible_host: "{{ heartbeat.ansible_host }}"
ansible_password: "{{ heartbeat.ansible_password }}"
ansible_user: "{{ heartbeat.ansible_user }}"
- name: Upload role monitors
template:
src: "{{ item.1 + '/' + item.0 }}/meta/monitors.yml"
dest: "/etc/heartbeat/monitors.d/{{ inventory_hostname }}.{{ item.0.split('.')[-1] }}.yml"
when: (item.1 + '/' + item.0 + '/meta/monitors.yml') is file
loop: "{{ roles | product(lookup('config', 'DEFAULT_ROLES_PATH')) | list }}"
delegate_to: heartbeat_instanceThe role also includes a filebeat input file that can be uploaded to a filebeat
server. The input reads the OpenVPN log and reads the lines that correspond to
successful connections. The role includes an Elasticsearch ingest pipeline that
can be imported to Elasticsearch to parse and break the log lines into fields.
The files can be found under the meta/ folder.
See molecule/default/converge.yml for a working example of how to use this role.
Licensed under the MIT License. See the LICENSE file for details.
...are welcome!