vpn automation

vpn.yml

---
- name: Generate PSK for vpn config
  local_action: shell od -vAn -N4 -tx < /dev/urandom
  register: psk
  tags:
    - newvpn

- debug: var=psk.stdout_lines[0]
  tags:
    - newvpn

- name: Create a temporary directory for all deploy scripting
  command: mktemp -d
  register: tempdir_cmd
  tags:
    - newvpn

- name: Put VPN config on S3 somewhere temporary
  template:
    src: "vpn_config.json.j2"
    dest: "{{ tempdir_cmd.stdout }}/{{ vpn_s3_object_key }}"
  tags:
    - newvpn

- name: Put VPN config on S3 somewhere 
  s3:
    bucket: "{{ vpn_s3_bucket }}"
    src: "{{ tempdir_cmd.stdout }}/{{ vpn_s3_object_key }}"
    object: "{{ vpn_s3_object_key }}"
    mode: put
  register: vpn_config_file
  tags:
    - newvpn

- name: Print s3 file info
  debug: var=vpn_config_file
  tags:
    - newvpn

- name: Kick up a new VPN host
  local_action:
    module: ec2
    image: "{{ ec2_vpn_image }}"
    instance_type: "{{ ec2_vpn_instance_type }}"
    keypair: "{{ ec2_keypair_name }}"
    count: 1
    instance_tags: "{{ ec2_tags }}"
    region: "{{ ec2_vpn_region }}"
    group_id: "{{ vpn_sg.group_id }}"
    assign_public_ip: true
    user_data: "#!/bin/bash\n
                sudo /opt/bin/config.py s3://{{ vpn_s3_bucket }}/{{ vpn_s3_object_key }}"
    vpc_subnet_id: "{{ ec2_vpn_subnet_id }}"
    instance_profile_name: "{{ ec2_vpn_instance_profile_name }}"
    wait: true
  register: vpn_new_node
  tags:
    - newvpn

- name: Print VPN host info
  debug: var=vpn_new_node
  tags:
    - newvpn

vpn_config.json.j2

{
 "psk": "{{ psk.stdout_lines[0] | replace(' ', '') }}",
 "dns_primary": "{{ vpn_dns_primary }}",
 "dns_secondary": "{{ vpn_dns_secondary }}",
 "local_cidr": "{{ vpn_subnet_cidr }}",
 "foxpass_api_key": "{{ foxpass_api_key }}"
}