Starting up a new AWSible environment
-------------------------------------
+* initialize CA for environment
+
+ env="myAwsibleEnvironment"
+ region="us-east-1"
+
+ curl -fOL https://github.com/OpenVPN/easy-rsa/releases/download/3.0.1/EasyRSA-3.0.1.tgz
+ mkdir "${env}_ca"
+ tar -C "${env}_ca" --strip-components 1 -x -f EasyRSA-3.0.1.tgz
+
+ pushd "${env}_ca"
+ # create CA cert
+ ./easyrsa init-pki
+ ./easyrsa build-ca
+ cn: ${env}
+
+ # create openVPN region server cert
+ ./easyrsa build-server-full ${region}.${env} nopass
+
+ # create CRL
+ ./easyrsa gen-crl
+
+ pushd "pki"
+ openvpn --genkey --secret ta.key
+ popd
+ popd
+
+* generate ansible variables for VPN
+
+ ./generate-ansible-vpcaccess-vars.sh ${env} ${region}
+
* create ssh keypair as keys/management{,.pub}
* configure group_vars/all with:
* change pub-subnets to auto-assign external IPs
+* bootstrap vpcaccess from external system
+ ansible-playbook init_vpcaccess.yml
+ aws --region ${region} iam create-policy --policy-name vpcaccess-policy --description vpcaccess --policy-document file://../roles/vpcaccess-infrastructure/files/vpcaccess-policy.json
+ # attach policy to role
+ INVENTORY_PUBLIC=1 ansible-playbook vpcaccess-d0stage
+
* configure group_vars/all with chosen MANAGEMENT_SUBNET
* ansible-playbook init_management.yml
* install AWSible repo in /data/management/
* bootstrap management server from external system
- * INVENTORY_PUBLIC=1 ansible-playbook management.yml
+ ansible-playbook management.yml