X-Git-Url: http://git.squeep.com/?p=awsible;a=blobdiff_plain;f=BOOTSTRAP.txt;fp=BOOTSTRAP.txt;h=f9418e5005084e77088ca4100c9793d06452ad6c;hp=025c4d3b4a8014e8ed311309eba27ffcfbc6679c;hb=37253e1b3651d2e3f1c714c55fb05894abacf398;hpb=588872ef49cb75a5ffa775e738ae3c61f9d7bad0

diff --git a/BOOTSTRAP.txt b/BOOTSTRAP.txt
index 025c4d3..f9418e5 100644
--- a/BOOTSTRAP.txt
+++ b/BOOTSTRAP.txt
@@ -1,6 +1,36 @@
 Starting up a new AWSible environment
 -------------------------------------
 
+* initialize CA for environment
+
+	env="myAwsibleEnvironment"
+	region="us-east-1"
+
+	curl -fOL https://github.com/OpenVPN/easy-rsa/releases/download/3.0.1/EasyRSA-3.0.1.tgz
+	mkdir "${env}_ca"
+	tar -C "${env}_ca" --strip-components 1 -x -f EasyRSA-3.0.1.tgz
+
+	pushd "${env}_ca"
+		# create CA cert
+		./easyrsa init-pki
+		./easyrsa build-ca
+			cn: ${env}
+
+		# create openVPN region server cert
+		./easyrsa build-server-full ${region}.${env} nopass
+	
+		# create CRL
+		./easyrsa gen-crl
+
+		pushd "pki"
+			openvpn --genkey --secret ta.key
+		popd
+	popd
+
+* generate ansible variables for VPN
+
+	./generate-ansible-vpcaccess-vars.sh ${env} ${region}
+
 * create ssh keypair as keys/management{,.pub}
 
 * configure group_vars/all with:
@@ -21,6 +51,12 @@ Starting up a new AWSible environment
 
 * change pub-subnets to auto-assign external IPs
 
+* bootstrap vpcaccess from external system
+	ansible-playbook init_vpcaccess.yml
+	aws --region ${region} iam create-policy --policy-name vpcaccess-policy --description vpcaccess --policy-document file://../roles/vpcaccess-infrastructure/files/vpcaccess-policy.json
+	# attach policy to role
+	INVENTORY_PUBLIC=1 ansible-playbook vpcaccess-d0stage
+
 * configure group_vars/all with chosen MANAGEMENT_SUBNET
 
 * ansible-playbook init_management.yml
@@ -37,5 +73,5 @@ Starting up a new AWSible environment
     * install AWSible repo in /data/management/
 
 * bootstrap management server from external system
-    * INVENTORY_PUBLIC=1 ansible-playbook management.yml
+    ansible-playbook management.yml