During recent updates the get_droplet_ip function is grabbing the private IP instead of the public IP. This is due to the for loop updating the variable with the last result.

Temporarily fixed with a break in the loop : 1792720

The DigitalOcean dynamic inventory script requires an environment variable to authorize, although currently the environment variable is not required as it can be passed in during the deploy. We need to set the environment variable if one is not provided already.

We are still missing a few things from the old PREP script that was utilized to configure the server (outside the setup of OpenVPN) in the Ansible Playbook configuration. Need to review both and ensure everything that is needed is properly implemented.

PREP Script - https://raw.githubusercontent.com/LopezNathan/vpn-deployer/master/openvpn-install-prep.sh
Ansible Playbook - https://raw.githubusercontent.com/LopezNathan/vpn-deployer/development/openvpn-install.yml

Default image and available distro list is outdated, requiring to specify an image during the deploy.

digitalocean.DataReadError: You specified an invalid image for Droplet creation.

Also, incorrect spelling avaialble_distros in main.py.

Turn the ip argument into an optional argument. We can pull this through the OS itself.

After downloading the python package via PIP the dynamic inventory script is no longer executable. To correct this, the script has to be re-downloaded and made executable.

Due to this, we most likely need to download the script after the download of the package, prior to the deploy occurring.

 [WARNING]:  * Failed to parse /Users/username/.local/share/virtualenvs/tes
ting-1ZikHb_g/lib/python3.7/site-
packages/vpndeployer/playbooks/inventory/digital_ocean.py with script plugin:
Inventory script (/Users/username/.local/share/virtualenvs/testing-1ZikHb_g
/lib/python3.7/site-packages/vpndeployer/playbooks/inventory/digital_ocean.py)
had an execution error: env: python\r: No such file or directory

 [WARNING]:  * Failed to parse /Users/username/.local/share/virtualenvs/tes
ting-1ZikHb_g/lib/python3.7/site-
packages/vpndeployer/playbooks/inventory/digital_ocean.py with ini plugin: /Use
rs/username/.local/share/virtualenvs/testing-1ZikHb_g/lib/python3.7/site-
packages/vpndeployer/playbooks/inventory/digital_ocean.py:3: Error parsing host
definition '"""': No closing quotation

 [WARNING]: Unable to parse /Users/username/.local/share/virtualenvs/testin
g-1ZikHb_g/lib/python3.7/site-
packages/vpndeployer/playbooks/inventory/digital_ocean.py as an inventory
source

The DO Droplet names were recently changed to include a timestamp and these names are extremely sketchy when it comes to mail. Appears Google is blocking the emails completely due to this. Find alternative? Is the email feature even needed?

From: Mail Delivery Subsystem <[email protected]>

... while talking to aspmx.l.google.com.:
>>> DATA
<<< 550-5.7.1 [134.209.219.59      11] Our system has detected that this message is
<<< 550-5.7.1 not RFC 5322 compliant:
<<< 550-5.7.1 'From' header has non compliant domain name.
<<< 550-5.7.1 To reduce the amount of spam sent to Gmail, this message has been
<<< 550-5.7.1 blocked. Please visit
<<< 550-5.7.1  https://support.google.com/mail/?p=RfcMessageNonCompliant
<<< 550 5.7.1 and review RFC 5322 specifications for more information. q28si204383qtj.379 - gsmtp
554 5.0.0 Service unavailable

The initial SSH connection to the droplet is failing when attempting to execute the playbook remotely :

fatal: [droplet1]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ssh: connect to host IP port 22: Connection timed out",
    "unreachable": true
}

Although, if you utilize the same connection string used by Ansible and connect manually, it works and after you can successfully re-run the playbook with no issues.

I believe this is related to Ansible unable to add to the list of known hosts?

• The deploy process currently takes about 8 minutes from start to finish, mainly due to the slowness of yum -y update && yum -y upgrade.

  • Possibly utilize yum-plugin-security and only install security packages?

• Install Basic firewalld

Run duo2unix across all files in the repository and remove any DOS ^M references.

If you have multiple SSH keys attached to your DigitalOcean account with the "VPN-Deployer" name, it does not select the latest key and this causes the SSH connection to fail.

I'd like to switch to Terraform to build the infrastructure, allowing easy support for additional providers.

• Add a check into vpn-deploy.py to monitor http://DROPLET_IP/client.ovpn and output when it's available for download. This avoids the need for the email (make optional).
  • Time the deploy process and determine how often to cURL http://DROPLET_IP/client.ovpn
• Spinning wheel animation while the deploy is in-progress.

After switching to Ansible, IPTables with IPv6 is failing.

TASK [iptables] ****************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "cmd": "/usr/sbin/iptables -t filter -A INPUT -p tcp -s 123:123:123:123:123:123:123:123-j ACCEPT --destination-port 80", "msg": "iptables v1.4.21: host/network `123:123:123:123:123:123:123:123' not found\nTry `iptables -h' or 'iptables --help' for more information.", "rc": 2, "stderr": "iptables v1.4.21: host/network `123:123:123:123:123:123:123:123' not found\nTry `iptables -h' or 'iptables --help' for more information.\n", "stderr_lines": ["iptables v1.4.21: host/network `123:123:123:123:123:123:123:123' not found", "Try `iptables -h' or 'iptables --help' for more information."], "stdout": "", "stdout_lines": []}
        to retry, use: --limit @/root/openvpn-install.retry