Create OpenVPN users from the list with GitHub Actions
To streamline and simplify the process of creating a larger number of users requiring access, you can utilize a GitHub Action. One prerequisite for its usage is that during the deployment of the CloudFormation template, you have provided a verified email address for SES.
Here’s a step-by-step guide:
- Create a new private repository and add secrets for actions to establish a connection with AWS.
- Create an action to synchronize the user list with OpenVPN.
- Generate a new user list in the email address format, with each user listed on a separate line. Save the file as: ./users/vpn_user_list
1 2 3
mail1@example.com mail2@example.com mail3@example.com
- Once the changes are pushed to GitHub, your OpenVPN will create new users and send them an email containing the configuration file. Please note that the configuration file will expire within 24 hours of receiving the email.
By following these steps, you can efficiently generate OpenVPN users and automate the process using GitHub Actions.
- GitHub Action for creating OpenVPN users from the list
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: Manage OpenVPN users
env:
AWS_REGION: 'us-west-1'
PROJECT: '<cloudformation project name>'
on:
push:
branches: [main]
paths: ['users/*']
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: $
aws-secret-access-key: $
aws-region: $
- name: Manage users
run: |
ID="Key=InstanceIds,Values=$(aws ssm get-parameter --name $.Ec2-Id --query "Parameter.Value" --output text)"
S3="$(aws ssm get-parameter --name $.S3-Id --query "Parameter.Value" --output text)"
# Push new list to S3 bucket
aws s3 sync ./users s3://$S3/users.txt
# Update old user lists
aws ssm send-command \
--comment "Update old user lists" \
--targets $ID \
--document-name "AWS-RunShellScript" \
--parameters 'commands=["mv /root/list_of_all_users.txt /root/list_of_vpn_users.txt"]' \
--output table
# Get new user list from S3 bucket
aws ssm send-command \
--comment "Get new user list" \
--targets $ID \
--document-name "AWS-RunShellScript" \
--parameters 'commands=["aws s3api get-object --bucket $S3 --key /vpn_user_list /root/list_of_all_users.txt"]' \
--output table
# Update users fom the new list
aws ssm send-command \
--comment "Update users" \
--targets $ID \
--document-name "AWS-RunShellScript" \
--parameters 'commands=["cd /root/ && ./users.sh"]' \
--output table
This post is licensed under CC BY 4.0 by the author.
Comments powered by Disqus.