This change set builds collectd from source and configures it in one of
the following ways:
- If Librato credentials are present, collectd will be configured to
send data points to Librato using the collectd-librato plugin.
- If no Librato credentials are present, collectd will be configured to
write RRD files locally (/opt/collectd/var/lib/collectd/rrd by default).
* OpenVPN setup is now fully automated. No configuration changes
are necessary (though the defaults can easily be modified) and
all manual command line steps have been eliminated.
* Removed the dependency on easy-rsa in favor of pure OpenSSL and
OpenVPN commands that are executed by Ansible
* Improved the security of the OpenVPN configuration
* Increased the default key size to 2048
* RSA keys are only readable by root
* The cipher and authentication digest are now configurable. If
your client supports it, you can use AES-256-CBC and SHA256
instead of BF-CBC (Blowfish) and SHA1 which are the defaults.
Or you can be a really cool, paranoid, crypto hipster and
use CAMELLIA-256-CBC and SHA512 with an RSA key size of 4096.
* Enabled "HMAC firewall" functionality using the tls-auth option
and automated the generation of the 'ta' key that it depends on
* The OpenVPN daemon becomes an unprivileged user after it starts
* Automated the retrieval of the files that clients will need in
order to connect to OpenVPN
* A pause prompt outputs basic configuration information after the
role has finished running
* Variables are referenced using the new Ansible variable format
(e.g. {{ var }} instead of $var)
* Added a flush_handlers command to the role that ensures OpenVPN
will restart prior to dnsmasq (fixes issue #63)
* Fixed two bugs that were preventing packet forwarding for IPv4
from being enabled correctly