add_external_hardware_to_vpn howto

add_external_hardware_to_vpn.md

@@ -0,0 +1,30 @@
+# Add external servers to vpn
+
+- In the Fedora Infra Ansible repo edit the file roles/batcave/files/allows.
+Under the correct section add **require ip** ***<server_ip>***
+
+- When this change is pushed run the batcave ansible playbook on the batcave.
+
+- Create openvpn and 2fa certificates for the new server.
+This requires sysadmin main access
+
+>  https://pagure.io/fedora-infra/howtos/blob/master/f/generate_2fa_keys.md
+>  https://pagure.io/fedora-infra/howtos/blob/master/f/generate_openvpn_keys.md
+
+- In the dns repo on batcave edit the file master/168.192.in-addr.arpa
+Add the new host to one of the unused adresses. 
+Don't forget to update teh serial before saving.
+
+- Also edit the master/vpn.fedoraproject.org file to add the server with
+the new 192.168.*.* address created in the previous step to the required section
+Don't forget to update teh serial before saving.
+
+- When the above edits are done follow the instructions in the DNS sysadmin sop 
+about signing and pushing new dns chnages.
+> https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/dns.html#editing-the-domain-s
+
+- Finally in the Fedora Infra Ansible repo add a new file 
+roles/openvpn/server/files/ccd/*<server_name>* with the new 192.168.*.* address.
+View one of the existing files in the repo for a sample of formatting.
+This change will be run when the server is provisioned.
+