commit 922d503587b97b70c29b391c5a69cbbe685799ca
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Mon Feb 5 22:13:02 2018 +0100
Update openvpn role
roles/openvpn/client/tasks/main.yml | 77 +++++++++++++++++++++++++++++-----
roles/openvpn/server/tasks/main.yml | 27 ++++++++-----
2 files changed, 82 insertions(+), 22 deletions(-)
---
diff --git a/roles/openvpn/client/tasks/main.yml b/roles/openvpn/client/tasks/main.yml
index c582e59..ba2d215 100644
--- a/roles/openvpn/client/tasks/main.yml
+++ b/roles/openvpn/client/tasks/main.yml
@@ -2,13 +2,13 @@
# OpenVpn server
- name: Install needed packages
- yum: pkg={{ item }} state=present
+ package: name={{ item }} state=present
with_items:
- openvpn
tags:
- packages
- openvpn
- when: ansible_distribution_major_version|int < 22
+ when: ansible_distribution_major_version|int < 8
- name: Install needed packages
dnf: pkg={{ item }} state=present
@@ -17,9 +17,32 @@
tags:
- packages
- openvpn
- when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not
defined
+ when: ansible_distribution_major_version|int > 7 and ansible_cmdline.ostree is not
defined
-- name: Install configuration files
+- name: Install configuration files (rhel7 and fedora)
+ copy: src={{ item.file }}
+ dest={{ item.dest }}
+ owner=root group=root mode={{ item.mode }}
+ with_items:
+ - { file: client.conf,
+ dest: /etc/openvpn/client/openvpn.conf,
+ mode: '0644' }
+ - { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname
}}.crt",
+ dest: "/etc/openvpn/client/client.crt",
+ mode: '0600' }
+ - { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname
}}.key",
+ dest: "/etc/openvpn/client/client.key",
+ mode: '0600' }
+ tags:
+ - install
+ - openvpn
+# notify:
+# - restart openvpn (Fedora)
+# - restart openvpn (RHEL7)
+# - restart openvpn (RHEL6)
+ when: ( ansible_distribution_major_version|int != 6 and
ansible_distribution_major_version|int != 24) and ansible_cmdline.ostree is not defined
+
+- name: Install configuration files (rhel6)
copy: src={{ item.file }}
dest={{ item.dest }}
owner=root group=root mode={{ item.mode }}
@@ -36,29 +59,59 @@
tags:
- install
- openvpn
- notify:
- - restart openvpn (Fedora)
- - restart openvpn (RHEL7)
- - restart openvpn (RHEL6)
+# notify:
+# - restart openvpn (Fedora)
+# - restart openvpn (RHEL7)
+# - restart openvpn (RHEL6)
+ when: ( ansible_distribution_major_version|int == 6 or
ansible_distribution_major_version|int == 24) and ansible_cmdline.ostree is not defined
- name: enable openvpn service for rhel 6
- service: name=openvpn state=running enabled=true
+ service: name=openvpn state=started enabled=true
when: ansible_distribution_major_version|int == 6
tags:
- service
- openvpn
-- name: Make sure openvpn is running in rhel 7.1
- service: name=openvpn@openvpn state=running enabled=true
+- name: enable openvpn service for fedora 24
+ service: name=openvpn@openvpn state=started enabled=true
+ when: ansible_distribution_major_version|int == 24
+ tags:
+ - service
+ - openvpn
+
+- name: Make sure old openvpn is not running in rhel 7
+ service: name=openvpn@openvpn state=stopped enabled=false
+ when: ansible_distribution_major_version|int == 7
+ tags:
+ - service
+ - openvpn
+
+- name: Make sure openvpn is running in rhel 7
+ service: name=openvpn-client@openvpn state=started enabled=true
when: ansible_distribution_major_version|int == 7
tags:
- service
- openvpn
- name: enable openvpn service for Fedora
- service: name=openvpn@openvpn state=running enabled=true
+ service: name=openvpn-client@openvpn state=started enabled=true
when: is_fedora is defined
tags:
- service
- openvpn
+- name: Create directories for post-vpn service configs
+ file: path="/etc/systemd/system/{{item}}.service.d" state=directory
+ with_items: "{{postvpnservices}}"
+ when: is_fedora is defined or ansible_distribution_major_version|int == 7
+ tags:
+ - service
+ - openvpn
+
+- name: Deploy postvpn.conf for post-vpn services
+ copy: src=postvpn.conf
dest="/etc/systemd/system/{{item}}.service.d/postvpn.conf"
+ with_items: "{{postvpnservices}}"
+ when: is_fedora is defined or ansible_distribution_major_version|int == 7
+ tags:
+ - service
+ - openvpn
diff --git a/roles/openvpn/server/tasks/main.yml b/roles/openvpn/server/tasks/main.yml
index ddde7a8..dd760b1 100644
--- a/roles/openvpn/server/tasks/main.yml
+++ b/roles/openvpn/server/tasks/main.yml
@@ -2,16 +2,16 @@
# OpenVpn server
- name: Install needed packages
- yum: pkg={{ item }} state=present
+ package: name={{ item }} state=present
with_items:
- openvpn
tags:
- packages
- openvpn
-- name: Create the /etc/openvpn/ccd/ directory
+- name: Create the /etc/openvpn/server/ccd/ directory
file: >
- dest=/etc/openvpn/ccd/
+ dest=/etc/openvpn/server/ccd/
mode=0755
owner=root
group=root
@@ -25,31 +25,38 @@
owner=root group=root mode={{ item.mode }}
with_items:
- { file: server.conf,
- dest: /etc/openvpn/openvpn.conf,
+ dest: /etc/openvpn/server/openvpn.conf,
mode: '0644' }
- { file: "{{ private }}/files/vpn/openvpn/keys/crl.pem",
- dest: /etc/openvpn/crl.pem,
+ dest: /etc/openvpn/server/crl.pem,
mode: '0644' }
- { file: "{{ private }}/files/vpn/openvpn/keys/server.crt",
- dest: /etc/openvpn/server.crt,
+ dest: /etc/openvpn/server/server.crt,
mode: '0644' }
- { file: "{{ private }}/files/vpn/openvpn/keys/server.key",
- dest: /etc/openvpn/server.key,
+ dest: /etc/openvpn/server/server.key,
mode: '0600' }
- { file: "{{ private }}/files/vpn/openvpn/keys/dh2048.pem",
- dest: /etc/openvpn/dh2048.pem,
+ dest: /etc/openvpn/server/dh2048.pem,
mode: '0644' }
tags:
- install
- openvpn
- name: Install the ccd files
- copy: src=ccd/ dest=/etc/openvpn/ccd/
+ copy: src=ccd/ dest=/etc/openvpn/server/ccd/
tags:
- openvpn
+- name: disable old openvpn service for rhel 7 or Fedora
+ service: name=openvpn@openvpn state=stopped enabled=false
+ when: ( ansible_distribution_version[0] == 7 or is_fedora is defined ) and
openvpn_master is defined
+ tags:
+ - service
+ - openvpn
+
- name: enable openvpn service for rhel 7 or Fedora
- service: name=openvpn@openvpn state=running enabled=true
+ service: name=openvpn-server@openvpn state=started enabled=true
when: ( ansible_distribution_version[0] == 7 or is_fedora is defined ) and
openvpn_master is defined
tags:
- service