[sysadmin-notify] [ansible] Update openvpn base
commit 2ae1e57ea482833f9a4e2995e5dcbb2bcf02e3b2
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Mon Feb 5 22:11:21 2018 +0100
Update openvpn base
roles/openvpn/base/tasks/main.yml | 51 +++++++++++++++++++++++++++++++------
1 files changed, 43 insertions(+), 8 deletions(-)
---
diff --git a/roles/openvpn/base/tasks/main.yml b/roles/openvpn/base/tasks/main.yml
index a6207a2..3037fb4 100644
--- a/roles/openvpn/base/tasks/main.yml
+++ b/roles/openvpn/base/tasks/main.yml
@@ -2,30 +2,65 @@
# OpenVpn basic configuration
- name: Install needed package
- yum: pkg={{ item }} state=present
+ package: name={{ item }} state=present
with_items:
- openvpn
tags:
+ - openvpn
- packages
- when: ansible_distribution_major_version|int < 22
+ when: ansible_distribution_major_version|int < 8
- name: Install needed package (dnf)
dnf: pkg={{ item }} state=present
with_items:
- openvpn
tags:
+ - openvpn
- packages
- when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not
defined
+ when: ansible_distribution_major_version|int > 7 and ansible_cmdline.ostree is not
defined
-- name: Install certificate and key
+- name: Install certificate and key (rhel6 and fedora24 and older)
copy: src={{ private }}/files/vpn/openvpn/keys/ca.crt
dest=/etc/openvpn/ca.crt
owner=root group=root mode=0600
tags:
- install
- openvpn
- notify:
- - restart openvpn (Fedora)
- - restart openvpn (RHEL7)
- - restart openvpn (RHEL6)
+ #notify:
+ #- restart openvpn (Fedora)
+ #- restart openvpn (RHEL7)
+ #- restart openvpn (RHEL6)
+ when: ansible_distribution_major_version|int < 25
+
+- name: Install certificate and key (rhel7 or fedora) for client
+ copy: src={{ private }}/files/vpn/openvpn/keys/ca.crt
+ dest=/etc/openvpn/client/ca.crt
+ owner=root group=root mode=0600
+ tags:
+ - install
+ - openvpn
+ #notify:
+ #- restart openvpn (Fedora)
+ #- restart openvpn (RHEL7)
+ #- restart openvpn (RHEL6)
+ when: ( ansible_distribution_major_version|int != 6 and
ansible_distribution_major_version|int != 24 ) and ansible_cmdline.ostree is not defined
+- name: Install certificate and key (rhel7 or fedora) for server
+ copy: src={{ private }}/files/vpn/openvpn/keys/ca.crt
+ dest=/etc/openvpn/server/ca.crt
+ owner=root group=root mode=0600
+ tags:
+ - install
+ - openvpn
+ #notify:
+ #- restart openvpn (Fedora)
+ #- restart openvpn (RHEL7)
+ #- restart openvpn (RHEL6)
+ when: inventory_hostname.startswith('bastion0')
+
+- name: install fix-routes.sh script
+ copy: src=fix-routes.sh
+ dest=/etc/openvpn/fix-routes.sh
+ owner=root group=root mode=0755
+ tags:
+ - openvpn