summaryrefslogtreecommitdiffstats
path: root/roles/openvpn/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openvpn/tasks/main.yml')
-rw-r--r--roles/openvpn/tasks/main.yml62
1 files changed, 62 insertions, 0 deletions
diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml
new file mode 100644
index 0000000..df49976
--- /dev/null
+++ b/roles/openvpn/tasks/main.yml
@@ -0,0 +1,62 @@
+---
+- name: Ensure OpenVPN and OpenSSL are installed
+ yum: name={{item}} state=present
+ with_items:
+ - openvpn
+ - openssl
+
+- name: copy openvpn logrotate config file
+ copy: src="openvpn_logrotate.conf" dest="/etc/logrotate.d/openvpn.conf" owner="root" group="root" mode="0400"
+
+- name: Copy CA certificate and the keys
+ copy: src="{{ item }}" dest="{{openvpn_keydir}}/" owner="root" group="root" mode="0400"
+ with_fileglob:
+ - ca/ca.crt
+ - keys/*
+
+- name: Check if OpenSSL certificate is already generated
+ stat: path="{{ openvpn_keydir }}/node.crt"
+ register: result
+
+- name: setup openvpn keys
+ include: keys.yml
+ when: result.stat.exists == False
+
+- name: Ensure CA key is removed
+ file: path="{{openvpn_keydir}}/ca.key" state=absent
+
+- name: setup openvpn configuration
+ include: config.yml
+
+- name: Ensure OpenVPN service is enabled
+ service: name="{{openvpn_service}}" enabled=yes
+
+- name: Check if we already reconfigured SystemD Unit
+ stat: path={{ item }}
+ register: result
+ vars:
+ item: "/etc/systemd/system/{{openvpn_service}}"
+
+- name: Copy SystemD Unit
+ copy: src="/usr/lib/systemd/system/openvpn@.service" dest="{{ item }}" remote_src=true
+ vars:
+ item: "/etc/systemd/system/{{openvpn_service}}"
+ when: result.stat.exists == False
+
+- name: Re-configure systemd to start OpenVPN after origin-node
+ lineinfile: dest="/etc/systemd/system/{{openvpn_service}}" regexp="^After=" line="After=network.target origin-node.service" state=present
+ notify: daemon-reload
+
+- name: Ensure OpenVPN service is running
+ service: name="{{openvpn_service}}" state=started
+
+- name: Ensure firewalld is running
+ service: name=firewalld state=started enabled=yes
+ when: openvpn_servers in group_names
+
+- name: Configure firewalld
+ firewalld: port="{{openvpn_port}}/tcp" state="enabled" permanent="true" immediate="true"
+ notify:
+ - firewalld
+ when: openvpn_servers in group_names
+