diff options
Diffstat (limited to 'roles/openvpn/tasks/main.yml')
-rw-r--r-- | roles/openvpn/tasks/main.yml | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml new file mode 100644 index 0000000..df49976 --- /dev/null +++ b/roles/openvpn/tasks/main.yml @@ -0,0 +1,62 @@ +--- +- name: Ensure OpenVPN and OpenSSL are installed + yum: name={{item}} state=present + with_items: + - openvpn + - openssl + +- name: copy openvpn logrotate config file + copy: src="openvpn_logrotate.conf" dest="/etc/logrotate.d/openvpn.conf" owner="root" group="root" mode="0400" + +- name: Copy CA certificate and the keys + copy: src="{{ item }}" dest="{{openvpn_keydir}}/" owner="root" group="root" mode="0400" + with_fileglob: + - ca/ca.crt + - keys/* + +- name: Check if OpenSSL certificate is already generated + stat: path="{{ openvpn_keydir }}/node.crt" + register: result + +- name: setup openvpn keys + include: keys.yml + when: result.stat.exists == False + +- name: Ensure CA key is removed + file: path="{{openvpn_keydir}}/ca.key" state=absent + +- name: setup openvpn configuration + include: config.yml + +- name: Ensure OpenVPN service is enabled + service: name="{{openvpn_service}}" enabled=yes + +- name: Check if we already reconfigured SystemD Unit + stat: path={{ item }} + register: result + vars: + item: "/etc/systemd/system/{{openvpn_service}}" + +- name: Copy SystemD Unit + copy: src="/usr/lib/systemd/system/openvpn@.service" dest="{{ item }}" remote_src=true + vars: + item: "/etc/systemd/system/{{openvpn_service}}" + when: result.stat.exists == False + +- name: Re-configure systemd to start OpenVPN after origin-node + lineinfile: dest="/etc/systemd/system/{{openvpn_service}}" regexp="^After=" line="After=network.target origin-node.service" state=present + notify: daemon-reload + +- name: Ensure OpenVPN service is running + service: name="{{openvpn_service}}" state=started + +- name: Ensure firewalld is running + service: name=firewalld state=started enabled=yes + when: openvpn_servers in group_names + +- name: Configure firewalld + firewalld: port="{{openvpn_port}}/tcp" state="enabled" permanent="true" immediate="true" + notify: + - firewalld + when: openvpn_servers in group_names + |