From 2a96f1c0e7ca420af09c7c9028fff935caf2384f Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Wed, 6 May 2020 17:43:48 +0200
Subject: [PATCH] Try and fix the handling of the dh and ta.key files.

---
 tasks/openvpn.yml | 41 +++++++++++++----------------------------
 1 file changed, 13 insertions(+), 28 deletions(-)

diff --git a/tasks/openvpn.yml b/tasks/openvpn.yml
index 9b81760..eda7aa9 100644
--- a/tasks/openvpn.yml
+++ b/tasks/openvpn.yml
@@ -101,38 +101,23 @@
     - name: Fix the ta.key file permissions
       file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0400 
 
+    - name: Fetch both the ta and the dh files from the master node
+      fetch:
+        src: "{{ item }}"
+        dest: .tmp/openvpn_secrets
+      with_items:
+        - '{{ openvpn_conf_dir }}/ta.key'
+        - '{{ openvpn_conf_dir }}/dh2048.pem'
+
   when: openvpn_is_master_host | bool or not openvpn_ha | bool
   tags: [ 'openvpn', 'openvpn_conf' ]
 
 - block:
-    - name: Get the dh file from the master host
-      synchronize:
-        src: '{{ openvpn_conf_dir }}/dh2048.pem'
-        #dest: 'rsync://root@{{ ansible_fqdn }}/{{ openvpn_conf_dir }}/dh2048.pem'
-        dest: '/{{ openvpn_conf_dir }}/dh2048.pem'
-      delegate_to: '{{ openvpn_master_host }}'
-      ignore_errors: True
-      
-    - name: Relax the ta.key file permissions so that it can be copied around
-      file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0444
-      delegate_to: '{{ openvpn_master_host }}'
-      ignore_errors: True
-
-    - name: Get the ta key from the master host
-      synchronize:
-        src: '{{ openvpn_conf_dir }}/ta.key'
-        #dest: 'rsync://root@{{ ansible_fqdn }}/{{ openvpn_conf_dir }}/ta.key'
-        dest: '/{{ openvpn_conf_dir }}/ta.key'
-      delegate_to: '{{ openvpn_master_host }}'
-      ignore_errors: True
-
-    - name: Fix the ta.key file permissions
-      file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0400 
-
-    - name: Fix the ta.key file permissions on the master host
-      file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0400 
-      delegate_to: '{{ openvpn_master_host }}'
-      ignore_errors: True
+    - name: Install the dh and ta.key files
+      copy: src=.tmp/openvpn_secrets/{{ openvpn_conf_dir }}/{{ item }} dest={{ openvpn_conf_dir }}/{{ item }} owner=root group=root mode=0400 force=yes
+      with_items:
+        - 'ta.key'
+        - 'dh2048.pem'
 
   when:
     - openvpn_ha | bool